Isle of Man
Financial Sector Assessment Program Update: Detailed Assessment of Observance of AML/CFT

The Isle of Man (IOM) is recognized for the expertise developed in a range of international financial products. The paper also presents a Detailed Assessment of Observance of Antimoney laundering/Combating Financing of Terrorism (AML/CFT) report on the IOM. The IOM authorities are placing increasing emphasis on international cooperation, including working closely with the relevant Organization for Economic Co-operation and Development initiative and entering into tax information exchange agreements.

Abstract

The Isle of Man (IOM) is recognized for the expertise developed in a range of international financial products. The paper also presents a Detailed Assessment of Observance of Antimoney laundering/Combating Financing of Terrorism (AML/CFT) report on the IOM. The IOM authorities are placing increasing emphasis on international cooperation, including working closely with the relevant Organization for Economic Co-operation and Development initiative and entering into tax information exchange agreements.

1. General

1.1. General Information on the Isle of Man

58. Located in the middle of the Irish Sea, the Isle of Man (IOM) is 33 miles long and 13 miles wide at its broadest point and has a total land area of 227 square miles. The resident population is just over 80,000 (2006 interim census). There are no immigration barriers between the IOM and the United Kingdom (UK) or Ireland, but there is a work permit system that controls the right to take up employment. The local currency is the Manx pound, which is on a par with the British pound (GBP). There are no exchange controls.

59. The IOM’s ancient parliament, Tynwald, is the oldest legislature in the world in continuous existence. Tynwald has two branches: the House of Keys and the Legislative Council. Constitutionally, the IOM is a self-governing British Crown Dependency and, as is the case in the UK, does not have a codified constitution. The UK Government, on behalf of the British Crown, is ultimately responsible for the IOM’s international relations. As the Head of State, the Queen is represented in the IOM by the Lieutenant-Governor. The IOM has never been part of the UK nor the European Union (EU) and receives no funding from either. It is not represented in the British parliament nor in Brussels. However, The IOM has a limited relationship with the EU as set out in Protocol 3 to the UK’s Act of Accession annexed to the Treaty of Accession by which the UK acceded to the Treaty of Rome in 1972, allowing for free trade in agricultural and manufactured products between the IOM and EU members. Apart from matters relating to this special relationship, which includes customs, the IOM is not bound by EU legislation. The IOM chose to become part of the EU’s VAT regime.

60. The IOM has no party political system and the leader of its government, the Chief Minister, is chosen by Tynwald after each general election. The Chief Minister selects nine Ministers to head the major government departments and together they make up the Council of Ministers, the central executive body or IOM “cabinet”, which is accountable to Tynwald.

61. In 2005/6, the IOM’s Gross Domestic Product (GDP) was GBP1.6 billion. Over the past ten years, the IOM’s average real annual rate of economic growth has been 7.8 percent, continuing some quarter of a century of unbroken growth. Financial services is the single largest component of GDP, accounting for 36 percent. The IOM has a working population of around 43,000 and a current unemployment rate of 1.3 percent.

62. The IOM has its own legal system and jurisprudence. English law is not directly of application in general, but the IOM legal system is based on the principles of English common law which are shared by many Commonwealth countries. IOM law is accordingly very similar to English law in areas such as crime, contract, tort, and family law. However, in certain areas, although modeled on English law, IOM law has adapted to meet the IOM’s own special circumstances, particularly with regard to direct taxation, company law, and financial supervision. The IOM’s High Court judges hold the ancient office of Deemster and have jurisdiction over all criminal and civil matters. Advocates at the IOM Bar have the fused rights of solicitors and barristers. The rarely-exercised final right of appeal to the Judicial Committee of the Privy Council remains. The IOM has fully incorporated into its law the basic rights set out in the European Convention on Human Rights through its Human Rights Act 2001.

63. No particular structural issues were identified in the course of the assessment that could give rise to an increase vulnerability to abuse of the system for ML or FT purposes. Standards of governance and transparency appear to be high. In the area of anti-corruption, the IOM has enacted a revised Corruption Act in July 2008 to bring IOM legislation largely into compliance with the UN Convention against Corruption, but a number of ancillary legislative provisions need to be adopted and were being progressed at the time of the assessment so that the UK’s ratification of the convention can be extended to the IOM. The court system appears to be efficient and all indications point to high ethical and professional standards across the public sector. The assessors can confirm that they found a significant improvement in the overall culture of compliance across the financial sector by comparison with the more accommodating pre-2003 approach, as acknowledged by some of the financial sector participants. Most legal and accounting professionals are members of professional bodies which carry out monitoring procedures for quality control and legal compliance and, as detailed in this report, progress is currently being made regarding the implementation of AML/CFT measures by lawyers and accountants.

1.2. General Situation of Money Laundering and Financing of Terrorism

64. The IOM is, in general, a low-crime environment, though the authorities have a continuing concern regarding the increasing incidence of drug-related crimes. As discussed in detail in this assessment, the nature of the financial sector business conducted in or from the IOM creates a material vulnerability to being used in the layering and integration stages of money laundering schemes. As acknowledged by the IOM authorities, some characteristics of the IOM financial system point to an increased risk of abuse for ML or FT purposes. While in reality not all of this business is high-risk, much of it would fall within the range of categories suggested by the FATF Methodology as examples of higher-risk business, including as follows:

  • The authorities indicated that more than 90 percent of the customer relationships and of financial service business conducted are on a non face-to-face basis for nonresidents of the IOM6;

  • In many cases the business relationship is established through introducers (IOM or foreign) that are subject to varying levels of regulation, depending on their origin. Subject to certain controls, IOM financial institutions are permitted to rely on the introducers to conduct CDD on their behalf;

  • Financial services provided include private banking facilities for non-residents; and

  • The use of legal persons and arrangements such as trusts is prevalent, both as asset-holding vehicles and as part of more complex structures that have the potential to create an additional challenge for IOM financial institutions in meeting their requirement to identify accurately the customer and the ultimate beneficial owner or controller.

65. This environment, designed by the authorities to attract financial services business and employment to the IOM, brings with it a material risk of financial crime, typically emanating from other jurisdictions and seeking to avail of the financial services available in the IOM. This assessment will consider carefully whether and to what extent the preventive measures put in place in the IOM are adequate to measure, manage, and mitigate the resulting risk. Emphasis will also be placed on assessing the willingness of the IOM authorities to cooperate with their international counterparts in addressing cross-border financial crime, and in assessing the effectiveness of the measures in place.

66. There have been no convictions or prosecutions for terrorist financing in the IOM; neither have there been any terrorist incidents.

1.3. Overview of the Financial Sector

67. Banking and insurance services represent the most significant financial service businesses in the IOM. The authorities provided the following analysis of the financial sector as at end-March 2008. At that date, there were 43 deposit takers7, together with a range of other financial institutions, as follows:

  • 40 licensed banks (as at 31 March 2008) of which only two are locally-based. The remainder are either branches or locally incorporated subsidiaries of banking groups headquartered elsewhere, predominantly in the UK or Ireland. Three banks are part of South African groups (two groups) and another is Swiss-owned. Most banks rely on their group for treasury functions and mainly provide client services to corporate and personal clients. As well as taking deposits, banks are also permitted to undertake a normal range of banking services such as lending, money transfers and currency exchange. The deposit base (net of local inter-bank placings) totaled GBP52.36 billion as at March 31, 2008; and

  • Three branches of UK building societies.

  • There were, in practice, three licensed stockbrokers. Two were locally incorporated and the other is a branch of a Guernsey firm (which also has a branch in Jersey) which is ultimately UK-owned.

  • 23 firms provided asset management services to collective investment schemes and portfolio management for other customers.

  • 26 firms provided management and administration services to collective investment schemes.

  • There were 38 financial advisers. These were mainly small businesses, which provided a limited range of services, predominantly for private clients.

  • As shown in the table below, there were 30 life insurers, 157 nonlife insurers, 23 insurance managers, 33 general insurance intermediaries, and 86 administrators of retirement benefits schemes-an expanding business line for the IOM.

Statistical Table 1.

Structure of Financial Sector

article image

68. The following table sets out the types of financial institutions that can engage in the financial activities that are within the definition of “financial institutions” in the FATF 40+9.

Statistical Table 2.

Financial Activity by Type of Financial Institution

article image
article image
article image
article image

1.4. Overview of the DNFBP Sector

Table of information regarding Designated Non-Financial Businesses and Professions

article image

69. The Gambling Supervision Commission (GSC) licenses one terrestrial casino which operates within premises in the IOM. Under the Online Gambling Regulation Act 2001 (OGRA), the GSC also licenses other gambling websites, although none of these are strictly online casinos; instead offering a variety of gambling types, including sports book betting, peer-to-peer betting, poker and other card games. As at June 30, 2008, the GSC licensed ten such companies, with a further three companies awaiting licenses.

70. Dealers in precious metals and precious stones are covered as relevant businesses at Paragraph 24 of Schedule 1 of the Criminal Justice (Money Laundering) Code 2008. This refers to “the business of dealing in goods of any description (including dealing as an auctioneer) whenever a transaction involves accepting a total cash payment of EUR15,000 or more”. Responsibility for their oversight rests with the Department of Home Affairs (DHA).

71. The FSC has authorized and supervised Corporate Service Providers (CSPs) since 2001 and Trust Service Providers (TSPs) since 2005. As at 31 March 31, 2008 there were 185 licensed CSPs and 120 licensed TSPs. Almost all of the TSP licenseholders are either CSP licenseholders in their own right or are part of a group which also contains a CSP licenseholder.

1.5. Overview of commercial laws and mechanisms governing legal persons and arrangements

72. The IOM has three sets of laws governing legal persons, namely the Companies Act 1931-2004, the Companies Act 2006, and the Limited Liabilities Companies Act 1996. While the first two Acts allow for the incorporation of a wide range of corporate entities, including Companies Limited by Shares, Companies Limited by Guarantee, Companies Limited by Guarantee and having a Share Capital, Unlimited Companies, and Protected Cell Companies, the latter provides for and regulates the incorporation of Limited Liability Companies.

73. Both the Companies Act 1931-2004 and the Companies Act 2006 provide for exactly the same types of corporate forms. However, the registration and management requirements for the two acts differ considerably. In particular, all legal persons incorporated pursuant to the Companies Act 2006 (2006 Companies) have to have a registered agent licensed pursuant to the FSA 2008. While no such registered agent requirement exists for legal persons incorporated pursuant to the Companies Act 1931–2004 (1931 Companies), the amount of information to be filed with the Companies Registry upon incorporation is much more comprehensive than for 2006 Companies. It is at the discretion of the company founder to choose under which act any company form is to be incorporated.

74. The Companies Act 2006 was introduced to respond to the desire of the private sector (in particular the corporate service providers) to have available a more flexible and modern company structure with less stringent registration requirements. The Companies Act 1931–2004 structure remains available not least so that local businesses and sole traders can incorporate without having to incur the costs of a professional corporate service provider.

75. Overall, the IOM relies on its licensed corporate service providers to obtain, verify, and retain beneficial ownership information on legal entities. The FSC is granted a wide range of powers to access any information and documentation held by licenseholders, including corporate service providers. Although the Companies Registry maintains a certain amount of information regarding the management and administration of companies, it does not collect and maintain information on the beneficial owners of registered companies. However, the Companies Registry can still serve a useful role in that respect by making it possible to link many of the registered legal entities with a specific IOM corporate service provider and thus allow the competent authorities to locate beneficial ownership information.

76. All company forms obtain full legal capacity upon registration with the Companies Registry, which is maintained and administered by the FSC. All information and documentation contained in the Companies Registry is accessible by the public. Since 2004 all information and documentation held at the registry is also available in electronic form, including online.

Companies Act 1931-2004

77. For 1931 Companies, registration typically requires the filing of information on the registered office, the company directors, secretaries and shareholders, and of a copy of the memorandum and articles of association. The memorandum of association must state the name of the company, whether the company is a public or private company and that, in respect of a company limited by shares or by guarantee, the members have limited liability and in the case of a company limited by guarantee, each member undertakes to contribute a prescribed sum to the company in the event of its being insolvent upon liquidation. In the case of a company having a share capital, the amount and division of such share capital.

78. In addition, the Companies Registry has to be provided with a statement containing the address of the registered office of the company, which must be in the IOM, the names, address, nationality, and business occupation of the company’s directors and secretary. It is expressly required that the person delivering the information to the FSC has to be an IOM resident. In the absence of such a statement the Registrar will not incorporate the company.

79. 1931 Companies require at least one shareholder and two directors. Section 9 Companies Act 1974 expressly prohibits the use of legal persons as company directors. All companies have to file an annual return with the Companies Registry containing, at a minimum, the address of the registered office, the names and addresses of all shareholders, directors and the secretary, as well as the number of shares held by each shareholder.

Companies Act 2006

80. In comparison, registration of 2006 Companies merely requires that the Companies Registry is provided with the memorandum of association which has to contain, amongst other things, the name of the company, the type of company founded, the name of the first registered agent as well as the address of the first registered office, and the full name and address of each first subscriber. Pursuant to Section 73 of the Companies Act 2006 the registered office has to be a physical address in the IOM and Section 74 requires that the registered agent is licensed by the FSC.

81. 2006 Companies require at least one shareholder and one director. Section 91 (4) Companies Act 2006 allows for the use of legal persons as company directors provided that the corporate director holds a license issued by the FSC. While 2006 Companies are required to maintain shareholder and director registers at the office of the registered agent in the IOM, the filing of those registers in the Companies Registry is optional.

82. All 2006 Companies have to file an annual return with the Companies Registry containing, at a minimum, the updated name and address of the licensed registered agent.

83. Both Companies Acts allow for the issuance of nominal shares by companies limited by shares, companies limited by shares and a guarantee, or unlimited companies with shares. However, the issuance of new bearer shares is not allowed and rights and obligations attached to existing ones issued under the 1931 Companies Act may only be exercised after registration with the shareholder register maintained at the registered office.

Limited Liability Companies Act

84. To incorporate a Limited Liability Company (“LLC”), it is necessary to file with the Companies Registry the articles of organization, a consent form signed by the registered agent named in the articles of organization, as well as a statement of the registered office in the IOM. Section 7 of the Limited Liabilities Companies Act requires that the articles of organization contain the company name, the names and addresses of all company members, and the name and address of the registered agent in the IOM. LLCs are required to file annual returns with the Companies Registry, containing the updated address of the registered office, and the name and address of the registered agent and of the managers and members of the companies.

Trusts

85. Trusts have been recognized under IOM law for many years and the trust concept is well established in the island. The Trustee Act 1961 and its subsequent amendments are the main pieces of legislation governing such legal arrangements. In addition, the common law principles of trust law and equity are applied and recognized by the courts in the IOM insofar as they are not contrary to statutory law or local precedent. Express trusts, implied trusts, resulting trusts as well as constructive trusts are all recognized and utilized in the IOM. Since 1996 IOM law also allows for the enforcement of purpose trusts provided that the trust purpose is certain, reasonably enforceable, and not contrary to the law. IOM also allows for the setting up of private trust companies (PTC), which typically act as trustee for one or more family trusts only and are exempted from the licensing requirements under the FSA. Trusts with a PTC as trustee have to be administered by a natural or legal person holding a Trust Service Provider (TSP) license issued by the FSC.

86. IOM trusts are generally set up by way of deed, declaration, or will. It is allowed under IOM law for the settlor to be the beneficiary, including the sole beneficiary, of a trust and “trustee” is defined by the Trustee Act 1961 to include trustees with a beneficial interest in the trust property. In some cases, however, IOM courts have decided to strike down so-called “sham trusts”, where the settler controlled the trustee to the extent that the trustee could no longer be considered to be acting independently of the settlor. Protectors and enforcers are allowed under IOM law and are used by some trust service providers. IOM law permits the redomiciliation of trusts to the law of other jurisdictions but any attempt to delay or frustrate a criminal investigation would represent an offense under the CJA 1990 and the DTA 1996, respectively, on the part of the trustee. It does not appear that forced redomiciliations or ‘flee’ clauses are in general use in the IOM. The Convention on the Law Applicable to Trusts and on their Recognition has been extended to the IOM and IOM law recognizes foreign trusts through the Recognition of Trusts Act 1988.

87. Other than for charitable trusts, IOM law does not impose a registration requirement for trusts and there is no general filing requirement for trust accounts or other trust information.

88. As of end-June 2008, 31,711 companies were incorporated under IOM law, of which 28,323 were 1931 Companies, 2,850 were 2006 Companies and 538 were LLCs. While the number of incorporations of 1931 Companies seems to be declining, the growth in the number of 2006 Companies has leveled off. Of the 31,711 companies incorporated under IOM law, 23,259 are under administration by corporate service providers licensed by the FSC.

89. As of December 2007, 22,785 trusts, including private trusts, were administered by trust service providers licensed by the FSC. The statistics are based on the information filed by licensed trust service providers through the annual return. As the licensing requirement was only implemented in 2005, there are no statistics for the previous years that would show whether or not the number of administered IOM trusts is increasing.

Companies and Trust Registered in the IOM

article image

1.6. Overview of strategy to prevent money laundering and terrorist financing

AML/CFT Strategies and Priorities

90. While the IOM government has not published an AML/CFT strategy, as such, a political commitment has been given by the IOM authorities, in correspondence with the FATF and in public statements, to adhere to the principles of the FATF Recommendations. The authorities informed the assessors that the IOM attaches the highest importance to having a robust and enforceable regime for the prevention of money laundering and for countering the financing of terrorism. It is significant that, in addition to the stated objectives of the Financial Crime Unit (FCU) — the IOM financial intelligence unit (FIU)—both of the main supervisory authorities have been assigned legislative objectives related to the reduction in financial crime.

91. The commitment is evidenced also by the level of resources committed by the authorities to updating the AML/CFT legislative framework and providing detailed guidance to support implementation by the financial sector and DNFBPs, particularly in the 18–24 months prior to this assessment.

92. The financial sector has been an active participant in the development of the IOM’s AML/CFT strategy. Through their active participation with the authorities in the Joint Anti-Money Laundering Advisory Group, they have ensured that AML/CFT measures introduced reflect commercial reality and, where relevant, are largely consistent with those already required of their financial sector parent companies, particularly in the UK.

93. The IOM authorities participate in Crown Dependency meetings with their counterparts from Jersey and Guernsey in respect of AML/CFT issues. These occasions greatly assist in being able to mount a coordinated fight against any economic crime which may affect the Crown Dependencies.

The Institutional Framework for Combating Money Laundering and Terrorist Financing

Department of Home Affairs

94. The core function of the Department of Home Affairs is to ensure community safety. The Department’s overall responsibilities include, inter alia, the police service (within which is located the FIU) and the prison service. The DHA has a statutory role in issuing AML Codes under the Criminal Justice Act 1990 (CJA 1990). It is also the default authority developing appropriate AML/CFT measures for those DNFBPs and other nonfinancial businesses that do not come under the supervision of one of the other authorities described below.

95. The Department has set up a regulatory mechanism for dealing with other relevant businesses and is in an advanced stage of putting in place the necessary codes and rules to specifically regulate accountants, estate agents, lawyers, motor dealers, auctioneers, jewelers and dealers in other high value goods.

The Treasury

96. Among the range of functions carried out by the Treasury, a number impact on AML/CFT. For example, Customs and Excise is a division of the Treasury. Also, it is the Treasury Minister who introduces to the IOM parliament, Tynwald, secondary legislation on AML/CFT being proposed by the regulatory authorities. The Treasury is represented on the Joint Anti-Money Laundering Advisory Group (JAMLAG) by officials from both the Customs and Excise Division and from the Corporate Strategy Division. The Treasury and the FSC have a Memorandum of Understanding (MOU) in place governing the respective responsibilities of the two bodies. MOUs are being progressed with the IPA and the GSC.

Customs and Excise

97. The Customs and Excise Division of Treasury has an important role to play in AML/CFT, including by way of border controls and, in particular, implementing measures for cross-border movement of cash or negotiable instruments. The Criminal Justice Act 1990 and Drug Trafficking Act 1996 (and their replacement in the Proceeds of Crime Act 2008) provide powers for customs officers in combating money laundering. Customs officers form part of the staffing of the Financial Crime Unit. A relevant provision of POCA 2008 was brought into force from October 22, 2008 thereby inserting a new Section 77A into the PPPA 1998 that provides that customs officers at the FCU, when authorized in writing by the AG, shall have the powers of a constable in relation to their work at the FCU. The AG signed the necessary authority on November 11, 2008 for officers working at, or available to work at, the FCU to have the powers of a police constable.

Chief Secretary’s Office

98. The Chief Secretary’s Office has various functions including providing leadership of the Civil Service and to facilitate greater cross Departmental working. It also leads the public service’s response to the Council of Ministers’ initiative on delivering Corporate Governance and Business Planning across Government. It provides impartial advice to the Chief Minister and to the Council of Ministers, particularly as regards the implications of proposed changes in policy or legislation, or in external developments. It promotes and continues the evolution of the constitutional relationship between the Isle of Man and the United Kingdom and ensures recognition of the Island’s interests internationally whilst honoring its international obligations.

99. The Chief Secretary’s Office also has functions with regard to the Lieutenant Governor that include providing advice and assistance in the exercise of his Crown responsibilities. Important among these responsibilities is the process of obtaining Royal Assent for all new legislation to be adopted in the IOM. The Chief Secretary’s Office also liaises directly with the UK administration regarding international matters, including the extension to the IOM of international conventions.

Attorney General’s Chambers

100. The Attorney General for the Isle of Man is appointed by Her Majesty the Queen and holds office during Her Majesty’s pleasure. He is ex officio a member of the Legislative Council and attends meetings of the Council of Ministers. HM Attorney General is the legal adviser to the Crown in the Isle of Man and the Government of the Isle of Man. He is also responsible for the prosecution of offenses in the Court of General Gaol Delivery and for the drafting of Government legislation. The Attorney General’s Chambers also acts as the competent authority for the receipt of requests for mutual legal assistance in criminal matters from other jurisdictions (including requests from other jurisdictions for the restraint, confiscation, and forfeiture of property in the IOM). The Attorney General’s Chambers deal with civil and criminal matters for the Government of the Isle of Man. It also provides legal advice to Government Departments and Statutory Boards. The AG’s Chambers is represented at JAMLAG and the Attorney General “chairs” on a rotation basis with the other respective AGs, the inter-Islands’ Crown Dependency Meetings which considers AML/CFT issues.

Joint Anti-Money Laundering Advisory Group (“JAMLAG”)

101. JAMLAG is the principal forum for discussing AML/CFT issues in the IOM. This is an advisory rather than a policy making group which meets regularly. It comprises regulators, law enforcement authorities and industry and professional representatives. Treasury and the Attorney General’s Chambers are also invited to attend. Chairmanship of JAMLAG rotates by meeting between the Chief Executives of the Department of Home Affairs, the Financial Supervision Commission and the Insurance and Pensions Authority. Industry’s views on proposed changes to AML/CFT legislation and Regulatory Codes are also sought through the JAMLAG forum.

Criminal justice and operational agencies

Financial Crime Unit (FCU) incorporates the Financial Intelligence Unit (FIU)

102. The FCU is a specialized department within the Constabulary and is headed by a Detective Chief Inspector who is part of the Constabulary’s Senior Command Team. The major investigative ability lies within the FCU with specialist investigators, accountants and analysts, and also houses the Islands Financial Intelligence Unit. The FCU work closely with the Constabulary especially the Drug Trafficking Unit (DTU) in pro-active money laundering investigations involving drugs. It also has access to and liaises closely with other units within the Constabulary such as the Force Intelligence Bureau, Covert Operations and the Constabulary’s other investigative wings such as the Criminal Investigation Department. The AG’s Chambers provide legal advice and expert assistance in all financial investigations including money laundering and terrorism financing. There are currently two full time dedicated legal officers.

103. The FCU has a Strategic Board consisting of the Chief Constable, The Collector of Customs and Excise and the AG to whom the Head of the FCU reports.

Police

104. The Constabulary has operational independence and is free from undue political influence or interference. The Isle of Man Constabulary is committed to ensuring that the Isle of Man is not seen as a safe haven for the laundering of money or the financing of terrorism. This is reflected in its Strategic Plan with a key project being ‘Strengthening the Financial Crime Unit’ and within its Command Teams priorities is the development of a Joint Intelligence Unit.

Financial sector bodies

Financial Supervision Commission (FSC)

105. The FSC is the regulatory authority for all financial institutions other than insurance and pensions businesses. It also authorizes and supervises TSPs and CSPs. The FSC’s regulatory objectives are —

  • (a) securing an appropriate degree of protection for the customers of persons carrying on a regulated activity;

  • (b) the reduction of financial crime; and

  • (c) supporting the Island’s economy and its development as an international financial center.

106. The FSC is required by law to maintain arrangements to determine whether persons on whom requirements are imposed under the Financial Services Act are complying with them. The FSC is also required to maintain arrangements for enforcing provisions of or under the Financial Services Act or other legislation specified in that Act (Schedule 1 paragraph. 5 of the Financial Services Act 2008). This statutory requirement extends to the Rule Book including the AML/CFT requirements in Part 9 of the Rule Book. The supervision of entities regulated by the FSC is undertaken through a combination of off-site reviews and analysis and on-site inspection visits.

Insurance and Pensions Authority (IPA)

107. The IPA is a statutory board established under the Insurance Act 20089 and has responsibility for the regulation of the insurance and pensions sector in the Isle of Man. In carrying out his duties the Supervisor is required to exercise his powers in a way that meets the regulatory objectives set out in the Insurance Act, which are as follows:-

  • (a) The securing of an appropriate degree of protection for policyholders;

  • (b) The maintenance of confidence in the Island’s insurance industry in the Island and elsewhere; and

  • (c) The reduction in the extent to which it is possible for any insurance business to be used for a purpose connected with financial crime.

108. The supervision of entities regulated by the IPA is undertaken through a combination of both off-site reviews and analysis and on-site inspection visits. As can be seen from the regulatory objectives set out above, the supervisory framework includes responsibility for the matters in relation to AML and CFT.

DNFBP and other matters

Gambling Supervision Commission

109. The Gambling Supervision Commission (GSC) is a body corporate initially established in 1962 and which consists of a Chairman and four members, appointed by the Council of Ministers of the Isle of Man Government. The GSC undertakes the offsite and onsite supervision of the terrestrial casino and on-line casinos.

Financial Supervision Commission – Companies Registry

110. The FSC is responsible for the Isle of Man Companies Registry. This is where Isle of Man incorporated companies are registered and where statutory company documents are filed for public viewing. Companies Registry is also responsible for the administration of legislation relating to foreign companies, limited liability companies, business names, limited partnerships and societies incorporated under the Industrial and Building Societies Acts. In addition to facilitating physical access by the public to the Registry, the authorities have also provided for online access to the records through the internet.

Approach Concerning Risk

111. The IOM has recently adopted a risk-based approach to the application of AML/CFT measures, following the enactment of the FSA, 2008 with effect from August 1, 2008. In order to fulfill the objective of the reduction of financial crime, the FSC has supplemented the AML Code 2008 with Part 9 of the Financial Services Rule Book 2008 (“Rule Book”) which concerns money laundering and the financing of terrorism. Part 9 of the Rule Book came into effect on August 1, 2008 for all licenseholders. Part 9 of the Rule Book requires licenseholders to adopt a risk based approach to AML/CFT measures. In particular, it requires licenseholders to conduct a risk assessment of their businesses, including on their customers. It requires licenseholders to conduct customer due diligence (CDD) procedures in accordance with the risk assessment. Requirements to conduct enhanced CDD are also covered where there are higher risks identified by the risk assessment. The FSC has also produced a Handbook of guidance in complying with the Rule Book and the AML Code 2008. This Handbook provides guidance on adopting a risk based approach to AML/CFT measures and the factors that licenseholders should consider. All risk assessments conducted by FSC licenseholders should be recorded and documented and fed into the licenseholders’ policies, procedures and controls in respect of AML/CFT.

112. In so far as the insurance industry is concerned, the IPA’s statutory remit includes the supervision of insurers in respect of AML/CFT compliance. Until 2008 the sector-specific requirements (in addition to the Code) were contained in the Anti-Money Laundering Standards for Insurance Businesses (the “Standards”). With effect from September 1, 2008 the requirements of the Standards have been replaced by AML/CFT regulations and binding guidance under the provisions of Sections 50 and 51 of the Insurance Act 200810, namely:

  • Insurance (Anti-Money Laundering) Regulations 2008 (IAMLR 2008)

  • Guidance Notes on Anti-Money Laundering and Preventing the Financing of Terrorism - for Insurers (long term business) (IGN 2008)

113. These regulations (applicable to all insurers) and binding guidance notes (applicable to insurers writing long term business) introduce a limited degree of flexibility in so far as risk-based assessment is concerned. Common standards and requirements are set out and these measures are required to be applied as standard. An insurance business is permitted to deviate, in limited circumstances and subject to defined criteria, from these standard requirements where the business’ risk assessment identifies the circumstances as lower risk. All risk assessments must be fully documented and recorded and the decision to apply reduced customer due diligence must be approved by a senior member of the business’ staff. This will allow the IPA to review such records when conducting its on-site visits. Any decision to apply a deviation against a group of policies must be formally approved, and minuted, at a board meeting of the directors. All business is subject to ongoing due diligence and a customer’s risk profile may change in which case due attention must be given to current circumstances and appropriate action taken.

Progress Since the Last IMF Assessment

114. The IOM authorities have addressed most of the recommendations of the last AML/CFT assessment. The previous IMF assessment was conducted against the pre-2003 FATF Recommendations. Following the IMF’s assessment in 2002 the FSC produced an action plan which is entitled ‘FSC Plan in relation to recommendations made by the IMF in Volume II of the IMF Report on the Isle of Man October 2003–progress update July 04’. The FSC has regularly updated this action plan during the period and a copy of the last update document from January 2008 is entitled ‘Anti Money Laundering and Criminal Justice Matters Relevant to FSC. Because the international standards were revised following the IMF’s last inspection, the authorities in the IOM have focused on the revised international standards.

115. The following update was provided to the assessors by the IPA in respect of insurance business:

IMF ASSESSMENT 2002: FATF/Anti-Money Laundering

(IPA MATTERS)

article image
article image

2. Legal System and Related Institutional Measures

Laws and Regulations

2.1. Criminalization of Money Laundering (R.1 & 2)

2.1.1. Description and Analysis

Legal Framework:

116. The Isle of Man (IOM) has criminalized money laundering through the Criminal Justice Act 1990 (CJA 1990), the Drug Trafficking Act 1996 (DTA 1996) and the Anti-Terrorism and Crime Act 2003 (ATCA 2003). Whereas the offense defined in the CJA 1990 covers money laundering related to all predicate offenses, the DTA 1996 and ATCA 2003 are limited in scope to predicate offenses involving drug trafficking and terrorism.

117. A legislative package of amendments and consolidation has been adopted by Tynwald in the form of the Proceeds of Crime Act 2008 (POCA 2008). Some provisions of the POCA 2008, as outlined in the relevant sections of this report, came into force on October 22, 2008. The remaining parts of the POCA 2008 are effective from August 1, 2009.11

Criminalization of Money Laundering (c. 1.1—Physical and Material Elements of the Offense):

118. As a Crown Dependency, the IOM is not a sovereign State and can therefore not sign or ratify international conventions in its own right. Rather, the United Kingdom (UK) is responsible for the IOM’s international affairs and, following consultation with and approval by the IOM Government, it may arrange for the ratification of any convention to be extended to the IOM.

119. Whereas the UK’s ratification of the Vienna Convention was extended to the IOM on December 2, 1993, the Palermo Convention has not yet been extended. The mission was informed that the UK would only agree to extend Conventions to the IOM once it was content that the necessary legislative changes to ensure full compliance with their provisions had been made. At the time of the onsite mission there was no concrete timeframe for a request for extension of the Palermo Convention. The IOM was, however, in the process of making the necessary legislative changes to ensure compliance with the provisions of the Palermo Convention and therefore allow for its extension at some point in the future.

120. As indicated above, the IOM’s money laundering offenses are defined through three different Acts: the CJA 1990, the DTA 1996, and the ATCA 2003. Whereas the offenses contained in the CJA 1990 and DTA 1996 vary only in terms of scope but not with respect to the material elements, the ATCA’s money laundering offense is different also in terms of language and will therefore be discussed separately.

121. The three strand approach to the IOM’s ML offenses remains effective until replaced on August 1, 2009 by Part 3 of POCA 2008. The provisions of the new Act will codify and update the law in relation to ML and no longer differentiate between the predicate offenses of drug trafficking, terrorism, and other crimes.

CJA 1990 and DTA 1996

122. The money laundering offenses of the CJA 1990 extend to all offenses triable on information other than drug trafficking offenses or offenses under the ATCA 2003 as well as to any offenses prescribed by law to be predicate offenses for money laundering. In comparison, the money laundering offenses of the DTA 1996 only relate to certain offenses defined in the Misuse of Drugs Act 1976 and the Customs and Excise Management Act 1986.

123. Sections 17C CJA 1990 and 45 DTA 1996 provide that a person is guilty of money laundering if he (1) conceals or disguises any property which is, or in whole or in part directly or indirectly represents, his proceeds of criminal conduct/drug trafficking or converts or transfers that property or removes it from the jurisdiction for the purpose of avoiding prosecution for an offense or if he (2) knows or has reasonable grounds to suspect that any property is, or in whole or in part directly or indirectly represents, another person’s proceeds from criminal conduct/drug trafficking and conceals or disguises that property or converts or transfers that property or removes it from the jurisdiction for the purpose of assisting any person to avoid prosecution for an offense/a drug trafficking offense. Sections 17C (3) and 45 (3), respectively, further state that the reference to concealing or disguising any property include references to concealing or disguising the nature, source, location, disposition, movement or ownership or any rights with respect to it.

124. Articles 17C CJA 1990 and 45 DTA 1996 provide criminal liability for the acts of “concealing or disguising” and the “converting or transferring” only if the prosecution can show that the purpose of the act is to avoid prosecution for a predicate offense. In comparison, the offenses of “conversion or transfer of criminal proceeds” as defined in the Palermo and Vienna Conventions are broader and require proof that the purpose of the act is either to conceal or disguise the illicit origin of the property or to help any person to evade criminal liability for the predicate offense. In addition, under the Vienna and Palermo Conventions, no specific purpose has to be proven for the “concealment or disguise” of the true nature, source, location, disposition, movement, or ownership of or rights with respect to criminal proceeds. Therefore, Articles 17C CJA 1999 and 45 DTA 1996 are not sufficiently wide to meet fully the international standard due to the requirement to prove the outlined purpose in all cases.

125. While certain situations in which a purpose cannot be proven by the IOM prosecutor could be covered by the offense of “assisting another to retain the benefit” of the commission of a predicate offense, the latter offense does not extend to self-laundering as outlined below and also requires proof of the existence of an “arrangement.”

126. Sections 17B CJA 1990 and 47 DTA 1996 provide that “a person is guilty of an offense if, knowing that any property is, or in whole or in part directly or indirectly represents another person’s proceeds of criminal conduct/drug trafficking, he acquires or uses that property or has possession of it”, whereby it is expressly stated that “having possession of any property shall be taken to be doing an act in relation to it.” Sections 17B (3) and 47(3), respectively, further provide that it is a defense to a charge if a person acquired or used the property or had possession of it for adequate consideration, whereby he/she “acquires property for inadequate consideration if the value of the consideration is significantly less than the value of the property” and “uses or has possession of property for inadequate consideration if the value of the property is significantly less than the value of his use or possession of the property.” The exception, although a defense for situations in which adequate consideration was provided, is beyond the standard as set forth in the Vienna and Palermo Conventions.

127. IOM law provides that a defendant is guilty of an offense only if the prosecution proves beyond reasonable doubt that each constituent part of the offense has been made out in relation to the defendant. Where the statute provides for a defense, the standard of proof imposed on the defendant is the lesser standard of a balance of probabilities. Thus, if a defendant raises a statutory defense, the prosecution must negate that defense beyond reasonable doubt, otherwise the defendant is entitled to be acquitted. This is a concern with respect to Sections 17B (3) CJA 1990 and 47(3) DTA 1996 as it is not required that the defendant establish that he was bona fide at the time of acquisition or use or having possession of criminal property. The defense of having given adequate consideration would therefore be available even in situations where the defendant knew that the property stems from the commission of a predicate offense.

128. In addition to the above discussed provisions, Sections 17A CJA 1990 and 46 DTA 1996 provide that a person is guilty of money laundering if he enters into or is otherwise concerned in an arrangement whereby the retention or control by or on behalf of another (A) of A’s proceeds of criminal conduct/of drug trafficking is facilitated or A’s proceeds of criminal conduct/drug trafficking are used to secure that funds are placed at A’s disposal or used for A’s benefit to acquire property by way of investment and if he knows or suspects that A is or has been engaged in criminal conduct/drug trafficking or has benefited from criminal conduct/drug trafficking. While the first part of the provision overlaps to a large extent with Section 17C CJA 1990 and 45 DTA 1996, the authorities stated that the second part of this provision was intended to be used in money laundering cases involving professionals, such as trustees or lawyers. In practice, the provision has never been tested before the courts.

129. Therefore, even though the outlined provisions cover all the material elements of the money laundering offenses as defined in the Palermo and Vienna Conventions, the assessors are concerned that the defense in Sections 17B (3) CJA 1990 and 47 (3) DTA 1996 may be open to abuse by money launderers to avoid criminal liability for the acquisition, possession, or use of criminal proceeds.

ATCA 2003

130. Terrorism financing offenses are explicitly excluded from the scope of the CJA 1990 and money laundering offenses based on terrorism financing may therefore not be prosecuted under the above-cited provisions. The ATCA 2003 itself, however, contains a money laundering provision applicable to terrorism related predicate offenses.

131. Pursuant to Section 10 ATCA 2003 it is an offense to enter into or become concerned in an arrangement which facilitates the retention or control by or on behalf of another person of terrorist property, including through concealment, removal from the jurisdiction, the transfer to nominees or through any other way. In discussions with the authorities it was clarified that the elements of the offense that have to be proven by the prosecution are (1) the existence of a written, oral, or implied arrangement (2) that the arrangement facilitates the retention or control of another’s terrorist property and (3) that the perpetrator knew or should have known at the time the arrangement was made that the property constituted terrorist property.

132. While Section 10 ATCA 2003 covers some of the material elements of the money laundering offenses as defined in the Vienna and Palermo Conventions, the requirement to prove all three elements as indicated above will prevent the application of the provision to all situations required by the Conventions. For example, the offense would not cover situations in which a person converts or transfers criminal proceeds for the purpose of disguising or concealing the illicit origin of the property unless the existence of an arrangement can established beyond a reasonable doubt. Equally, situations in which a person conceals or disguises the true nature, source, location, disposition of, or rights with respect to proceeds of crime would not be covered unless all three elements of the offense can be established.

The Laundered Property (c. 1.2):

133. Sections 17A CJA 1990 and 46(2) DTA 1996 define “proceeds” as “any property which in whole or in part, directly or indirectly, represent… proceeds of criminal conduct”. Sections 22 CJA 1990 and 57 DTA 1996 further specify that “property” includes money and all other property, real or personal, heritable or moveable, including things in action and other intangible or incorporeal property, whereby property is considered to be held by a person who has an interest in it, including rights. Sections 22 CJA 190 and 57 DTA 1996 further state that “property” includes all property, whether it is situated in the Island or elsewhere.

134. Equally, Section 6 ATCA 2003 defines “terrorist property” as any property, which wholly or partly, directly or indirectly represents the proceeds of acts of terrorism, including payments or other rewards in connection with its commission. Section 75 ATCA 2003 further stipulates that “property” includes property wherever situated and whether real or personal, heritable or moveable, and things in action and other intangible or incorporeal property.

135. Both the money laundering offenses of the CJA 1990/DTA 1996 and the ATCA 2003 therefore, extend to any type of property, regardless of its value, that are derived from or obtained, directly or indirectly, through the commission of a criminal offense, including assets of every kind, whether corporeal or incorporeal, moveable or immoveable, tangible or intangible, and legal documents or instruments evidencing title to, or interest in such assets.

Proving Property is the Proceeds of Crime (c. 1.2.1):

136. The language of the provisions in the CJA 1990, the DTA 1996 and the ATCA 2003 do not require a conviction for a predicate offense to prove that certain property constitutes proceeds of crime. While the law is silent on the standard of proof applicable to establish that property stems from an illegal source, the authorities stated that it would have to be established “beyond a reasonable doubt” that property stems from a specific predicate offense.

137. Theoretically, cases could arise in which evidence relating to the commission of a predicate offense may suffice to satisfy the required burden of proof even in the absence of a conviction for a predicate offense. In practice, however, it would appear very difficult to do so, in particular with respect to cases involving offenses committed extraterritorially where evidence gathering is conducted almost exclusively through international cooperation.

138. The authorities confirmed that the difficulties in obtaining sufficient evidence to meet the high standard of proof applicable to establish that the property in question is of criminal origin is one of the main challenges in obtaining convictions for the stand alone money laundering offense, particularly in cases where the predicate offense has been committed abroad.

The Scope of the Predicate Offenses (c. 1.3):

139. As indicated above, the money laundering offenses of the CJA 1990 extend to offenses prescribed to be predicate offenses for money laundering and all offenses triable on information other than a drug trafficking offense or an offense under the ATCA 2003. So far, no offenses have been prescribed to constitute predicate offenses for money laundering.

article image

140. There is no statutory offense of tax evasion in the IOM, although failure to submit a tax return or delivery of an untrue return is an offense under Section 108 of the Income Tax Act. While tax evasion could constitute the offence of “false accounting” pursuant to Article 19 Theft Act 1981 (which is a predicate offense for money laundering), no such prosecutions have been taken.

141. All FATF-designated categories of predicate offenses are covered, as outlined above, under IOM law.

Threshold Approach for Predicate Offenses (c. 1.4):

142. The IOM’s legal system differentiates between two categories of crimes: Offenses triable on information and offenses tried summarily. Unlike the UK, the IOM does not rely on common law offenses but defines all criminal offenses through statute.

143. There is no general provision in any Act that would categorize crimes into “offenses triable on information” and “summary offenses”. Rather, each statutory offense indicates whether or not it may be tried summarily or on information or both. Generally, offenses punishable with more than six months constitute “offenses triable on information” while all others are considered “summary offenses.” In very limited circumstances and only with respect to offenses listed in the Summary Jurisdiction Act 1989 (Schedule 2) may an offense triable on information be dealt with summarily.

144. The IOM has adopted a threshold approach for predicate offenses based on category. Section l(9)(c) CJA 1990 which provides that certain offenses designated by law (“prescribed offenses”) as well as all offenses triable on information other than drug trafficking and terrorism offenses, which are dealt with specifically in the DTA 1996 and the ATCA 2003, constitute predicate offenses for money laundering. The provision further clarifies that the reference to “all offenses triable on information” would extend to offenses that may be tried summarily pursuant to Schedule 2 Summary Jurisdiction Act 1989.

145. All money laundering offenses of the CJA 1990, the DTA 1996 and the ATCA 2003 provide for sanctions both for summary convictions and convictions on information. Their categorization therefore depends on the circumstances of each specific case. The authorities stated, however, that in practice all charges for money laundering would be brought before the High Court as the punishment applied for is generally too high for adjudication by the summary court.

Extraterritorially Committed Predicate Offenses (c. 1.5):

146. All three statutes defining money laundering offenses cover both conduct which constitutes a predicate offense on the IOM or any conduct committed abroad that would have constituted a predicate offense had it occurred in the IOM (Sections 17A (7) CJA 1990, l(l)(f) DTA 1996, l(4)(a) ATCA 2003). Dual criminality is not required. There are also no jurisdictional provisions that would require any other link between the IOM and the perpetrator, such as citizenship or residence as long as the laundering offense has been committed in the IOM.

Laundering One’s Own Illicit Funds (c. 1.6):

147. Sections 17C CJA 1990 and 45 DTA 1990 make it an offense for a person to conceal, disguise, transfer, or convert criminal proceeds both in cases where the property stems from the commission of a predicate offense by another or by the person himself.

148. The acquisition, possession or use of proceeds of criminal conduct, however, is only criminalized if the property involved stems from another person’s criminal behavior and does not extend to self laundering. While Section 2 Criminal Law Act 1981 provides for the principle of “ne bis in idem” it does not appear that the principle would prevent the criminalization of self-laundering involving the listed acts constituting money laundering. This view is also supported by the fact that Tynwald, in the course of the first reading of the draft, did not comment on or request a change of the provisions in the Proceeds of Crimes Bill 2008 providing for a self laundering offense relating to the acquisition, possession and use of criminal proceeds. The authorities stated that while the principle of double jeopardy would not per se prevent the criminalization of self laundering for “acquisition, possession and, use”, with the coming into force of the POCA 2008 from August 1, 2009 and to avoid a violation of Section 3 Criminal Law Act 1981 the prosecution will have to make a choice as to which provision will be used to bring charges: either the predicate offense or the self laundering offense.

149. The ATCA 2003 does not extend the money laundering offense to situations where the terrorist or terrorist financer himself conceals or transfers property to maintain control over it. Rather, the offense only covers persons who do so for or on behalf of somebody else.

Ancillary Offenses (c. 1.7):

150. Ancillary offenses are criminalized under the general provisions of the Criminal Code 1872.

151. Section 9 Criminal Law Act 1981 provides that unless otherwise stated, sanctions for commission of an offense shall not only be applied to completed but also to attempted crimes, whereby a crime is considered attempted if the perpetrator carries out an overt act that goes beyond mere preparation.

152. Conspiracy is covered through Section 330 Criminal Code 1872. Pursuant to the provision, if two or more persons conspire to commit any offense, such persons shall be held criminally liable and may be punished with imprisonment for a term not exceeding ten years.

153. Furthermore, Sections 350 and 351 Criminal Code 1872 provide for criminal liability of any person who is accessory before the fact to any felony or who counsels, procures, or commands another to commit any felony. Both sections provide that the accused may be punished as if he were the principal offender.

154. IOM law therefore allows for the prosecution of all parties that may be involved in the commission of the money laundering offense.

Additional Element—if an act overseas which do not constitute an offense overseas, but would be a predicate offense if occurred domestically, lead to an offense of ML (c. 1.8):

155. As indicated above, all three statutes define money laundering to cover both conduct which constitutes a predicate offense in IOM or would have constituted a predicate offense had it occurred in the IOM (Sections 17A(7) CJA 1990, l(l)(f) DTA 1996, l(4)(a) ATCA 2003). Dual criminality is not required.

Liability of Natural Persons (c. 2.1):

156. The three money laundering offenses as outlined above are offenses for which intent is required and therefore apply to persons who knowingly engage in the conduct in question. With respect to the property in question the required mental element varies depending on the actus reus.

157. With respect to the acts of concealing, disguising, converting or transferring of criminal proceeds, a person may be held criminally liable if the prosecution can establish beyond a reasonable doubt that the person knew or objectively should have known that the property in question stems from the commission of a crime.

158. For the offense relating to the acquisition, possession, or use of criminal proceeds, the required mens rea is actual knowledge that the property in questions constitutes criminal proceeds.

159. For the acts of assisting another person to retain the benefit of crime it suffices that the prosecution can establish beyond a reasonable doubt that the perpetrator knew or suspected that the person he/she entered into an agreement with is or has been engaged in criminal conduct. While it is not required that the prosecutor establishes the perpetrator’s actual knowledge about the criminal source of the property involved, the defendant has a defense and therefore a right to acquittal if he/she can establish by balance of probability that he did not actually have knowledge of the criminal nature of the property in question.

160. For money laundering based on the predicate offense of terrorism or terrorism financing, the ATCA 2003 does not expressly stipulate a mental element requirement with respect to the nature of the property but provides that the defendant has a defense if he/she can prove by a balance of probability that he did not know and objectively had no reasonable cause to suspect that the arrangement related to terrorist property.

161. At a minimum and with respect to all acts constituting money laundering a person may therefore be held criminally liable for money laundering if he acted intentionally and with the knowledge that the property involved stems from a criminal source. The Vienna and Palermo Conventions set forth a minimum standard that the perpetrator acts in the knowledge that the laundered property is the proceeds of crime. Intent as defined in IOM law therefore meets the international standard with respect to the mental element requirement.

The Mental Element of the ML Offense (c. 2.2):

162. None of the three Acts contain a provision clarifying whether or not the mental element may be inferred from objective factual circumstances and at the time of the onsite mission no case law existed in the IOM to clarify that point. However, with respect to all money laundering offenses as outlined above, the English common law principle regarding the ability to make reasonable inferences from objective factual circumstances applies.

163. Additionally, with respect to the acts of concealing, disguising, converting, or transferring of criminal proceeds, it is sufficient for the prosecution to show that the perpetrator objectively should have known that the property in question constitutes proceeds of crime. Therefore, the provision expressly allows for the intentional element of the offense to be inferred from objective factual circumstances.

Liability of Legal Persons (c. 2.3); Liability of Legal Persons should not preclude possible parallel criminal, civil or administrative proceedings & c. 2.4):

164. The money laundering provisions of the CJA 1990, the DTA 1996, and the ATCA 2003 apply to any “person” without differentiating between legal and natural persons. The Interpretation Act 1976, which applies to every provision of every Act passed after May 1949 defines “person” to cover any person, natural or legal.

165. The language of the money laundering offenses does not preclude the possibility of parallel criminal, civil, or administrative sanctions for perpetrators that are legal entities. The authorities confirmed that both criminal and civil/administrative proceedings could be instituted against legal persons at the same time, whereby it was pointed out that in practice it would be more likely that the authorities would institute civil proceedings against the legal person and criminal proceedings against directors or managers of the legal entity in question. At the time of the assessment no legal entity has been held criminally liable for money laundering in the IOM.

Sanctions for ML (c. 2.5):

166. Pursuant to Sections 17A (6), 17B (9), 17C (4) CJA 1990, Section 51(1) DTA 1996, and Section 10 ATCA 2003, the sanctions applicable to both natural and legal persons convicted for money laundering are imprisonment for a term not exceeding six months or a fine not exceeding GBP 5,000 (on summary conviction) or imprisonment for a term not exceeding 14 years or a fine or both (on conviction on information).

167. The sanction for money laundering seems to be in line with other serious crimes under IOM law. For example, fraud and theft may be sanctioned with imprisonment of up to ten years, forgery with imprisonment of up to 14 years and counterfeiting with imprisonment for life.

168. The IOM’s sanctions for money laundering are identical with those of the UK.

169. Overall, the statutory sanctions for the money laundering offenses seem to be effective, proportionate and dissuasive.

Analysis of Effectiveness:

170. While representatives of the AG’s office provided the assessors with information on the number and nature of money laundering prosecutions and trials, no complete and accurate official statistics on the overall number and nature of investigations and prosecutions, including cases that were subsequently dropped, are being maintained by the IOM authorities.

171. Representatives of the FCU estimated that since 2006 only about six STRs resulted in an investigation.

172. While the overall number of money laundering investigations could not be established, the authorities stated that, since 2003, four cases for general money laundering based on the CJA 1990 have been investigated, all of which related to predicate offenses committed abroad and were subsequently dropped due to the difficulties in obtaining the necessary evidence to show that the proceeds in question constituted criminal proceeds. Two of the investigations were discontinued in 2007 and two in 2008. Of the four investigations, two related to fraud, one to obtaining money by deception, and one to theft.

173. The authorities informed the assessors that at the time of the assessment, four prosecutions for money laundering based on the CJA 1990 were ongoing.

174. Representatives of the AG’s Office stated that at the time of the assessment, 16 charges for money laundering have been brought before IOM courts, all of which were filed based on the DTA 1996 and related to drug trafficking predicate offenses. Two cases were filed in 2005, six in 2006, six in 2007, and two in 2008. Of the 16 cases, six resulted in convictions and five are still pending. The remaining five cases resulted in acquittals. All of the convictions were additional to convictions for the predicate offense and the longest sanction imposed for the money launderings charge was two years. No convictions have ever been obtained for autonomous money laundering.

175. At the time of the assessment, charges had been brought in one case under the stand-alone money laundering provision of the CJA 1990. The case, which originated from an STR, had not yet reached trial stage.

176. The low number of STRs resulting in an investigation and ultimately in a prosecution, the low number of convictions, the lack of convictions for the stand-alone money laundering offense, and the relatively mild sanctions imposed by the courts, call into question the effective implementation of the money laundering offense. The authorities explained that in typical money laundering cases the subjects of the STRs do not reside in the IOM and the alleged predicate offense has also been committed outside the IOM. In such circumstances, the IOM authorities must depend on the other jurisdiction(s) involved to obtain the evidence necessary to commence an investigation, which is often a lengthy process, sometimes taking years. For their part, the IOM authorities have been active in sharing relevant information with foreign counterparts to facilitate investigations and prosecutions conducted abroad.

177. The assessors understand that the nature of much of the financial services business conducted in the IOM, involving funds received from abroad on behalf of nonresidents, can make it difficult to prosecute money laundering cases locally and more efficient to transfer cases to other jurisdictions in which the predicate offense may have occurred or the funds or accused persons are located. However, the assessors consider it important that the IOM seeks also to develop its own case law in this area, both to establish that money laundering is a stand-alone offense that may be prosecuted independently from the predicate offense and to clarify the level of proof required to determine that proceeds are illicit and how specific the evidence needs to be in relation to specific predicate offenses. Improving the current level of results from the domestic system represents a challenge that should be addressed by the IOM authorities as a whole.

2.1.2. Recommendations and Comments

  • Amend Articles 17C CJA 1990 and 45 DTA 1996 to:

    • provide for two alternative purposes for the acts of converting and transferring proceeds, namely to avoid prosecution for the predicate offense or to conceal the illicit origin of the funds, and;

    • eliminate the purpose requirement for the acts of converting and transferring proceeds of crime.

  • The defense (payment of adequate consideration) provided for in Sections 17B(3) CJA 1990 and 47(3) DTA 1996 is not provided for in the Vienna and Palermo Conventions and should be eliminated as it may allow money launderers to abuse the provision to avoid criminal liability for the acquisition, possession, or use of criminal proceeds/proceeds.

  • Amend Section 10 ATCA 2003 to cover all material elements of the money laundering provisions of the Palermo and Vienna Conventions.

  • Amend the offenses of acquisition, possession, or use in the CJA 1990 and the DTA 1996 as well as the money laundering offense contained in the ATCA 2003 to include criminal proceeds obtained through the commission of a predicate offense by the self launderer.

  • The authorities should:

    • (i) address any barriers to stand-alone ML prosecutions, including the level of proof needed to determine that property stems from the commission of a specific predicate offense; and

    • (ii) take steps to develop jurisprudence on autonomous money laundering to establish that ML is a standalone offense.

2.1.3. Compliance with Recommendations 1 & 2

article image
article image

2.2. Criminalization of Terrorist Financing (SR.II)

2.2.1. Description and Analysis

Legal Framework:

178. IOM law criminalizes the financing of terrorism through ATCA 2003 Sections 6–9.

179. As indicated under Recommendation 1, the IOM is a Crown Dependency and cannot sign or ratify international conventions in its own right. Rather, the UK is responsible for the IOM’s international affairs and may arrange for any convention’s ratification to be extended to the IOM. The UK’s ratification of the International Convention for the Suppression of the Financing of Terrorism (FT Convention) has been extended to the IOM on September 25, 2008.

180. Of the other 15 international counter-terrorism related legal instruments, ten have been extended to the IOM, namely the Diplomatic Agents Convention, the Civil Aviation Convention, the Maritime Convention, the Fixed Platforms Protocol, the Convention on the Making of Plastic Explosives for the Purpose of Detection, the Hostage Taking Convention, the Unlawful Seizure Convention, the Aircraft Convention, the Airport Protocol, and the Nuclear Material Convention.

Criminalization of Financing of Terrorism (c. II.1):

181. ATCA 2003 Section 7 is the main terrorism financing offense. The provision makes it an offense for a person to receive or provide or invite another to provide money or other property where the person either intends that the property will be used or has reasonable grounds to suspect that the property may be used for the purpose of terrorism.

182. ATCA 2003 Section 8 criminalizes the use of money or other property for terrorism purposes as well as the possession of money or other property where the person possessing the property either intends to use it for terrorism or has reasonable cause to suspect that it may be used for terrorism.

183. ATCA 2003 Section 9 furthermore provides that it is an offense for a person to enter into or become concerned in an arrangement as a result of which money or property is made available or is to be made available to another and the person knows or has reasonable cause to suspect that it will or may be used for purposes of terrorism.

184. Pursuant to ATCA 2003 Section 6, the term “terrorist property” extends to money or other property that is likely to be used for the purpose of terrorism, including any money or property that is or will be made available for use by proscribed organizations, as well as the proceeds of the commission of terrorist acts and acts carried out for the purpose of terrorism. Section 75 further specifies that “property” includes property wherever situated and whether real or personal, heritable or moveable, and things in action and other intangible or incorporeal property.

185. The international standard requires that the terrorist financing offense extend to any person who provides or collects funds by any means, directly or indirectly, with the intention that they be used for terrorist acts, by a terrorist organization or by an individual terrorist.

Terrorist Acts:

186. ATCA 2003 Section 1 defines “terrorism” as the use or threat of action where (1) the act involves serious violence against a person or property, endangers a person’s life other than that of the person committing the act, creates a serious risk to the health or safety of the public or a section thereof, or is designed to interfere with or seriously disrupt an electronic system, and (2) the use or threat is designed to influence a government or to intimidate the public or a section thereof, and (3) for the purpose of advancing a political, religious or ideological cause. If, however, any of the acts listed under (1) involve firearms or explosives and are committed for the purpose of advancing a political, religious, or ideological cause, it is considered terrorism regardless of whether the requirements listed in (2) are met.

187. Under the FATF standard, “terrorist acts” include (1) offenses as defined in the nine Conventions and Protocols listed in the Annex to the FT Convention and (2) any other act intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a Government or an international organization to do or to abstain from doing any act.”

188. With respect to the generic terrorism offense it would appear that the scope of ATCA 2003 Section 1 covers all but one aspect of the FATF definition. While the latter is limited to acts against civilians, the former covers violence against any person or property as long as the act is designed to influence a government or intimidate the public. However, while the FATF definition also includes acts designed to intimidate an international organization, no such reference to international organizations is contained in the ATCA 2003.

189. As indicated above, for the generic offense, IOM law provides that only acts undertaken or threats made with the intention of advancing a political, religious, or ideological cause would constitute “terrorism.” This approach, which adds an element not set forth directly in the FT Convention, is one that a number of countries have adopted to ensure the generic definition is not used in circumstances where it was not intended. The authorities should assess the advantage of this approach in the domestic context in implementing the Convention, and ensure that the IOM’s ability to prosecute in factual settings contemplated by the Convention will not be negatively impacted.

190. ATCA 2003 Section 1 does not contain an express reference to the offenses defined in the nine Conventions and Protocols listed in the Annex to the FT Convention. To satisfy the requirements of the international standard on that point, the generic terrorism offense would therefore have to be broad enough to cover all offenses defined in the nine Conventions and Protocols. However, while the use or threat with the use of serious violence is required for an act to fall under the definition of ATCA 2003 Section 1 as outlined above, some of the offenses in the Conventions and Protocols do not require the use of violence or threat thereof. For example, the Nuclear Material Convention makes it a terrorism offense to possess nuclear material if the prescribed mental element is met.

191. In practice the scope of the terrorism offense in the ATCA 2003 may therefore cover many but clearly does not extend to all “terrorist acts” as defined in the FATF standard.

Terrorist Organizations:

192. ATCA 2003 Section 1(5) provides that any reference to “action taken for the purpose of terrorism” would include action taken for the benefit of a proscribed terrorist organization. ATCA 2003 Sections 7–9 therefore apply to the provision or collection of funds for the benefit of proscribed terrorist organizations, whereby an organization is proscribed if it is listed in Schedule 2 to the Terrorism Act 2000. The ATCA does not provide for a definition of “terrorist organization”.

193. To some extent ATCA 2003 Section 7 also applies to situations where a person collects or provides funds that he/she has reasonable cause to suspect may be used for terrorism. If a person funds a terrorist organization not “proscribed” by Parliament, it is assumed that he/she has reasonable cause to suspect that the money may be used for terrorism and may therefore be held criminally liable for terrorism financing.

194. However, the terrorism financing provisions of the ATCA 2003 have never been tested before the courts and it has not been established in what circumstances property is considered to be “used for terrorism”. It is therefore unclear whether the financing of terrorist organizations could be prosecuted under the cited provisions in cases where the support relates to costs of living, education expenses or similar expenses.

Individual Terrorists:

195. The ATCA 2003 does not expressly criminalize the financing of individual terrorists, nor does it contain a definition of the term “terrorist”. However, Sections 7–9 ATCA 2003 extend to situations where a person collects or provides funds that he/she has reasonable cause to suspect may be used for terrorism. The authorities have indicated that in the IOM, if a person provides funds to an individual terrorist, he/she would be assumed to have reasonable cause to suspect that the money “may” be used for terrorism and could therefore be held criminally liable for terrorism financing.

196. The standard of “reasonable cause to suspect” that the funds “may” be used for terrorism is a relatively low one. Nonetheless, it is not clear that the provision of living and private expenses to an individual terrorist would be covered by the IOM’s provisions, as interpreted by a court. The assumption is not set forth in the statutory language. Even if the court were to assume this, evidence can be adduced to rebut that assumption. There is no jurisprudence on the issue. In addition, for the reason outlined above, such situations would not necessarily be covered by the ancillary offenses. However, provision of any funding to such individuals is a criminal offense under the Al-Qa’ida and Taliban (UN Measures) (Isle of Man) Order 2002 and the Terrorism (UN Measures)(Isle of Man) Order 2001 respectively and prosecutions in the IOM could be initiated directly based on the provisions of those Orders. The latter not only applies to individuals and entities designated pursuant to UN Resolution 1373 but extends to any person within the IOM and any British citizen elsewhere who is ordinarily residing in the IOM or body corporate established under IOM law. With these provisions and the possibility that the funding would also be captured by Sections 7-9 ATCA 2003, IOM has clear avenues to impose criminal liability for the funding of the living and private expenses of individual terrorists.

197. ATCA 2003 Section 7(4) provides that a reference to the “provision of money” would include money or other property given, lent or otherwise being made available, whether or not for consideration. Section 75 further provides that “property” extends to property wherever situated, whether real or personal, heritable or moveable, and things in action and other intangible or incorporeal property. The language of the provision is not limited to property that stems from illegitimate sources and the authorities confirmed that terrorism property as defined in Section 6 in connection with Section 75 ATCA would extend property from illegal as well as legitimate sources.

198. The terrorism financing provisions do not require that the funds provided are actually used to carry out or attempt the commission of a terrorist act or that the funds are linked to a specific terrorist act. It is merely required that the funds are intended for use in the commission of a terrorist act or that the financer has reasonable cause to believe that they will be used for terrorism or for the benefit of a proscribed terrorist organization.

199. ATCA 2003 does not define any ancillary offenses for terrorist financing. However, the general provisions of the Criminal Code 1872 also apply with respect to the terrorism financing offense.

200. Criminal Law Act 1981 Section 9 provides that unless otherwise stated, sanctions for the commission of an offense shall not only be applied to completed but also to attempted crimes, whereby a crime is considered attempted if the perpetrator carries out an overt act that goes beyond mere preparation.

201. Conspiracy is covered through Criminal Code 1872 Section 330. Pursuant to the provision, if two or more persons conspire to commit any offense, such persons shall be held criminally liable and may be punished with imprisonment for a term not exceeding ten years.

202. Furthermore, Criminal Code 1872 Sections 350 and 351 provide for criminal liability of any person who is accessory before the fact to any felony or who counsels, procures, or commands another to commit any felony. Both sections provide that the accused may be punished as if he were the principal offender. IOM law therefore allows for the prosecution of all parties that may be involved in the commission of a terrorism financing offense.

Predicate Offense for Money Laundering (c. II.2):

203. As outlined under section 1.1 of this report, offenses under the ACTA 2003 are expressly excluded from the money laundering offenses of the CJA 1990. However, the ATCA 2003 itself, through Section 10, contains a money laundering offense which is exclusively applicable to situations in which the funds involved constitute terrorist property. Further information on the elements as well as the shortcomings of the ATCA money laundering offense may be found in Section 1.1.

Jurisdiction for Terrorist Financing Offense (c. II.3):

204. ATCA 2003 Section 49 provides that a person may be held criminally liable for any acts committed outside the IOM that would have constituted a terrorist offense pursuant to ATCA 2003 Sections 7–10 had they been committed in the IOM. Furthermore, the term “action” includes any action outside the island, “the public” extends to the public of the IOM as well as of a country or territory other than the IOM and “the government” refers to the government of the IOM, of the UK, or of any other country or territory.

205. The terrorist financing offenses of the ATCA 2003 therefore apply regardless of whether the person alleged to have committed the offense is in the same or a different country from the one in which the terrorist or terrorist organization is located or the terrorist act occurred or will occur. There are also no jurisdictional provisions that would require any other link between the IOM and the perpetrator, such as citizenship or residence.

The Mental Element of the TF Offense (applying c. 2.2 in R.2):

206. As outlined above, the terrorism financing offense under the ATCA 2003 requires that the perpetrator either knows or intends that the funds are being used for a terrorist act or has reasonable cause to believe that they may be used for terrorism purposes, including for the benefit of proscribed terrorist organizations.

207. As in the case of CJA 1990 and DTA 1996, ATCA 2003 does not expressly provide that the intentional element required for the commission of the terrorism offense may be inferred from objective factual circumstances. However, the English common law principle regarding the ability to make reasonable inferences from objective factual circumstances applies also with respect to the terrorism financing offense.

Liability of Legal Persons (applying c. 2.3 & c. 2.4 in R.2):

208. The terrorism financing offenses of ATCA 2003 apply to any “person” without differentiating between legal and natural persons, whereby Section l(4)(b) provides that the reference extends to any person, wherever situated. The Interpretation Act 1976, which applies to “every provision of every Act passed after May 1949” defines “person” to cover any person, natural or legal.

209. The language of the ATCA 2003 would suggest that criminal liability of legal persons for any FT offense would not preclude the possibility of parallel criminal, civil, or administrative sanctions for terrorist financers that are legal entities and the authorities confirmed that both criminal and civil/administrative proceedings could be instituted against legal persons at the same time. It was pointed out that, in practice, it would be more likely that the authorities would institute civil proceedings against the legal person and criminal proceedings against directors or managers of the legal entity in question. At the time of the assessment no legal entity has been held criminally liable for FT.

Sanctions for FT (applying c. 2.5 in R.2):

210. The sanctions applicable for FT pursuant to ATCA 2003 are imprisonment for a term of up to 14 years or a fine or both (upon conviction) or imprisonment for a term of up to six months or a fine of up to GBP5,000 or both (upon summary conviction). The IOM’s sanctions for terrorist financing are identical to those of UK. As there has never been a conviction for FT in the IOM, no sanctions have ever been imposed.

Analysis of Effectiveness:

211. There have been no investigations or prosecutions relating to FT and the FT offense has therefore never been tested before the courts.

2.2.2. Recommendations and Comments

  • Amend Article 1 ATCA 2003 to include a reference not only to governments but also to international organizations.

  • Amend the definition of “terrorism” in Section 1 ATCA 2003 to extend to all terrorism offenses as defined in the nine Conventions and Protocols listed in the Annex to the FT Convention.

  • Consider the impact of including in the FT offense “intention of advancing a political, religious, or ideological cause” on the IOM’s ability to successfully prosecute in factual settings contemplated by the FT Convention.

2.2.3. Compliance with Special Recommendation II

article image

2.3. Confiscation, freezing and seizing of proceeds of crime (R.3)

2.3.1. Description and Analysis

Legal Framework:

212. There is no overarching statutory instrument covering all instances of seizure and confiscation of criminal assets or proceeds in general. Relevant provisions are found in three different Acts: the legislation covering seizure and confiscation of proceeds of crime in respect of ML and FT is currently found in DTA 1996 (confiscation and seizing of the proceeds of drug trafficking offenses), CJA 1990 (confiscation and seizing of the proceeds of all other offenses) and ATCA (freezing and forfeiture of terrorism related assets).

213. Part 1 of the POCA 2008, which came into effect on October 22, 2008, introduced a procedure of civil recovery of illegal proceeds. Part 2 of the POCA 2008 will, once in force in August 2009, streamline and update the legislation in this area. It provides for criminal confiscation and restraint measures in the IOM, replacing the separate drug trafficking and criminal justice legislation with a consolidated set of provisions, but leaves the separate rules for terrorist assets untouched.

Confiscation of Property related to ML, FT or other predicate offenses including property of corresponding value (c. 3.1):

Laundered Property

214. There is no general provision explicitly covering the confiscation of the laundered assets as the object of the (autonomous) money laundering offense (“corpus delicti”) in a stand-alone prosecution. It is argued that the “object” of a money laundering offense is seen as the “proceeds” of crime and any application for restraint or confiscation of such “proceeds” of crime would be made under the relevant sections of the Criminal Justice Act/Drug Trafficking Act or Proceeds of Crime Act accordingly. So arguably the CJA 1990 and the DTA 1996 implicitly provide for the value-based confiscation of the object of the offense as this measure is applied to any benefit gained from criminal conduct, once the court has established that such conduct has occurred and has generated proceeds that have subsequently gone through a laundering process. This opinion is however a matter of debate and has not yet been tested in a stand-alone ML prosecution, nor confirmed in authoritative doctrine.

Proceeds
General Regime

215. Except for drug trafficking and terrorism related cases, the relevant provisions of CJA 1990 Part 1 apply. A confiscation order is issued by either the Summary or the High Court upon conviction, ordering the defendant to pay a sum “as the court thinks fit”. The offender has to be found guilty of an offense, namely a prescribed offense (i.e., prescribed by order of the DHA)12 or of another offense, except if it is a drug trafficking offense under DTA 1996 or an offense under ATCA 2003. The Court has to be satisfied that the offender has benefited from that offense or from that offense together with any other offense for which he is convicted in the same proceedings.

216. ‘Benefiting from crime’ is defined as obtaining property or a pecuniary advantage as a result of or in connection with the commission of the offense, whereas the benefit itself is the value of the property so obtained (CJA 1990 Section 1(4) and (5)). Issuing a confiscation order is at the Court’s discretion, but such order can only be made on a written application of the prosecutor. The Court will assess the benefit of the criminal conduct and order the offender to pay a sum equal to that benefit, or an amount the court estimates to be realizable at the time of the order (CJA 1990 Section 1(6)). if payment is not forthcoming the High Court may then, on application made by or with the consent of the AG appoint and empower a receiver to realize any realizable property. CJA 1990 Section 4 gives detailed instructions on how realizable property has to be assessed, but basically it has to be understood as any property held by the defendant at the time of the order, together with the value of all gifts (including transfers for a significantly low value) he has made after the commission of the offense, but minus the debts resulting from priority obligations.

Drugs

217. The confiscation regime in the context of drug offenses is quite similar to that of CJA 1990. DTA 1996 also provides for the possibility of confiscation of the benefits upon conviction for drug trafficking, on application of the prosecutor. The rules on the assessment of the benefits and payment or realization of the confiscated amount are no different from those of CJA 1990, except that under certain conditions any property transferred to the offender within the period of six years before the institution of the criminal proceedings should be taken into account (S4(3)(a)(ii).

218. In all instances non-compliance with the confiscation orders can be sanctioned by imprisonment for a term to be determined by the court, with a maximum of 10 years.

Terrorism

219. ATCA 2003 Section 16 provides for the possibility of making forfeiture orders upon conviction of the defendant for terrorism offenses (ATCA Sections 7 to 10). The use of different terminology in the case of forfeiture (vis-à-vis the confiscation provisions) is explained by the fact that the order does not relate to a sum equivalent to the illegally gained benefit but to the money and other property the offender possessed or controlled at the time of the offense (fund raising and money laundering offenses) with the intention to be used for terrorism purposes or where he had reasonable cause to suspect that it would be used for that purpose. Payments and rewards in connection with the terrorism offenses are also subject to forfeiture. The issuing of forfeiture orders is at the discretion of the Court, but does not require a prior application by the prosecutor. ATCA 2003 Schedule 2 provides further detail in respect of the implementation of forfeiture orders and provides for the appointment of a receiver to take possession of and realize any forfeited property.

Instrumentalities
General

220. The power to confiscate (or more precisely “forfeit”, as it relates to specific items) instrumentalities used or intended for use for criminal purposes is provided for in the Criminal Law Act 1981 Section 16. Any property (intended to be) used for or facilitating the commission of an offense by a person convicted of the offense, and which was in his possession or under his control at the time of his apprehension or the summons, can be forfeited by the court with an order depriving the offender of his rights in respect of that property. The property is then taken into the possession of the police, irrespective if it has been previously seized or not. Forfeiture of the instrumentalities of crime under this Act applies to all crimes, including drug trafficking and terrorism.

Drugs

221. Additionally, instrumentalities used in or intended to be used in drug offenses can also be forfeited according to the Misuse of Drugs Act 1976, Section 27, empowering the Court, upon conviction, to forfeit anything shown to relate to the drug offense, to be either destroyed or dealt with in such a manner as the court may order.

Terrorism

222. Beside the general regime of the Criminal Law Act 1981, forfeiture of terrorism related instrumentalities may also be captured under ATCA 2003 Sections 16(2)(b) and (3)(b), forfeiting all property intended to be used for terrorism purposes (including raising funds for and financing of terrorism).

Equivalent value

223. The confiscation regime of CJA 1990 and DTA 1996 is essentially equivalent value based by itself, as it provides for the payment of a sum that in principle reflects the value of the proceeds (“benefits”) of crime. The confiscation order is then executed on the assets (“realizable property”) of the offender, where it does not matter if they have any relation with the offense or not.

224. The ATCA 2003 forfeiture provisions specifically target money and other property that is related to the terrorism offense and in the possession or under the control of the offender when he committed the offense. As such the ATCA 2003 contains no reference to any specific equivalent value confiscation or forfeiture and none of the DTA 1996 or CJA 1990 value confiscation rules apply to the ATCA 2003 situations.

Proceeds of Crime Act 2008
Proceeds

225. One of the most important new provisions introduced with effect from October 22, 2008 by the POCA 2008 Part 1 is the civil recovery procedure, based on the balance of probability evidence rule with no requirement for a previous conviction. Property being or representing proceeds from unlawful conduct could be forfeited by the High Court. Cash being or representing criminal proceeds, or intended to be used in unlawful conduct could be forfeited in civil proceedings before a Summary Court.

226. Part 2 of the POCA 2008 covers confiscation and restraint in respect of all other crimes, except those covered by ATCA 2003. POCA 2008 Section 66 deals with the making of a confiscation order and would provide for the Court to determine whether the defendant has a criminal lifestyle; if so, whether he has benefited from his general criminal conduct; if not, whether he has benefited from his particular criminal conduct. The court would then determine a recoverable amount and make a confiscation order requiring the defendant to pay that amount. POCA 2008 Sections 66–73 contain further provisions regarding confiscation orders including determination of the recoverable amount, determination of the defendant’s benefit, and determination of the available amount. POCA 2008 Sections 74–78 deal with procedural matters in respect of confiscation orders. Sections 79–86 provide for reconsideration, 87–88 provide for where the defendant absconds, and 89 and 90 provide for variation and discharge of a confiscation order. Appeals are dealt with by Sections 91 and 92, enforcement provisions in Sections 93–95, and the appointment, powers, and procedure in respect of management and enforcement receivers in Sections 103–117. POCA 2008 Section 215 provides for the making of secondary legislation which will enable confiscation orders made outside the IOM to be enforced in the IOM. The POCA 2008 is being brought into force in stages by Regulation and the existing provisions of DTA 1996 and CJA 1990 with regard to restraint and confiscation are being repealed.13 The previous legislation continues to be used, however, until the new secondary legislation has been brought into force, thus ensuring a seamless transition. August 1, 2009 is the effective date for all remaining provisions of the POCA 2008.

Instrumentalities

227. The POCA 2008 does not deal with the forfeiture of the instrumentalities. The existing legislation (CLA 1981) will continue to apply. Also the specific legislation dealing with confiscation and forfeiture relating to terrorism will not be affected.

Confiscation of Property Derived from Proceeds of Crime (c. 3.1.1 applying c. 3.1):

228. As noted, confiscation under CJA 1990 and DTA 1996 is value based. The criminal proceeds are not subject to confiscation as such but, in calculating the total value of the benefits the offender gained from his criminal conduct, the Court will take into account all benefits derived directly or indirectly therefrom, which would include substitute assets, investment yields and other profits. It does not matter if the proceeds are held by the offender or by a third party. If no voluntary payment follows, the Court may appoint a receiver to execute the order on the offender’s realizable property. “Realizable property” is defined in both Acts as “any property held by the defendant and any property held by a person to whom the defendant has directly or indirectly made a gift caught by this Act”.

229. Proceeds of FT offenses, subject to forfeiture under ATCA 2003 Section 16, are defined in Section 6 as property wholly or partly and directly or indirectly representing the proceeds of terrorism related activity. The definition also covers payments and other rewards and would consequently cover all immediate and derived benefits.

230. Forfeiture of instrumentalities of (whatever) crime relates to identified objects, whether or not the property of the offender.

231. As for the rights of the bona fide third party, this is addressed in the analysis in this report of Recommendation 3.

Proceeds of Crime Act 2008:

232. The definition of criminal proceeds in the civil recovery part of the POCA 2008 (Section 3) is not specific. Property represents criminal proceeds if “obtained by or in return for the conduct”, which does not make clear whether indirect proceeds are covered. The assessment of the benefit the offender acquired from the criminal lifestyle and the specific offense, however, comprises the value of all property which the Court considers the defendant has acquired as a benefit of crime. Such benefit is consequently not limited to the direct proceeds.

Provisional Measures to Prevent Dealing in Property subject to Confiscation (c. 3.2):

233. At the investigation stage the police have a general power of seizure of items or other property based on establishing reasonable grounds that they are the product of crime (“obtained in consequence of the commission of an offense”) or have an evidentiary value (PPPA 1998 Section 22). Criminal proceeds could fall under both categories, especially if materially present in the form of cash. Police seizure of assets unrelated to the offense under investigation (equivalent value seizure) is not possible under the PPPA 1998.

General

234. Conservatory measures to preserve the assets subject to a confiscation order and to prevent their dissipation are found in CJA 1990 Sections 6 and 7 (“restraint orders”). Such an order is issued by the High Court prohibiting any person from dealing with any realizable property, subject to such conditions and exceptions as may be specified in the order. Restraint orders can however only be issued if criminal proceedings have been instituted against the defendant for an offense to which CJA 1990 applies. The confiscation proceedings may have not been concluded and either a confiscation order has been made or the court expects a confiscation order may be made.

Drug Trafficking

235. Restraint orders according to of DTA1996 Sections 25 and 26 follow the same line. Again, proceedings must have been instituted against the defendant for a drug trafficking offense, and confiscation proceedings have not been concluded and either a confiscation order has been made or the court expects a confiscation order may be made. Restraint orders can also be issued to take into account new elements; such as a change in the level of assets available to the defendant (Sections 13 to 16 and 19).

Terrorism financing

236. ATCA 2003 Schedule 3, part 2 contains a special procedure for seizure and detention of “terrorist cash”, which extends to any financial instrument convertible into cash. The seizure can be effectuated by an “authorized officer” (customs, police) for 48 hours, after which an order of the High Bailiff is required to detain the cash for a longer period (three months to two years). Seizure during an investigation and of other terrorism related items as “evidence” can be effectuated under the relevant provisions of the PPPA 1998. Restraint orders can be issued under the rule of ATCA 2003 Schedule 2.5 (1) and (2) of the, provided criminal proceedings or criminal investigations have been initiated.

Equivalent value seizure

237. Seizure of assets unrelated to the offense is adequately covered by the restraint orders under CJA 1990 and DTA 1996, as this is made in preparation of a value based confiscation of realizable property, where no relation with the offense is required. It is less clear if equivalent value conservatory measures are available under ATCA 2003.

Proceeds of Crime Act 2008

238. POCA 2008 Section 97, in force from August 1, 2009, empowers the Court to make an order (a “restraint order”) prohibiting any specified person from dealing with any realizable property held by that person and may apply to all realizable property held by a specified person, whether the property is described in the order or not, and to realizable property held by a specified person, being property transferred to him after the making of the order. The restraint order may be made subject to exceptions and conditions such as allowing for reasonable living and legal expenses, but differs from the existing legislation in disallowing provision for any legal expenses in connection with the offense or offenses for which the restraint order is sought and are incurred by the defendant or by the recipient of a tainted gift. The Court may exercise these powers provided any of the conditions specified in POCA 2008 Section 96 are satisfied. These conditions would be less onerous on the prosecution than the current requirements and allow a restraint order to be made once an investigation has been started rather than requiring proceedings to be instituted and that there is reasonable cause to believe that the alleged offender has benefited from his criminal conduct.

Ex Parte Application for Provisional Measures (c. 3.3):

239. Both the current and new legislation in this area allow the initial application to freeze or seize property subject to confiscation to be made ex-parte. Applications for such orders, whether under the DTA 1996 or the CJA 1990 are made ex-parte by the prosecutor to a Deemster in chambers and once the order is made, notice of the order is made to persons affected by the order. As for ATCA 2003, Schedule 2.5 (4) allows the application to be made “in private without notice”.

240. These provisions are mirrored by those in POCA 2008 Section 98.

Identification and Tracing of Property subject to Confiscation (c. 3.4):

241. A first and important role in the detection of suspected criminal proceeds is played by the FCU/FIU as receiving agency of the suspicious transaction reports by the industry under the AML/CFT rules.

242. At the investigation stage the police have several options:

  • - they can request the court to issue a production order pursuant to DTA 1996 Section 52 or CJA 1990 Section 17J requiring the person who holds the required information to produce it to a constable. If necessary the police can immediately apply for a search warrant.

  • - they can use the means provided in the PPPA 1998 (Sections 11 and 12, Schedule 1) and seek authorization from a judge to enter and search premises based on reasonable grounds for believing that a serious arrestable offense (which would include terrorism financing - see Schedule 2 of the PPPA 1998) has been committed and there is material on the premises which is likely to be of substantial value to the investigation of the offense.

243. A special procedure is used in cases of “serious or complex fraud”, which is interpreted as covering all forms of dishonest behavior generating illegal benefits. Money laundering activity would fit in with that concept. CJA 1990 Section 24 empowers the AG to require from any person he has reason to believe has relevant information to attend before him and answer questions and furnish information with respect to any matter relevant to the information. This procedure does in principle not require a court intervention, but confers a discretionary power on the AG which is subject to judicial review (based on the criterion of reasonableness).

Proceeds of Crime Act 2008

244. POCA Part 4 has provisions that duplicate some and extend the provisions of DTA 1996 and CJA 1990 with regard to production orders, allowing production orders to be obtained in civil recovery as well as criminal confiscation investigations. POCA 2008 also contains additional powers that provide for search and seizure warrants, disclosure orders, customer information orders and account monitoring orders. However, the provisions of CJA 1990 Section 24 and PPPA 1998 have not been amended.

Protection of Bona Fide Third Parties (c. 3.5):

CJA 1990 and the DTA 1996

245. The procedure for assessing the value of realizable property takes into account the rights of creditors and of bona fide third parties by defining the “amount that might be realized” as the total value of property less the value of any obligations having priority and the value of that property as the market value of that property less the value of any other person’s interest in that property (DTA Sections 6 and 7; CJA 1990 Section 4). Provision is also made for bona fide third parties to make representation to the court where a court has been asked to empower a receiver to enforce a charge or realize realizable property (DTA 1996 Section 29(8); CJA 1990 Section 10(8)). In restraint orders third parties affected by the restraint may make application to discharge or vary the restraint order (DTA 1996 Section 26(10) and CJA 1990 Section 7(7)).

246. ATCA Section 16(7) provides for innocent third party protection in the context of forfeiture orders, giving any interested third person the opportunity to be heard by the Court before the order is issued.

247. Forfeiture of instrumentalities under the CLA 1981 can be challenged before the Court by third parties under CLA 1981 Sections 16(4)(b).

248. In addition, there is always the general right of any person who feels wronged by confiscation or forfeiture measures to apply at any time to the High Court with a Petition of Doleance in order to obtain a judicial review.

POCA 2008

249. The POCA 2008 mirrors the provisions of the above legislation in respect of the rights of secured creditors. This provision is found in POCA Section 69 which states: “For the purposes of deciding the recoverable amount, the available amount is the aggregate of the total of the values (at the time the confiscation order is made) of all the free property then held by the defendant minus the total amount payable in pursuance of obligations which then have priority.” Obligations are defined as preferential debts as specified in the Preferential Payments Act 1908. There are no corresponding provisions for debts which do not constitute preferential debts. When application is made to the court to confer powers on a receiver (for example to realize property) bona fide third parties’ rights would be further safeguarded by the provisions of POCA 2008 Section 106(8) which states “The court must not confer the power mentioned in subsection (2)(b) or (c) in respect of property or exercise the power conferred on it by subsection (6) in respect of property, unless it gives persons holding interests in the property a reasonable opportunity to make representations to it.” With regard to restraint, POCA 2008 Section 98(2)(b) provides that any person affected by a restraint order may apply to vary or discharge the order and any such person may appeal such an order to the Staff of Government Division (Appeal Court) pursuant to Section 99(2)(b).)

Power to Void Actions (c. 3.6):

250. In general, actions that are intended to willfully obstruct effective confiscation or forfeiture of criminal proceeds in whatever form constitute criminal offenses that amount to (aiding and abetting) money laundering and as such they give cause to prosecution. Any such actions would be illegal, so any such contracts or agreements are not taken into account in confiscation/forfeiture decisions. Moreover, in the context of the proceedings surrounding the realization of property by a receiver, the Court has wide powers to void any action that would undermine the value of the realizable property.

Analysis:

251. With the exception of the issues raised below; the IOM legal framework underpinning the seizure and confiscation system related to proceeds of crime is generally solid and comprehensive. The (similar) relevant provisions of CJA 1990 and DTA 1996 and, since October 22, 2008, POCA 2008 adequately provide for a value-based confiscation regime capturing in principle any benefit that the offender may have gained as a result of his criminal conduct. The benefit assessment procedure followed by the court is quite detailed and takes into account all factors necessary to come to a fair estimation. The provisions of ATCA 2003 also appropriately focus on the deprivation of the assets related to FT.

252. There are however some issues that need review in respect of compliance with the international standards:

  • the deficiencies identified with the criminalization of ML and FT may also affect the criminal conviction-based confiscation and forfeiture; and

  • the “corpus delicti” confiscation of the assets laundered is untested and its application doubtful. It is understood that proving money laundering does not require a conviction of the predicate offense. However there is an issue of jurisdiction: the criminal conduct the Court has to judge is the money laundering activity itself and the confiscation of the benefits of that conduct, which is not the same as the benefits gained from the commission of the predicate offense(s). The jurisdiction of the Court does not extend to the predicate criminality, and consequently the authority of the Court to pronounce itself on the benefits of that conduct is subject to challenge.

253. Equivalent value seizure appears not to be fully covered in all circumstances. Restraint orders pursuant to CJA 1990 Section 6 and DTA 1996 Section 25 can only be issued when proceedings have been instituted against the defendant, leaving him the opportunity to dispose of his assets as soon as he is alerted to any investigative action, to ensure they would no longer be available as realizable property. This deficiency is remedied by POCA 2008 Section 96, with effect from August 1, 2009.

254. The IMF’s 2002/03 AML/CFT assessment pointed out that confiscation of assets of equivalent value in connection with the FT was not covered in the IOM. The issue remains unresolved. Assets and proceeds related to FT are subject to forfeiture, which requires that the money and other property, representing wholly or partly and directly or indirectly the proceeds of the offense (ATCA 2003 Section 6 (2)(a)), be connected with the offense. Arguably it might not be necessary for the assets still to be available when the forfeiture order is issued, the requirement being only that the money and property was in the possession or under the control of the offender at the time of the offense. On the other hand there is a second condition in ATCA 2003 Section 16 that the assets are supposed to be used for the purposes of terrorism, imposing need to establish a concrete link between the assets and the FT offense.

255. This difficulty extends also to the issue of equivalent value seizure under ATCA 2003. Although the implementation procedure for the forfeiture orders reflects the same approach as the confiscation procedure, including restraint of property in preparation of a forfeiture order, ATCA 2003 Schedule 2.3(3) appears to confirm the requirement that the assets that are the object of the forfeiture order must be shown to have a specific connection to the offense, insofar as this shields the receiver from liability for any actions “in relation to property which is not forfeited property”. If the receiver would be entitled to execute the order against any property of the offender, it would seem that such protection would be unnecessary.

Effectiveness:

256. The available statistical data covering the period between 1997 and 2003 show an uneven but reasonable number (113, ranging from two to 44 per year) of drug related confiscation orders. According to partial statistics for 2008 (up to June) seven confiscation orders were issued. Very noticeable in all cases is the difference between the assessed benefit and the amount actually recovered: no confiscation order has been fully or even substantially realized. The highest percentage is typically around 30 percent (with one exception of some 50 percent), the lowest some 0.01 percent. Although this reflects the universal challenge faced by law enforcement in terms of effective recovery of criminal assets, it indicates that efforts need to be increased. An important element is the need for timely immobilization or freezing of the assets so that they remain available for recovery. The introduction of civil recovery under POCA 2008 effective August 1, 2009, may prove useful in increasing effectiveness in this area.

257. The statistics kept in respect of the (domestic) restraints and confiscations are partial and insufficient to allow a comprehensive assessment of the performance of the recovery system.

258. The IOM seizure and confiscation legislative framework is generally adequate and reflects a clear awareness of the legislator of the importance of depriving criminals of their illegal assets. The authorities need to reinforce the legal framework to address the following issues in order to enhance effectiveness:

  • the deficiencies in respect of the scope of the ML and FT offenses may affect the quality of the criminal confiscation regime;

  • the possibility of confiscating the assets laundered in a stand-alone money laundering case is subject to challenge in the absence of case law or other authoritative source, though UK precedent may be helpful; and

  • the undue restriction that equivalent value seizure is possible only after formal proceedings have been instituted.

2.3.2. Recommendations and Comments

  • The law should be amended to address the deficiencies affecting the scope of the ML and FT offenses and thereby also improve the quality of the criminal confiscation regime.

  • The law should be amended to:

    • - allow equivalent value seizure at any stage of the investigation; and

    • - address in ATCA 2003 the issue of equivalent value confiscation in the context of FT-related assets.

  • Case law should be developed on stand-alone money laundering confiscations.

  • The authorities should address the low effectiveness of the current asset recovery measures, particularly by focusing on the timely tracing and immobilization of recoverable or realizable assets

2.3.3. Compliance with Recommendation 3

article image

2.4. Freezing of funds used for terrorist financing (SR.III)

2.4.1. Description and Analysis

Legal Framework:

259. Specific legislation on freezing suspected terrorist assets is found in the Al-Qa’ida and Taliban (United Nations Measures) (Isle of Man) Order 2002 (SI 2002 N° 259), the Terrorism (United Nations Measures) (Isle of Man) Order 2001 (SI 2001 No. 3364), and the European Communities (Terrorism Measures) Order 2002 (SD 111/02) and the European Communities (Al-Qaida and Taliban Sanctions) (Application) Order 2002 (SD 444/02).

260. Other legal measures against terrorism related assets, including terrorism financing, are found in ATCA 2003. The Act provides for both criminal and administrative measures aimed at restraining such assets in whatever form. The criminal seizure and forfeiture provisions cover all law enforcement actions in the investigating and judicial phase and are commented upon above. The administrative freezing measures taken by the Treasury under ATCA Sections 50 to 55 are more of a preventive, pre-investigative nature, and fall under the scope of SRIII.

Freezing Assets under UNSCR 1267 (c. III.1):

261. The UNSCR 1267 is enforced in the IOM through the Al-Qa’ida and Taliban (United Nations Measures) (Isle of Man) Order 2002 [SI 2002 N° 259], an Order-in-Council made in the UK under the United Nations Act 1946 (an Act of Parliament), extended to the IOM (Section 1(3)). Besides prohibiting the supply or delivering of goods (“restricted goods”) to persons designated by the UNSCR 1267 Sanctions Committee, it makes it an offense to make any funds available to or for the benefit of a designated person. The Order further provides for the freezing of funds where the Treasury has reasonable grounds to suspect that they are in any way held or under the control of a designated person (Article.8).

262. In addition, the IOM also complies with the EC Council Regulation 881/2002 of May 27, 2002, giving effect to UNSCR 1267. This Regulation applies in the IOM, as part of the IOM’s law, pursuant to the European Communities (Al-Qaida and Taliban Sanctions) (Application) Order 2002 [SD 444/02], using enabling powers found in the European Communities (Isle of Man) Act 1973 (an Act of Tynwald). EC Regulation 881/2002 contains a requirement for member states to implement measures to freeze the funds or other assets of designated persons.

Freezing Assets under S/Res/1373 (c. III.2):

263. The Terrorism (United Nations Measures) (Isle of Man) Order 2001 [SI 2001 No. 3364], an Order-in-Council made in the UK under the United Nations Act 1946 (an Act of Parliament), gives effect to UNSCR 1373. Article 1(4) extends the Order to the IOM. It installs a freezing regime, similar to the one giving effect to UNSCR 1267. Article 6 gives the (UK) Treasury the right to issue notices freezing any funds held by, for, or on behalf of a suspected terrorist or associated person.

264. In addition, the IOM also complies with the EC Council Regulation 2580/2001/EC of December 27, 2001, giving effect to UNSCR 1373. This Regulation applies in the IOM, as part of the IOM’s law, pursuant to the European Communities (Terrorism Measures) Order 2002 [SD 111/02], using enabling powers found in the European Communities (Isle of Man) Act 1973 (an Act of Tynwald). Regulation 2580/2001 contains a requirement for member states to implement measures to freeze terrorist funds or other assets and to give effect to requests from other countries to freeze funds or other assets in their jurisdiction.

265. In general terms, ATCA 2003 Section 50 empowers the IOM Treasury to make a freezing order without application to the Court, when it reasonably believes that a foreign person or government presents a threat to the life or property of IOM and UK residents and to the IOM or UK economy. Such freezing order prohibits persons from making funds available to or for the benefit of a person or persons specified in the order, and can be issued to comply with the UNSCR 1267 and UNSCR 1373 obligations. A Protocol was drawn up by the Customs and Excise Division of the Treasury establishing a procedure whereby Section 50 freezing orders may be put in place. This Protocol was adopted in October 2008 and made the Sanctions Officer in the Customs and Excise Division responsible for coordinating consideration of the need for a Section 50 order.

266. The IOM Treasury has as yet not seen any reason to issue its own list of suspected terrorists, which would be drafted in consultation with the UK in any event. Any designation on the domestic list would assumedly also be based on information supplied by the FIU or other law enforcement bodies. The IOM’s list of persons and entities subject to the freezing sanctions is kept in line with the UK designations.

Freezing Actions Taken by Other Countries (c. III.3):

267. The IOM has not incorporated foreign terrorist lists directly into its domestic freezing regime, other than through the EC Regulation and UK list. Foreign designations may be taken into account on a voluntary basis by the industry in their risk-based assessments and as a ground for suspicion to be reported to the FIU. An example of such list is the US OFAC list. The Customs and Excise Public Notices on the implementation of UNSCRs 1267 and 1373 also reminds the public and industry of their duty to report any suspicions of FT irrespective of whether or not the persons or organizations are listed.

268. There are no statutory provisions outlining the procedure to be followed when there is a formal request from another jurisdiction to incorporate their list of designations in the IOM freezing mechanism. The Terrorism (United Nations Measures) (Isle of Man) Order 2001 is silent in that respect, although it does make reference to the UNSCR 1373 in its explanatory note. The only other applicable legal provision is ATCA Section 50 empowering the Treasury, who may be considered to be the central and appropriate authority for the IOM to process such requests, to issue freezing orders if certain conditions are met. These conditions are rather restrictive, targeting only foreign persons and governments and excluding any listing if there is no threat to the IOM and UK economy or to the life or property of IOM or UK nationals or residents.

Extension of c. III. 1-III.3 to funds or assets controlled by designated persons (c. III.4):

269. ATCA 2003 does not contain any detailed definition of funds, other than “money or other property” (throughout Part III on terrorist property) and “financial assets and economic benefits of any kind” (Section 51(6) in the context of freezing orders).

270. All special statutes covering the implementation of the freezing mechanism under the UN Resolutions and the EU Regulation are very specific and elaborate in defining the funds subject to freezing (Article 2 of the Al-Qa’ida and Taliban Order 2002, Article 2 of the Terrorism Order 2001 and Article 1 of the EC Regulations 2580/2001 and 881/2002 as applied in the IOM). Although quite detailed, none of them contain an express reference to assets that are “jointly” and “indirectly owned or controlled” by the designated persons. Derivatives of the funds (interests, dividends, etc.) are adequately covered.

Communication to the Financial Sector (c. III.5):

271. The UN, UK and EU lists are immediately disseminated by the IOM Customs and Excise by way of Public Notices and publication on the government and Customs and Excise websites. The lists and any changes are equally communicated through the Weekly Circular supplied by Customs and Excise to all of its own staff, and forwarded to the FSC, IPA, AG’s Chambers, DHA, and other interested departments. The FSC and IPA also place the notices of changes in the lists on their websites. Public Notices are also available to the non-regulated entities and professions, such as the real estate agents and high value dealers.

272. The Public Notices contain details of the UN and EU measures concerned, and the legislation implementing and sanctioning them in the IOM. They also indicate the link to the relevant UK lists of designated persons and entities on the HM Treasury website. These are notified by news release published without delay via the IOM Government and Customs and Excise websites. Normally the news release is issued no later than the day following notification by HM Treasury of the changes.

Guidance to Financial Institutions (c. III.6):

273. Customs and Excises have provided guidance to the public in the Sanctions Notice 22 on the sanctions regime implementing UN Resolutions and the EC regulation. Dissemination to the industry is also done through the regulators’ websites.

De-Listing Requests and Unfreezing Funds of De-Listed Persons (c. III.7):

274. The ATCA 2003 does not specifically provide for withdrawing or cancelling a freezing order issued under Section 50 but, as such freezing orders come within the definition of public documents, Section 28 of the Interpretation Act 1976 (which provides the power to make any public document) is relevant and includes the power to amend or revoke such public document. The Terrorism (United Nations Measures) (Isle of Man) Order 2001 Section 6(7), however, which also applies to domestic freezing lists in respect of suspected terrorist assets, provides for a formal challenge procedure against a direction of designation by the Treasury issued under the relevant order “in the same manner as the review of a direction under the Banking Act 1998” (since repealed and replaced effective August 1, 2008 by the FSA 2008, Section 32 of which provides for a Financial Services Tribunal to consider, inter alia, appeals against directions). However, until the coming into operation of rules made under Section 8 of the Tribunals Act 2006, the Financial Services Review Regulations 2001 shall apply to an appeal under Section 32 of the FSA 2008, and a reference to an application for the review of a decision by the FSC shall be construed as a reference to such an appeal and a reference to the Committee shall be construed as a reference to the Financial Services Tribunal (Article 8 of the Financial Services Act 2008 (Appointed Day) Order 2008).

275. This review request and procedure has not yet been applied in the IOM. In practice, as all IOM designation lists match the lists of designated persons in effect in the UK, all de-listing and unfreezing decisions in the UK will automatically be followed in the IOM.

276. Nothing is provided in terms of an intervention of the IOM authorities in a request to the UN Sanctions Committee to de-list and unfreeze assets frozen under UNSCR1267, or a similar request in relation to the EC Regulation. The specific de-listing mechanism of UNSCR 1730 (2006), providing for a designated person to make a request to the 1267 Committee through their State of residence or citizenship (beside the possibility of addressing a focal point at the UN), has not been considered by the IOM authorities. In practice, the IOM authorities liaise on any such action with the competent UK authorities.14

Unfreezing Procedures of Funds of Persons Inadvertently Affected by Freezing Mechanism (c. III.8):

277. There are no specific procedures or legislative provisions dealing with appeals or claims. There is, however, the general obligation of ATCA 2003 Section 52.2 instructing the Treasury to keep a freezing order under review. ATCA 2003 Schedule 9 also provides for the possibility of the freezing order containing provisions for awarding compensation to persons prejudiced by the order.

Access to frozen funds for expenses and other purposes (c. III.9):

278. Access can be provided to funds frozen under the UN Terrorism Order 2001 or the EC Regulations for humanitarian purposes and basic expenses if a license or authorization is granted by the Treasury, as provided for in the relevant orders (Terrorism (United Nations Measures) (Isle of Man) Order 2001 Article 14; EC Regulation 2580/2001, as applied in the IOM. Similar licenses can be granted under the freezing regime of the ATCA 2003 (Section 4 of Schedule 9).

279. There is no provision in respect of a possible access to assets frozen as a result of UNSCR 1267.

Review of Freezing Decisions (c. III.10):

280. As already noted, there are no specific remedies contained in ATCA 2003 with regard to an appeal procedure before a court. There is however the common law IOM remedy of Petition of Doleance to challenge the making by Treasury of such an order. A Petition of Doleance is a specific IOM remedy whereby an applicant would need to show that the Treasury had been unreasonable in the sense that no similar authority would reach the same conclusion in making such an order. The specific procedure involved in such a challenge would involve a petition to the High Court of Justice of the IOM. The court cannot overturn the decision nor substitute it with its own, but can send it back to the Treasury with guidance as to how to review the order. The court can also award damages.

Freezing, Seizing and Confiscation in Other Circumstances (applying c. 3.1-3.4 and 3.6 in R.3, c. III.11)

281. All penal conservatory and deprivation measures of seizure and confiscation or forfeiture that can be applied in respect of FT, (as discussed above in analyzing Recommendation 3), can also be used in relation with terrorist related assets in general. Reference is made to Part III of ATCA 2003 on terrorist property and related offenses and the forfeiture provisions. The deficiencies commented upon in the respective relevant sections of this report also apply here.

Protection of Rights of Third Parties (c. III. 12):

282. There are several ways to protect bona fide third party rights. In the first place they can be taken into account in the freezing order itself made by the Treasury under ATCA 2003 Section 50. In particular, the licensing and authorization possibilities provided by the relevant UN and EC orders, and those provided in ATCA 2003 Schedule 9 particularly serve that purpose. Furthermore there is the possibility to apply for a review by the Review Committee. Finally the Petition of Doleance remedy may provide a means for redress.

Enforcing the Obligations under SR III (c. III. 13):

283. Non-compliance with the freezing orders issued under the ATCA 2003 regime constitutes an offense according to Section 6 of Schedule 9 of the Act, punishable by custody up to two years. The UN Orders 2001 and 2002 provide for penalties that may run to seven years custody. Sanctions for non-compliance with the EC Regulations 2580/2001 and 881/2002 as applied in the IOM must be determined by each Member State (here including the IOM) according to Article 9 and Article 10 respectively. The European Communities (Terrorism Measures)(Enforcement) Regulations 2008 [SD 941/081] and the European Communities (Al-Qaida and Taliban Sanctions)(Enforcement) Regulations 2008 [SD 942/081], which came into effect on November 28, 2008, create the necessary offenses and penalties that provide that breaches of EC Regulations 2580/2001 and 881/2002 as applied in the IOM are punishable by custody for up to two years.

284. In addition, regulatory authorities such as the FSC, IPA, and DHA can apply their own range of sanctions, that could ultimately include revocation of a license. If the noncompliance could be interpreted as an act of supporting terrorism, criminal prosecution for FT could follow.

Analysis:

285. The implementation by the IOM of UNSCRs 1267 and 1373, as well as the 2001 and 2002 EC Regulations, is closely linked to that of the UK. All UK lists become automatically incorporated in the IOM freezing regime. The IOM has little or no input in the decisions taken in this context in respect of designations, delisting and unfreezing.

286. Although this has not yet been used in practice, the IOM has its own listing and freezing provisions in ATCA Part VII. The Act however contains a few accompanying measures, and is insufficient to ensure a comprehensive preventive, pre-investigative approach as required by the international standards. The Orders implementing the relevant UN Resolutions and the EC Regulations, together with already existing legal infrastructure, complete the freezing regime to a large extent.

287. ATCA Section 50 only applies to foreign persons or governments presenting a threat to the interests of the IOM or UK economy or the life or property of IOM or UK residents or nationals. It is not clear on what grounds these restrictions rest, particularly why it was deemed necessary to exclude IOM or UK suspects. Also the “economic interests” of the IOM or the UK that have to be threatened do not necessarily preclude an investment of terrorist related funds in the economy.

288. Based on the ATCA provisions, the specific UN Resolutions and EC Regulations Orders are the legal instruments that provide the basis in the IOM for an assets freezing regime, where the (UK) Treasury, more particularly the Customs and Excise, plays a key role in their implementation. Although the bulk of the international criteria are covered, some issues, mostly of a formal nature, still need to be addressed:

  • No formal procedure is in place to receive and assess requests based on foreign freezing lists, as required by UNSCR 1373;

  • The definition of “funds” subject to freezing does not cover the assets “jointly” or “indirectly” owned or controlled by the relevant persons;

  • A procedure for considering de-listing or unfreezing requests is not provided for in the context of the EC Regulations;

  • The possibility and procedure of access to UNSCR 1267 frozen funds for humanitarian purposes or basic expenses has not been provided for.

Effectiveness:

289. Assets of a designated person have been frozen in a bank account for an amount of GBP 72,924 in 2007, all in the same case. Another case was reported to the FCU in the form of an STR, as there were no more assets to be frozen. These figures, though modest, indicate a certain level of awareness and compliance by the industry.

290. The obligations to introduce extra-ordinary freezing mechanisms, imposed by the supranational bodies, have received an adequate, if not a fully comprehensive, response from the IOM authorities. The system needs to be completed with adequate measures, most importantly in the area of protection of the basic interests and rights of persons affected by the listings. The other deficiencies noted are of a more technical nature.

2.4.2. Recommendations and Comments

  • Put in place a formal procedure governing the receipt and assessment of requests based on foreign freezing lists, as required by UNSCR 1373.

  • Amend the legal framework implementing the UN Resolutions and EC Regulations to expressly extend the definition of ‘funds’ subject to freezing to cover assets ‘jointly’ or ‘indirectly’ owned or controlled by the relevant persons.

  • Amend the legal framework for the implementation of the EC Regulations to provide a procedure for considering requests for delisting or unfreezing.

  • Provide for and publicize a clear procedure enabling access to UNSCR 1267 frozen funds for humanitarian purposes and to cover basic expenses.

2.4.3. Compliance with Special Recommendation III

article image

Authorities

2.5. The Financial Intelligence Unit and its Functions (R.26)

2.5.1. Description and Analysis

Legal Framework:

291. The legal basis for the reporting regime is currently found in CJA 1990 Sections 17A(3) and 17B(5), DTA 1996 Sections 46(3), 47(5) and 48, and the ATCA 2003 Sections 11(2), 12, 13(2), 14 and 26, pursuant to which suspicions are to be reported to a ‘constable’.15 In practice all such reports are directed to the FCU which, as noted, is part of the IOM Constabulary. As for the regulated sector, the AML Code 2008 Section 20(2)(f) specifically refers to a ‘constable who is for the time being serving with the organization known as the Financial Crime Unit’ as the person to whom the Money Laundering Reporting Officer of the covered entities (‘regulated and relevant persons’) should disclose suspicions of money laundering, which for the purposes of the Code includes also suspicions of terrorism financing (Section 2(1) Interpretation).

Establishment of FIU as National Centre (c. 26.1):

292. The FCU acts as the FIU for the IOM. It is a joint police/customs unit supported by civilian personnel. Its specific remit as a receiving and processing agency for ML and FT-related disclosures by the regulated and associated sector is formalized in the AML Code 2008. The FCU has no intermediary function, though the internal organization provides for a two-step process where the analytical section selectively disseminates information to the investigation section of the FCU. Disclosures made by anyone under the reporting rules of the CJA 1990 and DTA 1996 are to the FCU. FT related reports made under the ATCA 2003 provisions, referring to reports to be made to a ‘constable’, are also made to the FCU. The unit has been in operation since 1999 as a result of an organizational restructuring creating specialized sections within the Constabulary. Within its organization it has established a Financial Intelligence Unit (FIU) as a subsection of the unit, which acts as the first reception point of the disclosures and conducts an initial analysis of the information received.

293. The FCU is headed by a Strategic Board consisting of the Chief Constable, The AG and the Collector of Customs. The Strategic Board set out the strategic aims for the FCU, as follows:

  • To protect the Island’s financial reputation and guard its financial community;

  • To ensure that the Island is not seen as a safe haven for the laundering of money or the financing of terrorism; and

  • To provide a one stop of professionals who ensure compliance with the law and with international standards predicated upon removing the profit from crime.

294. The following chart shows the organizational structure of the FCU.

uA01fig01

FCU/FIU STRUCTURE AND RESOURCES

Citation: IMF Staff Country Reports 2009, 278; 10.5089/9781451818499.002.A001

Guidelines to Financial Institutions on Reporting STR (c. 26.2):

295. The FCU encourages the reporting entities to use the disclosure form it has developed. The form is quite detailed (including identification, supporting documents, reasons for suspicion etc.) and, if correctly completed, covers all relevant information necessary to conduct an initial analysis and keep reliable statistics. Although not mandatory, the forms are widely used. The FSC’s AML/CFT Handbook also contains guidance on STR disclosures and the forms to be used for reporting to the FCU. The FIU regularly communicates with the industry, including through seminars and other training sessions, reminding MLROs and other personnel of the proper use of reporting forms, the procedures to be followed and the quality expected. The reporting is still done manually: an on-line system is being considered, but no concrete steps have been taken to automate the reporting system. 16

Access to Information on Timely Basis by FIU (c. 26.3):

296. As a joint police/customs law enforcement unit, the FCU has full and direct access to an extensive range of intelligence databases, including all IOM police and customs registers, and can also access the main UK law enforcement databases. Administrative registers, such as VAT and tax data, are also directly available for consultation.

297. Financial information of a non-public nature is not readily available to the FCU and obtaining such data normally requires court approval if it is to be used in evidence. Collection of information held by financial institutions for intelligence purposes is possible only on an informal basis.

298. With regard to data access and usage, the terms of Section 25(3) of the Data Protection Act 2002 have to be observed. In all cases, information can be collected and used only for the purpose of prevention and detection of crime.

299. The FIU also utilizes internet-based search engines and databases to assist in its analysis and information gathering (data-mining) and consults commercial databases such as World Check, Experian, and C6.

Additional Information from Reporting Parties (c. 26.4):

300. As a law enforcement unit, the police and customs officers working within the FCU can use the information-gathering powers conferred on them by Sections 11–25 of the Police Powers and Procedures Act (PPPA), Sections 1(2), (3)(f), and 52–54a of DTA 1996 and Sections 17J, 24, and 25 of CJA 1990. With regard to FT, Sections 18, 24, 25, 31, 32 and Schedules 4, 5, and 6 of the ATCA 2003 provide relevant powers to FCU officers. As a rule, the use of these powers requires the approval of a magistrate or court, except in hot pursuit cases. These powers are, however, primarily intended to be used for investigative purposes and for collecting evidence. Non-compliance with the resulting production or similar orders can carry criminal sanctions.

301. When additional information is sought only for intelligence and/or analytical purposes, none of the above provisions apply and there are no direct powers provided to the FCU. The information is then supplied on a voluntary and informal basis, and any such request cannot be enforced. It appears however that the entities subject to the AML Code 2008 take a cooperative approach towards such requests, including queries made regarding beneficial ownership, not least to protect their reputations. The FCU informed the assessors that requests to reporting entities in general—whether or not to the original reporting party—to update or supplement information do not generally give rise to objections. Incomplete or deficient disclosures are returned to reporting entities for correction or proper completion.

Dissemination of Information (c. 26.5):

302. All STRs are analyzed by the FIU section within the FCU. The analysis mainly implies checking the databases at hand, making further enquiries to complete the picture, and comparison with ML and FT typologies. Exchange of information with counterpart FIUs and conferring with the IOM regulatory authorities are important elements of this process. If the FIU finds that a suspicion is grounded, the information is passed on to the investigators of the FCU.

303. Dissemination of the disclosed information is restricted. In principle it requires the consent of the person who supplied the information, except in the case of dissemination to domestic judicial, law enforcement, and regulatory authorities. FIU information can also be supplied to foreign law enforcement and prosecution authorities (CJA 1990 Sections 17H and 171). As a practical arrangement the FIU has entered into Memoranda of Understanding to facilitate the exchange of information with domestic competent authorities, such as the FSC and the Tax authorities.

304. When disseminated, the information is at the discretion of the authorities to be used for the investigation and prosecution of any offense and is not restricted to ML or FT purposes.

Operational Independence (c. 26.6):

305. Although part of the IOM Constabulary, the FCU operates quite independently. This obviously does not preclude an effective interaction with other segments of the law enforcement community, but the structure and budget of the unit ensure a distinct degree of operational autonomy, even if the FCU personnel are seconded from their parent organizations and still work in partnership with them. The relative size of the FCU compared to its parent organizations and the investments made in the FCU show the importance of its role for the authorities. The operational independence and impartiality of the FCU is further protected by the multidisciplinary composition of its Strategic Board.

306. The FCU budget is separate from the police budget and is provided by the IOM Treasury to the DHA (which is responsible for the IOM Constabulary). The budget is further delegated and controlled by the Head of the FCU.

307. Operationally, the FCU works closely with the Constabulary, especially the Drug Trafficking Unit (DTU) in pro-active money laundering investigations involving drugs. It also has access to and liaises closely with other units within the Constabulary such as the Force Intelligence Bureau, Covert Operations, and the Constabulary’s other investigative wings, including the Criminal Investigation Department.

Protection of Information Held by FIU (c. 26.7):

308. All FCU information is registered in the Government/Police secure computer server and can only be accessed by authorized personnel. Dissemination of information is covered by legislation (CJA 1990 Sections 17G–I, DTA 1996 Section 50, ATCA 2003 Sections 56–57, and the Data Protection Act), together with internal FCU policies and procedures. Police Officers employed within the unit are also covered by Police Disciplinary Regulations covering the improper disclosure of information. Customs officers and civil servants attached to the FCU are required to comply with IOM Civil Service Regulations for disciplinary matters and the Official Secrets Act protecting the confidentiality of the information.

309. FlU-specific information, such as STRs and information from foreign FIUs, is also stored on the police computer. Access is restricted to the FIU analysts and supervisors. It is shielded from direct access by other investigators by ‘interest markers’, so any information release has to be cleared by the Head of the FCU/FIU.

Publication of Annual Reports (c. 26.8):

310. The FCU produces annual statistics on STR information which are published, pursuant to the provisions of the Police Act 1993, in the report of the Chief Constable of the IOM which is a publicly available document. The report can be viewed at www.gov.im/dha/police.

311. Typologies and trends are fed back to the industry through lectures and presentations given by the FCU and in joint presentations and seminars with the regulatory authorities. Advisory Notices are also produced and circulated to licenseholders on the latest threats, offenders, or trends. Typology information is communicated to the industry through the respective regulatory authorities, regular press releases, and lectures. Case feedback is also given as appropriate.

Membership of Egmont Group (c. 26.9):

312. The FIU has been an active member of the Egmont Group since 2000.

Egmont Principles of Exchange of Information Among FIUs (c. 26.10):

313. The FIU is fully committed to the Egmont Group and its Statement of Purpose and its Principles for Information Exchange. The FCU contributes to the running costs of the Egmont Group Secretariat, has access to the Egmont Secure Web, and attends the plenary sessions.

Adequacy of Resources to FIU (c. 30.1):

314. The structure chart below adequately shows the FCU’s operational independence and autonomy. The FCU, which incorporates the FIU, has its own premises and is housed separately from the premises of the Police and Customs. The personnel are fenced from their parent organizations operational duties, enabling them to concentrate full time on their duties within the FCU/FIU. The Unit has its own vehicles at its disposal.

315. The current budget for the Unit including salaries and allowances is a sizeable percentage of the budget for the whole Constabulary. This budget is separate from the overall police budget and for the sole use of the Unit. It includes budgets for the training and development of staff, IT systems and equipment. It also includes travel and expense allowances. The Head of the Unit controls the proper use of the budgetary resources.

316. The FCU utilizes and has access to a wide variety of IT resources and datasets. It uses the Isle of Man Constabulary’s IT system for its information management regarding STRs and uses other in-house IT systems, including analytical tools.

Integrity of FIU Authorities (c. 30.2):

317. All personnel are subject to vetting checks on employment and are security cleared to ‘secret’ level and are also subject to the Official Secrets Act as well as the legislative requirements regarding confidentiality.

318. FCU personnel are appropriately skilled and trained for their respective roles, maintain high professional standards, and undertake professional development courses and training courses throughout their careers. Training of personnel is considered by the FCU to be a priority, with a sizeable part of the budget focused on staff training and development.

Training for FIU Staff (c. 30.3):

319. Personnel recruited to the FCU are primarily from experienced detective backgrounds and have usually undergone criminal investigation training. They are subject to an application process which is evidence based, requiring them to show a competent level of skill in particular areas that are required for their role within the FCU. Personnel within the FIU receive additional training, including professional qualifications in compliance and anti-money laundering.

320. Some of the other courses undertaken by FCU/FIU staff include national terrorism financial investigation, national fraud courses, criminal investigation, suspect interviewing, check and credit fraud, financial investigators, bookkeeping, fraud examiners, high-tech courses including data analysis, and internet investigators.

Statistics (applying R.32 to FIU):

321. Detailed statistics are kept on the number of STRs, their sources, grounds for suspicion, nationality of the subjects, and other relevant information. The figures for the period 2004-2007 are set out in the analysis in this report of Recommendation 13. They do not indicate, however, the number of STRs that triggered an investigation. The number of investigations resulting from the reporting system was estimated at six cases over the last two years.

Analysis:

322. The formal foundations of the FCU as the central authority for the IOM to receive all suspicious transactions, subject them to an analytical process, and disseminate them to the competent authorities have not been embedded in specific primary legislation. The POCA 2008, in force from August 1, 2009, formally appoints the FCU as the FIU. This current lacuna has not prevented the FCU from organizing itself successfully in such way as to adequately implement the functions and responsibilities of an FIU.

323. The FCU has incorporated the specific duties and characteristics of an FIU by creating within its internal structure a special and distinct FIU team, so that a clear distinction can be made between the functions of the FCU as an intelligence unit and those as an investigative law enforcement body. This is especially important in the conduct of the external relationships of the FCU with foreign FIUs. This clear division of tasks is also operationally effective in that the FIU fulfills a selective and pre-investigative function in filtering out reports that do not warrant further investigation and adding value to the STR information received to prepare the case for further investigation, where the analysis reveals sufficient indications. The separation between the intelligence and investigative functions of the FCU is equally important for developing a relationship of trust between law enforcement and the reporting entities, who can rely on the FIU to screen their reports for quality and relevance before deciding on a formal investigation. The relationship with the industry was observed during the assessment to be open and constructive.

324. The human and financial resources allocated to the FCU reflect the serious commitment of the IOM authorities to protecting the reputation of the financial center. The assessors noted the professional level of the FCU staff and their specific training and background in AML/CFT matters. The multidisciplinary approach of combining the expert knowledge of the police and customs officers, the analysts and the legal assistants at operational level, together with the balanced composition of the Strategic Board, are commendable. The informal basis on which the FIU collects additional information for analytical purposes offers flexibility and has been demonstrated to be effective in practice. However, such access to additional information depends on the goodwill and reputational awareness of the reporting entities; in the case of refusal of the informal request, the FCU would have to refer to the Courts and make use of its statutory investigative powers. As noted, the investigative processes are subject to formal requirements and procedures for the collection of evidence, and consequently are not generally available or suitable for use in the analytical stage. The FCU can and does share information successfully with its counterparts (as analyzed in this report for purposes of R. 40), as long as the case is still at the pre-investigative stage.

Effectiveness:

325. The statistics spanning a period of four years (2004/05–2007/08) show active reporting levels by the financial sector, ranging from 2,315 disclosures in 2004 to 1,555 in 2007/08. The numbers for 2008 are expected to remain at a similar level. The statistics show a marked decrease in STR reporting in 2006, but the number has stabilized since. The lower reporting level in 2006 was explained as being the result of an increased emphasis on quality. The FCU at the time took action against defensive reporting and rejected a number of them as insufficient and/or incomplete. The change in trend may also have been related to the timing of a South African tax amnesty which, coupled with the introduction of the EU Tax Savings Directive, caused a spike in reporting in the IOM in 2005. Some instances of non-compliance with reporting requirements have been reported to the regulatory authorities, which took appropriate action, serving as a warning to the sector.

326. The number of STRs resulting in an investigation (six in two years) is disappointingly low, especially taking into account that over the years only two prosecutions have been instituted in cases that originated with an STR. The proportionally modest amounts of effective asset recovery (as noted in the analysis for R3) also raises a question on the role the FIU can or should play in this area. Therefore, when measured in terms of concrete results from the overall system, effectiveness is an issue.

327. There may be several reasons explaining the low levels of cases and asset recovery, but one of the main factors is that, considering the offshore nature of the IOM financial industry, quite a number of disclosures relate to foreign predicate activity, with the proceeds coming to the IOM. Consequently the FCU/FIU is to a great extent dependant on the assistance received from its counterparts abroad, which is not always forthcoming or does not add much relevant information. Also relevant to an analysis of effectiveness is the positive impact of the frequent dissemination of information by the FIU/FCU to the competent authorities of other jurisdictions, to assist in their analysis.

328. There are no indications of lack of timeliness or unreasonable delays in the processing of STRs due to internal structural factors. Delays are sometimes incurred where the FIU has to depend on external sources, such as its foreign counterparts. In this context, further steps could be taken and measures introduced to improve overall effectiveness, particularly as regard asset recovery where the assets have not yet been removed from the IOM. One possibility would be to endow the FCU/FIU with the power to freeze transactions; another is the requirement for prior consent of the FCU/FIU to release funds that are the subject of an STR that will be introduced on the coming into force of the POCA 2008. The prerequisite for improved effectiveness remains, however, the timely reporting by the sector itself regarding which some questions are raised in the analysis of Recommendation 13.

329. As noted, there is a weakness in the information gathering capacity of the FCU when acting as an FIU. The FIU should, according to the FATF standard, have direct or indirect access to financial and other additional information to adequately perform its functions. In the IOM, the direct process at FIU level is informal and voluntary. Access to such information could be available through a court application but this is an investigative measure that will normally only be considered by the judge if the case is at a sufficiently high evidentiary stage. Although rather theoretical at the time of the assessment as the FCU informed the assessors that no refusal has yet been encountered, the informal nature of the current access to additional information could be open to challenge and affect the information gathering capacity of the FIU for analytical purposes. Therefore, consideration should be given to providing for a formal (additional) information gathering process at FIU level.

330. Overall, the FCU/FIU is adequately performing its role as a key player in the AML/CFT system. It has developed a relation of trust and openness with the financial sector, which is also an important factor explaining the acceptable volume of STRs. Everything is in place to ensure that the STRs are appropriately dealt with in a focused and professional manner. The clear separation between the intelligence and the investigative side of the handling of the reports is particularly significant.

331. By contrast, the low number of STRs that result in investigations, and ultimately in a prosecution, raises a serious effectiveness issue that needs to be addressed. The fact that the FCU/FIU makes relevant information readily available to foreign counterparts is a positive factor, but does not sufficiently address the low level of results from the domestic system. This is a challenge for the authorities as a whole and not just for the FCU/FIU. Nonetheless the FCU/FIU should examine possible new ways to enhance its performance in terms of cases for investigation and asset recovery. The planned increase in numbers of qualified FCU/FIU staff (already approved by the authorities) is a good step in that direction, as is the proposed requirement for prior FCU/FIU consent for release of funds that is part of the POCA 2008 innovations.

2.5.2. Recommendations and Comments

  • The authorities should supplement the current informal arrangement by providing formally for access by the FIU to additional information held by covered entities, for use in its analytical work.

  • The FCU and other authorities should implement steps to improve the effectiveness of the reporting system to support an increase in the number of investigations and (potentially) prosecutions and in funds and other assets frozen.

2.5.3. Compliance with Recommendation 26

article image

2.6. Law enforcement, prosecution and other competent authorities—the framework for the investigation and prosecution of offenses, and for confiscation and freezing (R.27, & 28)

2.6.1. Description and Analysis

Legal Framework:

332. The legal framework for the investigation and prosecution of ML and FT offenses and for related seizure and confiscation measures is provided by the CJA 1990 (non-drug crimes related ML), the DTA 1996 (drug related ML), the ATCA 2003 (FT and related ML). The Police Powers and Procedures Act (PPPA) 1998 covers their investigative powers and the conservatory measures taken during a police investigation.

Designation of Authorities ML/FT Investigations (c. 27.1):

333. The following law enforcement authorities are, generally or particularly, charged with the investigation of ML/FT offenses:

334. The IOM Constabulary is primarily responsible for the investigation of all offenses. Specialized units within the Constabulary deal with specific criminality areas, such as drug trafficking. All cases related to ML and FT are allocated to the investigation branch of the FCU. As noted, the inherent powers of a constable in respect of stop and search, entry, search and seizure, arrest, and detention are set out in the PPPA 1998. Specific powers are conferred on police officers by the CJA 1990 and DTA 1996 or are supported by a court order.

335. Officers of Customs and Excise Division are empowered by provisions of the Customs and Excise Management Act 1986 to administer, investigate, and enforce the various provisions of the customs and excise legislation and other legislation in respect of “assigned matters”. Assigned matters include drug trafficking and money laundering related to Customs offenses, (such as indirect tax, VAT carousels, and smuggling), and enforcement of UN and EU sanctions, particularly in relation to terrorism assets (section 184(1) of the Customs and Excise Management Act 1986).

336. Effectiveness considerations resulted in the establishment of the FCU as a joint police and customs department, comprising officers of the Constabulary and officers of Customs and Excise Division of Treasury. The unit is responsible for the investigation of financial crime, particularly ML and FT. Officers of the FCU who are officers of the IOM Constabulary have the powers of a constable in respect of all offenses; officers of the FCU who are officers of the Customs and Excise Division have the powers of a Customs Officer in respect of assigned matters. A new Section 77A was inserted into the PPPA 1998 by the POCA 2008 with effect from October 22, 2008, allowing customs officers at the FCU, when authorized in writing by the AG, to have the powers of a constable in relation to their work at the FCU. The AG signed the necessary authority on November 12, 2008 for officers working at, or available to work at, the FCU to have the powers of a constable in relation to their work at the FCU.

337. Prosecution is primarily in the hands of the AG and his staff of prosecutors (five at the time of the assessment but increased to seven subsequently). Distinction is made between summary proceedings where the prosecution may be handled by a police officer17 and proceedings on information for the more serious cases, which would normally include ML and FT (such as the cases that ended up in a conviction), that are dealt with by prosecutors.

338. The AG’s Chambers provides legal advice and expert assistance in all financial investigations including ML and FT. There are currently two full time dedicated legal officers supporting the FCU. The AG also advises the Chief Minister in relation to decisions relating to the interception of communications (Interception of Communication Act 1988).

Ability to Postpone / Waive Arrest of Suspects or Seizure of Property (c. 27.2):

339. The PPPA 1998 provides a power to arrest and seize. The power is not a duty and the exercise of that power can be deferred, postponed, or waived for the purposes of identifying persons involved in criminal activities or for evidence gathering. Deferring the arrest of suspected persons or seizure of criminal items or assets is a common law enforcement practice aiming at maximum effectiveness. It is the responsibility of the officer in charge of the investigation to decide on arrests, which may entail allowing an illegal situation to continue in a controlled way. Postponement of arrest to achieve maximum results is not exceptional in drug trafficking cases.

Additional Element—Ability to Use Special Investigative Techniques (c. 27.3); Additional Element—use of Special Investigative Techniques for ML/FT Techniques (c. 27.4):

340. Measures are in place providing law enforcement or prosecution authorities with an adequate legal basis for the use of a wide range of special investigative techniques when conducting investigations of ML or FT. Key legislation in this area includes the provisions of the Interception of Communications Act 1988 Sections 2–7 which allow the interception of communications on obtaining a warrant signed by the Chief Minister and the detailed provisions of the Regulation of Surveillance etc. Act 2006 which provide for the authorization of surveillance and human intelligence sources, including directed and intrusive surveillance and covert human intelligence sources (undercover operations). Controlled delivery of the proceeds of crime or funds intended for use in terrorism is not prohibited by IOM legislation and is therefore permitted, as is the deferment of arrest, provided that the decision to do so is reasonable in all the circumstances. These powers have not been used yet in ML or FT cases.

341. The provisions of CJA 1990 Section 17A and 17B offer a degree of protection to employees of financial institutions who co-operate with the police when techniques such as controlled delivery are used. These provisions allow a person to assist another to retain the benefit of criminal conduct or acquire or use the proceeds of criminal conduct, provided he obtains the consent of a constable to do so.

342. Officers of the FCU have undergone training as financial investigators and specialize in investigating the proceeds of crime. They, together with legal officers of the AG’s Chambers focus on the investigation, seizure, freezing, and confiscation of the proceeds of crime.

Ability to Compel Production of and Searches for Documents and Information (c. 28.1):

343. In respect of CDD and other relevant information held by financial and other entities subject to AML/CFT requirements, there are several legal provisions giving police officers the power, through application to the courts, to obtain such information and search premises at any stage of the investigation under DTA 1996 Sections 1(2), (3)(f), and 52-54a, together with CJA 1990 Sections 17J, 24, and 25. Also the provisions of PPPA 1998 Sections 11–25 on searches and seizure apply.

344. With regard to FT, ATCA 2003 Sections 18, 24, 25, 31, 32 and Schedules 4, 5, and 6 provide for account monitoring orders, search warrants, and financial information orders, issued by the appropriate Court at the application of a constable.

345. CJA 1990 Sections 24 and 25 give the AG special powers to obtain evidence without a court order in respect of serious or complex fraud, wherever committed. The AG has the power to require the production of evidence and it is an offense to refuse to comply.

346. The powers outlined above are also available to Customs Officers who are included within the definition of ‘Constables’ within the Acts.

Power to Take Witnesses’ Statement (c. 28.2):

347. All law enforcement officers are entitled and have the power to take down statements of witnesses. This common authority is inherent to the function of a police or customs officer, and is imbedded in the general principles of criminal law and procedure.

348. Adequacy of Resources to Law Enforcement and Other AML/CFT Investigative or Prosecutorial Agencies (c. 30.1):

349. The Police is operationally independent and no instances of undue political influence or interference are on record. The Constabulary is a department covered by the DHA which also looks after the fire brigade, probation, civil defense, and prison. The IOM Constabulary comprises 293 full time officers and is as a whole committed to fight criminality, including ML and FT. Section 4(3) of the Police Act 1993 specifically prevents any interference with the discipline and disposition of the Police Force.

350. The AG’s Chambers comprised five prosecutors at the time of the assessment. With the anticipated coming into force of the POCA 2008 and the expected increase of the workload as a consequence of the introduction of the civil recovery regime, two additional prosecutors were subsequently recruited.

Integrity of Competent Authorities (c. 30.2):

351. Personnel recruited by the Constabulary are put through a stringent recruitment process involving several interviews, background checks, and team building exercises. Once recruited they are subject to a 10 week period of training in law and other skills followed by a period of tutoring by an experienced officer. The officer then has to serve a minimum of two years probation which, when passed, allows them to apply to be assigned to specialized departments.

Training for Competent Authorities (c. 30.3):

352. The Drug Trafficking Unit has received training in AML/CFT from the FCU and has also trained financial investigators for drug profit confiscation enquiries. It is an operational policy for any drug investigation to give attention to the financial aspects.

353. Training has been given regarding the POCA 2008 to enable all officers to be aware of the legislative powers to prevent/detect and deter ML and other relevant provisions. This has been done by placing the subject on sergeants’ development courses, involving direct training input from a member of the FCU. Further briefings have been provided to specialized departments such as the Drug Trafficking Unit.

Statistics (applying R.32):

354. Statistics are kept at the FCU in respect of the number of investigations and prosecutions in relation of ML where persons have been arrested. The FCU informed the assessors that two prosecutions to date have been based on cases where the investigation was triggered by an STR.

355. Overall, the law enforcement authorities are adequately resourced and trained. They have a sufficient legal arsenal at their disposal to conduct investigations. In respect of the effectiveness of the ML and FT investigations, the effectiveness issues raised in relation with the FCU/FIU are also relevant to an analysis of law enforcement aspects.

356. As for the judicial side, the limited number of successful prosecutions points to a lack of effectiveness of the overall system. There are some legal deficiencies, as noted under Recommendations 1 and 2 above, but these are not the decisive factor. More effort and emphasis is needed on the development of case law on stand-alone money laundering, in situations where the prosecution is not so dependent on the need to collect evidence outside its jurisdiction.

2.6.2. Recommendations and Comments

  • The authorities should implement steps to improve effectiveness by seeking to increase the number of investigations and prosecutions pursued domestically.

2.6.3. Compliance with Recommendations 27 & 28

article image

2.7. Cross Border Declaration or Disclosure (SR.IX)

2.7.1. Description and Analysis

Legal Framework:

357. The IOM introduced secondary legislation (European Communities (Cash Controls) (Application) Order 2008) (‘the Order’) to apply a cross-border cash control regime to comply with EC Regulation 1889/2005 of the European Parliament and of the Council of October 26, 2005 (‘the EC Regulation’). The Order came into effect on June 1 2008. Penalties for non-compliance with the Order are provided for by the Cash Controls (Penalties) Regulations 2008.

358. The Proceeds of Crime Act 2008 (Appointed Day)(No. 1) Order 2008 [SD 743/08] brought Part 8 of the Act into operation, inserting the new Part VA into the Customs and Excise Management Act 1986, and replacing the Order with effect from October 22, 2008. The Customs and Excise (Cash Declaration and Disclosure) Order 2008 [SD 745/08] prescribed the form for the declaration of cash entering or leaving the IOM with effect from November 1, 2008. The new cash declaration regime came into operation on November 1, 2008, with the revised Public Notice and new form made available at the airport and sea terminal and on the Customs and Excise website.

359. Mechanisms to Monitor Cross-border Physical Transportation of Currency (c. IX. 1):

360. The IOM opted for a declaration system, in line with the regime in force at the external borders of the EU, which imposes an obligation on persons importing into or exporting from the IOM cash and bearer-negotiable instruments to a value of EUR10,000 or more to make a report to Customs and Excise. Import and exports by post, courier (fast parcel/packet) services and freight are, in principle, covered by the same legal provisions as apply for import and export by travelers (Section 15 of the Post Office Act 1993; Section 76 Customs and Excise Management Act 1986). It should be noted that movements of goods by mail between the UK and IOM are not regarded as imports or exports under the customs legislation in both jurisdictions, but are treated as “domestic”. Interference with mail moving between the UK and IOM is only permitted by court order, unless the packet has been detained by the Post Office under its own powers because it contains something which Post Office regulations say cannot be sent by post (including drugs, noxious substances, explosives etc.), or if it contains contraband that got into the UK by evasion of customs controls there (e.g. tobacco smuggled into the UK from a third country and then mailed on to the IOM).

361. The declaration regime applies to the physical transportation of:

  • currency in any denomination,

  • bearer-negotiable instruments (such as travelers’ checks),

  • negotiable instruments (such as money orders, checks and promissory notes) that are either in bearer form, endorsed without restriction, made out to a fictitious payee or otherwise in a form such that title passes upon delivery, and

  • incomplete negotiable instruments (that are signed, but with the payee’s name omitted).

362. At the time of the on-site visit two such declarations had been made (importation of GBP30,300 and GBP15,000, respectively, in cash). Three more declarations have been received subsequently (two outgoing and one incoming - none of then gave rise to suspicions).

Request Information on Origin and Use of Currency (c. IX.2):

363. As a general rule, Section 79(4) of the Customs and Excise Management Act 1986 allows a customs officer to put questions to anyone entering or leaving the IOM in all circumstances. This would include any questions on the origin of the money when there are any doubts regarding its legality. Failure to declare or filing an incomplete or incorrect report could raise such suspicions. With effect from October 22, 2008, Part VA of the Customs and Excise Management Act 1986 provides explicit powers for customs officers to question persons and to proceed to search them, their luggage, and their means of transportation.

364. The Proceeds of Crime Act 2008 (Appointed Day)(No.l) Order 2008 [SD 743/08] brought Part 8 of the Act into operation, inserting the new Part VA into the Customs and Excise Management Act 1986, with effect from October 22, 2008. It provides enhanced powers for customs officers, with explicit powers to question persons and to proceed to search them, their luggage, and their means of transportation. Although the European Communities (Cash Controls) (Application) Order 2008 was already interpreted as covering sea and air cargo, now the scope of the declaration obligation is explicitly extended to situations where cash is not actually being ‘carried’ with or on the person but is contained in goods, or in a vehicle, ship, or aircraft (Section 76 Customs and Excise Management Act 1986).

Restraint of Currency (c. IX.3):

365. Filing a false or incomplete declaration does not in itself warrant the restraint or seizure of the cash. If however there are reasons to believe that the cash might be the proceeds of crime or might be used for criminal purposes the cash may be seized under DTA 1996 Section 39, or CJA 1990 Section 23A (which becomes POCA2008 Section 46 with effect from August 1, 2009). This is a general power for law enforcement officers, irrespective of the amount.

366. CJA 1990 Section 76G, introduced by the POCA 2008 (Schedule 5) with effect from October 22, 2008, now specifically authorizes Customs to seize the cash, if more than (the equivalent of) EUR10,000 is being carried, and:

  • the person has refused to make a disclosure;

  • the officer reasonably suspects the disclosure is false in a material particular (i.e., excluding minor inaccuracies);

  • evidence has been required from the person but not produced, or does not support the information given by the person; or

  • the officer reasonably suspects that the cash is property obtained through unlawful conduct or is intended for use in money laundering, other unlawful conduct or terrorism.

Retention of Information of Currency and Identification Data by Authorities when appropriate (c. IX.4):

367. All information contained in the declarations is stored in the Customs database. Sections 174B and C of the Customs and Excise Management Act cover the interaction between the Customs and other law enforcement authorities in respect of information access, allowing mutual information exchange for law enforcement purposes subject to the provisions of the Data Protection Act 2002.

Access of Information to FIU (c. IX.5):

368. On the basis of the above provisions a copy of the declarations and details of any false declaration or suspicions are to be forwarded to the FCU. There is no formal and specific provision making such communication to the FCU mandatory; the customs officers at the FCU automatically have access to the declaration registered on the Customs database.

Domestic Cooperation between Customs, Immigration and Related Authorities (c. IX.6):

369. Coordination for law enforcement purposes between the relevant authorities is a matter of common practice, particularly enhanced by the comparatively small size of the IOM’s law enforcement community, who operate in a close working environment with established points of contact for the exchange of information. As already pointed out, the Customs and Excise Management Act provides the formal legal basis for the cooperation in all matters related to the cross-border cash transportation regime. Coordination between the Customs18 and Police is structured within the FCU, which would deal with all AML/CFT issues arising from the declaration system.

International Cooperation between Competent Authorities relating to Cross-border Physical Transportation of Currency (c. IX.7):

370. Section 174B of Customs and Excise Management Act 1986 also specifically refers to international cooperation, where it states that Customs and Excise is able to cooperate with other authorities in exchanging information or documents for broad criminal investigation or proceedings purposes, whether in the IOM or elsewhere.

371. In addition, the IOM Customs participate in the global information exchange network based on bilateral and multilateral Customs agreements. Due to the IOM’s special relationship with the EU and Customs membership of the Customs Union, many of the EC regulations governing exchange of information on customs, excise, and VAT fraud are applicable in the IOM, along with other relevant Conventions such as the Nairobi Convention, the 1998 Vienna Convention, the Naples II Convention, and the CIS Convention.

Sanctions for Making False Declarations / Disclosures (applying c. 17.1-17.4 in R.17, c. IX.8

372. Non-compliance with the European Communities (Cash Controls) (Application) Order 2008 is penalized according to the Cash Controls (Penalties) Regulations 2008, replaced since October 22, 2008 by Schedule 5 of the POCA 2008.

373. Part VA (Sections 76A to 76H) was inserted into the Customs and Excise Management Act 1986 through the POCA 2008 (Schedule 5). Any ‘refusal’ to declare or disclose and any untrue declaration or disclosure will be penalized:

  • 1) on summary conviction, by custody for a term not exceeding six months or by a fine not exceeding GBP5,000, or both; or

  • 2) on conviction on information, by custody for a term not exceeding two years or by a fine, or both.

The ‘refusal’ should be understood as any kind of willful non-declaration, excluding negligence. In addition Section 76G provides for the possibility to seize any cash ‘to which the refusal, declaration, disclosure…, relates’, irrespective of the amount.

374. Disclosures were required under the interim regime only from ‘natural’ persons, the same requirement as set out in the EC Regulation and applying in EU Member States.

Sanctions for Cross-border Physical Transportation of Currency for Purposes of ML or TF (applying c. 17.1-17.4 in R.17, c.IX.9):

375. Depending on the evidentiary value of the available information and elements, the ML and FT-related criminal procedure and code provisions will apply, and criminal charges can be brought against the person also within the context of the cross-border declaration regime.

Confiscation of Currency Related to ML/FT (applying c. 3.1-3.6 in R.3, c. IX.10):

376. Police and customs officers are empowered to seize cash, when persons are entering or leaving the IOM, where there are reasonable grounds to suspect it may be linked to crime (CJA 1990 Section 23 A and DTA 1996 Section 39), including ML and FT. With the coming into operation of Part 1 of the POCA 2008 effective October 22, 2008, the scope of these powers has been extended to any situation or place where an officer is lawfully present anywhere in the IOM. In addition to the forfeiture and conviction measures provided for in the CJA and ATCA, a forfeiture decision can also be issued by the High Bailiff, if so warranted.

Confiscation of Currency Pursuant to UNSCRs (applying c. III.1-III.10 in SR III, c. IX. 11):

377. Persons crossing the border with funds subject to the UNSCR 1267 and 1373 sanctions, or attempting to do so, are in breach of the legislation imposing those sanctions. Furthermore, the cash would be liable to seizure by police or customs under CJA 1990 Section 23A or ATCA 2003 Schedule 3, and potentially to confiscation depending on the evidentiary value of the available elements.

Notification of Foreign Agency of Unusual Movement of Precious Metal and Stones (c. IX.12):

378. Customs and Excise has available a wide array of provisions allowing it to exchange information with other countries and territories which they use in practice in dealing with an unusual or suspicious movement of high value goods. As well as applicable EU legislation permitting mutual assistance in customs matters with EU Member States (Council Regulation (EC) No. 515/97), and EU-third country customs mutual assistance agreements (which have application in the IOM under Protocol 3 to the UK’s Act of Accession to the European Community), Section 174B, Customs and Excise Management Act 1986 deals, inter alia, with the disclosure of information to any agency anywhere for the purposes of:

  • ‘(a) any criminal investigation whatever which is being or may be carried out, whether in the IOM or elsewhere;

  • (b) any criminal proceedings whatever which have been or may be initiated, whether in the IOM or elsewhere;

  • (c) initiating or bringing to an end any such investigation or proceedings, or of facilitating a determination of whether it or they should be initiated or brought to an end.’

Safeguards for Proper Use of Information (c. IX.13):

379. The holding, recording and dissemination of information is subject to the IOM’s Data Protection Act 2002. This Act transposed the EC Data Protection Directive 95/46/EC. Access is only permitted for law enforcement purposes to the relevant authorities (Sections 174 B and C Customs and Excises Management Act 1986).

Statistics (applying R.32):

380. No computerized database has been established by Customs and Excise to date. At present, the statistics can be maintained manually, considering the limited number of declarations (five since June 1, 2008). The declarations are also recorded in the FCU/FIU database.

Analysis

381. In regard to cash transportation by mail, there is an issue of compliance with the SR.IX in that the current requirements do not extend to mail between the UK and the IOM, which may also undermine the effectiveness of the measures now in place.

382. While the cash declaration system in place at the borders of the IOM largely corresponds with the international standard, a small reservation related to the proportionality and dissuasiveness of the sanctions in comparison with other jurisdictions where the non-declaration, as such, can be sanctioned by seizure. Part VA of the Customs and Excise Management Act 1986 addressed this issue with effect from October 22, 2008 and provides for a new regime for cash declarations with stiffer sanctions, including seizure. Although not a point of substance, the assessors noted that the IOM declaration threshold of more than EUR10,000 is not technically in full compliance with the EU Regulations which refer to amounts of EUR10,000 or more.

2.7.2. Recommendations and Comments

  • The cross-border control requirements should be extended to cover cash transportation by mail between the UK and the IOM.

2.7.3. Compliance with Special Recommendation IX

article image

3. Preventive Measures — Financial Institutions

Customer Due Diligence & Record Keeping

3.1. Risk of money laundering or terrorist financing

383. As noted in section 1 of this report and as acknowledged by the IOM authorities, some characteristics of the IOM financial system point to an elevated potential for abuse for ML or FT purposes. While in reality not all of this business is high-risk, much of it would fall within the range of categories suggested by the FATF Methodology as examples of higher-risk business, including as follows:

  • The authorities indicated that more than 90 percent of the customer relationships and of financial service business conducted are on a non face-to-face basis for nonresidents of the IOM19;

  • In many cases the business relationship is established through introducers (IOM or foreign) that are subject to varying levels of regulation, depending on their origin. Subject to certain controls, IOM financial institutions are permitted to rely on the introducers to conduct CDD on their behalf;20

  • Financial services provided include private banking facilities for non-residents; and

  • The use of legal persons and arrangements such as trusts is prevalent, both as asset-holding vehicles and as part of more complex structures that have the potential to create an additional challenge for IOM financial institutions in fulfilling the requirement to accurately identify the customer and the ultimate beneficial owner or controller.

384. The above characteristics are among those taken into account in the analysis in sections 3 and 4 of this report, in assessing whether the IOM’s AML/CFT regime provides adequately for enhanced due diligence for higher-risk customers and business and is being implemented effectively.

385. The IOM authorities informed the assessors that they have not sought to exclude any of the categories of financial business or types of institutions set out in the FATF Methodology from the scope of the AML/CFT provisions on the basis that they might represent a proven low risk of ML or FT. However, as noted in section 4 of this report and in the analysis of Recommendations 33 and 34, an effective de minimis threshold is applied in determining whether a person provides relevant services ‘by way of business’21 and thus falls to be licensed under the FSA 2008 and subject to monitoring of their compliance with the AML/CFT requirements. The exemption allows for trust and corporate service providers to conduct an otherwise regulated activity without a license if the level of activity is below a certain threshold.

386. As described in Section 1 of this report, the IOM authorities have recently formalized the availability to financial institutions of an overall risk-based approach, for which purpose the financial institutions are required to conduct a detailed risk analysis. This provides financial institutions with some discretion for prioritization in the day-to-day implementation of the detailed CDD requirements. The requirements and their implementation are analyzed in detail in sections 3 and 4 of this report. Where appropriate to particular assessment criteria, reference is included as to whether or not the available risk-based approach is consistent with the applicable FATF Recommendations.

Legal framework

387. Since the last IMF AML/CFT assessment of the IOM in 2002/3 the authorities have revised and expanded significantly the legislative basis for AML/CFT measures both in response to the recommendations of the 2003 assessment report and to reflect the substantial changes in the FATF Recommendations, as revised in 2004. The current provisions are outlined below and analyzed in detail in sections 3 and 4 of this report.

388. Under the 2004 Assessment Methodology for the FATF Recommendations, an asterisk applied to a criterion indicates that the relevant measures must be in law or regulation. To qualify as such, the requirements must have been issued or authorized by a legislative body and be shown to impose mandatory, enforceable, and sanctionable requirements. This is relevant to many of the requirements under Recommendation 5, as well as all of Recommendations 10 and 13. The requirements in respect of the remaining FATF Recommendations must, at a minimum, be specified in ‘other enforceable means’, defined by the FATF methodology as measures issued by a competent authority and shown to be mandatory, enforceable, and sanctionable. The following paragraphs set out the laws, regulations, and, as applicable, other enforceable means taken into account for the purposes of this assessment.

389. The main legislative foundation for customer due diligence (CDD) and other AML/CFT preventive measures in the IOM is the CJA 1990, Section 17 of which defines ML offenses, tipping-off offenses, and the offense of not reporting suspicious transactions. The Act also deals with confidentiality and provides exceptions to enable disclosure in certain restricted circumstances. CJA 1990 Section 17F also gives power to the DHA to issue codes for the purposes of preventing and detecting ML (whether relating to the proceeds of criminal conduct, drug trafficking, or otherwise).

390. CJA 1990 specifies that codes issued pursuant to Section 17F shall be laid before Tynwald, which has the power to annul the proposed code at either of its next two sittings. Having regard, therefore, to the power granted by the parliamentary body (in primary legislation) to the DHA to issue codes for ML purposes, combined with the passive parliamentary approval procedure here described, the assessors are satisfied that a code issued by the DHA under CJA 1990 Section 17F constitutes secondary legislation and is within the scope of the FATF definition of ‘law and regulation’.

391. Pursuant to CJA 1990 Section 17F the DHA had issued AML Code 2007, which contained detailed provisions addressing many-though not all-of the elements of the FATF Recommendations. AML Code 2007 was revoked on the coming into force of AML Code 2008 on December 18, 2008. AML Code 2008 applies to persons conducting relevant business as listed in Schedule 1 to the Code, which includes a wide range of financial business relating, in particular, to financial institutions and DNFBPs. By comparison with the definition of ‘financial institutions’ in the Glossary of the FATF methodology, the IOM list defining the scope of the AML Code 2008 (as with its predecessor) is partially activity-based and partially institution-category specific. While the assessors cannot conclude definitively that the scope of coverage in the IOM is fully in line with the FATF definition, no material omissions from coverage were identified during the assessment. The assessors note that while most forms of lending and leasing business are defined as being within the scope of the IOM requirements, implementation focuses in practice on the categories of financial institutions covered by the Core Principles. While the IOM list also includes ‘the business of the Post Office in respect of any activity undertaken on behalf of the National Savings Bank’ (UK), the assessors were informed by the FSC that this refers to a previous agency arrangement and is no longer relevant as the Post Office no longer collects any funds or application forms under this arrangement. The analysis in section 3 below will focus on the following categories of financial institutions which operate in the IOM:

article image
article image

392. As outlined above, CJA 1990 Section 17F provides the DHA with the power to issue Codes to prevent and detect money laundering, including money laundering relating to the benefits of proceeds of criminal conduct, of drug trafficking or otherwise. The scope of the CJA 1990 and therefore the power of the DHA to issue Codes do not, however, expressly extend to terrorist financing as defined in the ATCA 2003. The authorities indicated that they considered FT to be validly within the scope of the power of the DHA under the CJA 1990 to issue codes ‘whether in respect of the benefits or proceeds of criminal conduct…or otherwise’, although the provision in question relates specifically to forms of money laundering. While the assessors did not consider this in itself to be a convincing legal basis, they took into account that the resultant secondary legislation (AML Code 2007 and its replacement the AML Code 2008) were both the subjects of a parliamentary process which provided an opportunity for parliament to annul the codes, should they object to the content; no such objection was raised. On that basis, it would not be reasonable to conclude that the interpretation of the scope of the codes to include FT was ultra vires as regards the powers of the DHA, given that the parliamentary process, by default, granted consent to the content of the codes. The codes were accepted, therefore, for purposes of this assessment as including FT, although the assessors recommended that the opportunity be sought by the authorities to provide a more explicit legal basis in primary legislation.

393. A very significant sub-set of the business covered by the CJA 1990 is within the regulatory ambit of the FSC pursuant to the provisions of FSA 2008 (which consolidated previous regulatory legislation, including the Banking Act 1998). Among the regulatory objectives of the FSC under FSA 2008 Section 2(2) is ‘the reduction of financial crime’ which is defined in the Act as ‘any crime involving (a) fraud or dishonesty; (b) misconduct in, or misuse of information relating to, a financial market; or (c) handling the proceeds of crime or funds connected with terrorism’. This definition is significantly narrower than the full range of predicate offenses for ML and FT required to be covered under the FATF Recommendations but includes explicit coverage of FT.

394. As the functions of the FSC are to be exercised in a way that is compatible with its regulatory objectives (Section 2(1)), the inclusion of the reference in Section 2(2) to financial crime empowers the FSC to apply to the institutions it regulates a wide range of provisions relevant for AML/CFT purposes. FSA 2008 Section 18 provides that the FSC may make rules (referred to as the Rule Book) to, inter alia, give ‘full effect to the regulatory objectives’ of the FSC under the Act. The FSC is required to consult with the Treasury regarding the Rule Book (to comply with FSA 2008 Section 44(5)) and follow the Tynwald procedure set out in FSA 2008 Section 45, which involves laying the Rule Book before Tynwald as soon as practicable after it is made. Unless Tynwald approves the Rule Book within the next two sittings, it ceases to have effect. The FSC confirmed to the assessors that, at the time of the onsite visit, they had completed the entire Rule Book and brought Chapter 9 of the Rule Book relating to AML/CFT into force for all licenseholders with effect from August 1, 2008, that the procedure outlined above was followed, and the whole Rule Book was voted on and adopted by Tynwald following the required motion and discussion in Tynwald. On the basis that the Rule Book was approved by a parliamentary body as outlined above and therefore constitutes secondary legislation, it is accepted for purposes of this assessment as meeting the FATF definition of ‘law and regulation’. The remaining chapters of the Rule Book (of less relevance for purposes of this assessment) were brought into force for new licenseholders from August 1, 2008 and for existing licenseholders from January 1, 2009.

395. The FSC has also issued to the institutions it regulates an AML/CFT Handbook, which lists among its purposes to ‘outline the regulatory powers which the FSC may exercise and to set out the FSC’s requirements of licenseholders’. While the Handbook is presented as guidance, much of its language is mandatory in tone and it is regarded by financial institutions as the principal single-source reference of the AML/CFT requirements with which they must comply. The Handbook also explains the FSC’s expectations for the application by the institutions of the risk-based approach. The cover page of the Handbook confirms that it is not a legal document and should not be relied upon in respect of points of law. On that basis, the FSC agreed with the assessors that it cannot be regarded for the purposes of this assessment as meeting the FATF criteria for ‘other enforceable means’. Nonetheless, the Handbook contains useful supporting and explanatory material, including much of the detail needed for the day-to-day implementation of the requirements of the law, the AML Code, and the Rulebook. In that respect, the detailed assessment includes quotes from the Handbook as appropriate.

396. Given that the financial institutions regulated by the FSC appear to be subject in parallel to the requirements of the AML Code 2008 and the FSC’s Rulebook, both of which are secondary legislation, a question could arise as to which takes legal precedence in cases where their provisions overlap. The assessors are not aware of any basis for determining which piece of secondary legislation would take precedence other than by decision of the Courts should a case come before them, which has not occurred to date. While the revisions contained in the AML Code 2008 remove almost all of the potential conflicts which could have arisen under its predecessor, the assessors recommend that the authorities conduct a further review to remove any residual potential for conflicts and bring the requirements into full consistency with each other and with the international standard. The same point may arise in relation to the AML/CFT provisions applicable to insurance business, as described below. However, the assessors note that the amendments introduced by the authorities shortly after the on-site visit have already addressed the material inconsistencies.

397. Insurance business is subject to IPA authorization and supervision. While covered by the AML Code 2008 in the same manner as FSC licenseholders, insurance businesses are also subject to a set of insurance-related AML/CFT requirements, which were updated shortly before the current assessment. The previous AML/CFT provisions (the Anti-Money Laundering Standards for Insurance Business, the most recent version of which was issued in March 2003) have been superseded with effect from September 1, 2008 by the:

  • Insurance (Anti-Money Laundering) Regulations 2008 (IAMLR 2008); and in the case of long-term insurance business by the

  • Guidance Notes on Anti-Money Laundering and Preventing the Financing of Terrorism - for Insurers (Long Term Business) (IGN 2008).28

398. In addition, much of the insurance legislation was superseded by the Insurance Act 2008 (IA 2008), for which Royal Assent was received and its provisions brought into effect on December 1, 2008, to consolidate most of the current legislative provisions. For purposes of this assessment, both the IA 1986 (as amended) and the IA 2008 which has superseded it have been taken into account. While the text of this report refers mainly to the provisions to the IA 2008, it should be borne in mind that they largely replicate the provisions in effect at the time of the on-site visit under the previous legislation.

399. Pursuant to Section 2 of the Insurance Act 2008 (IA 2008), the functions of the IPA are linked to a number of regulatory objectives which include ‘the reduction in the extent to which it is possible for any insurance business to be used in connection with the commission of financial crime’, which is defined by Section 52 IA 2008 to include ‘handling the proceeds of crime or funds connected with terrorism’. In exercising its functions, Section 2(2) provides that the IPA shall have regard, inter alia, to ‘the desirability of insurers being aware of the risk of their businesses being used in connection with the commission of financial crime’.

400. Section 50 IA 2008 provides that the IPA may issue regulations ‘as it considers are necessary or desirable to carry [the] Act into effect’. Pursuant to Section 32 IA 1986, the IPA issued IAMLR 2008, Section 5 of which extended the scope of the Regulations to include countering the financing of terrorism. The legal basis for this inclusion of FT is provided by the definition in Section 50 IA 2008, as quoted above.

401. IAMLR 2008 is accepted as secondary legislation for the purposes of this assessment as it:

  • was issued under a specific power granted in primary legislation to the IPA to issue regulations, including explicitly in relation to the prevention and detection of money laundering;

  • was laid before Tynwald in line with the parliamentary procedure, under which Tynwald could have exercised the right to annul such regulations in accordance with Section 50(4) of the IA 2008 (passive approval process by a parliamentary body); and

  • contains mandatory provisions, which are enforceable by the IPA and subject to the sanctions of the Insurance Acts.

402. IAMLR 2008 applies to insurers; other IPA-regulated entities such as insurance intermediaries and managers, registered scheme administrators, and scheme trustees are subject to the AML Code 2008.

403. As noted, the IPA has issued AML/CFT guidance notes (IGN 2008) for insurers undertaking long-term business, which also came into effect on September 1, 2008. Following careful consideration, the assessors determined that these guidance notes should be accepted as ‘other enforceable means’ (OEM) for the purposes of this assessment, on the following basis:

  • IGN 2008 is issued pursuant to IA 1986 Section 24C (as inserted by Section 12 of the 2004 Amendment Act), superseded by Section 51 IA 2008, which provides that the IPA ‘may issue Guidance Notes for the purpose of providing binding guidance with respect to… any matter in respect of which regulations may be made under this Act’;

  • IGN 2008 is stated to have been laid before Tynwald, although it is not evident that there is an applicable parliament procedure for such as document;

  • IGN 2008 specifies that, ‘while these are Guidance Notes, the requirements set out herein must be considered as a mandatory minimum’ and they are stated in mandatory language;

  • The guidance notes, being issued under explicit statutory powers of the IPA and linked to the requirements of the relevant primary and secondary legislation, are enforceable under the supervisory powers of the IPA; and

  • Not to comply with them exposes the insurer to regulatory sanctions as set out under the Insurance Act, which provides an acceptable sanctioning basis for purposes of the February 2008 revision to the FATF Methodology. No sanctions had been applied at the time of the on-site visit, but that is to be expected as IGN 2008 had only been in effect at that time for a number of days.

404. The legal basis is summarized in the following table:

Summary of legal basis for AML/CFT measures for financial institutions:

article image
article image

3.2. Customer due diligence, including enhanced or reduced measures (R.5 to 8)

3.2.1. Description and Analysis

Prohibition of Anonymous Accounts (c. 5.1):

405. While anonymous accounts and accounts in fictitious names are not prohibited in primary legislation in the IOM, they are effectively prohibited in secondary legislation, in either a direct or indirect manner.

406. AML Code 2008 does not explicitly prohibit anonymous accounts but paragraph 4(1) requires all persons conducting an activity in the financial sector to undertake identification and verification procedures on all applicants for business. The opening of an anonymous account would conflict with this requirement. For FSC-regulated entities, there is an express prohibition in the FSC Rule Book 2008 (Rule 9.3 (1)) pursuant to which a licenseholder must not maintain an anonymous account or an account in a fictitious name.

407. In respect of insurers regulated by the IPA, IAMLR 2008 Section 15 expressly prohibits the establishment or creation of anonymous bonds or contracts in fictitious names and any such business relationships in existence ‘must be treated as high risk and subjected to enhanced due diligence and ongoing monitoring’. The IAMLR 2008 applies to insurers; other IPA-regulated entities such as insurance intermediaries, insurance managers, registered scheme administrators, and scheme trustees are subject to the AML Code 2008.

408. The regulatory authorities informed the assessors that no indication of the operation of anonymous accounts was found in the course of their onsite supervision. The financial institutions interviewed during the assessment indicated no knowledge of the operation of anonymous accounts in the IOM. The assessors noted, however, that the responses received did not entirely exclude the possibility that some old anonymous accounts might still exist. This possibility is also acknowledged in the above reference from the IAMLR 2008, which seeks to address the heightened risk arising from anonymous insurance bonds or contracts, should they be identified in existing business relationships.

409. The use of numbered accounts is not proscribed and there is no specific reference to them in primary legislation or in the AML Code 2008. For FSC-regulated entities, however, Rule 9.3(2) of the FSC Rule Book 2008 requires licenseholders that maintain numbered accounts to ‘identify, and verify the identity of the customer’ and maintain the account ‘in such a way as to comply fully with the requirements of the Code’ and the AML/CFT requirements of the FSC Rule Book 2008. The assessors found this approach to be consistent with Recommendation 5.

410. The financial institutions interviewed during the assessment indicated no knowledge of the operation of numbered accounts in the IOM. However, the FSC decided to make provision in the Rule Book for any numbered accounts which might be operating.

When is CDD required (c. 5.2):

5.2(a)

411. Consistent with the FATF Recommendations, the authorities opted to set out the requirement to undertake CDD measures in secondary legislation. Pursuant to AML Code 2008 paragraph 6, identification procedures apply to new business relationships. The Code stipulates that relevant persons (which includes all financial institutions) must identify the applicant for business before the business relationship is entered into or during the formation of this relationship ‘but in any event as soon as reasonably practicable (taking into account the need not to interrupt the normal conduct of business where there is little risk of money laundering or terrorist financing occurring) after contact is first made’ (paragraph 6(2)). AML Code 2008 paragraph 6(9) provides that, in the absence of satisfactory evidence of identity, the business relationship shall not proceed any further, the relevant person should terminate the relationship, and must consider whether to file an STR. The issue regarding the timing of identification is addressed further below. The establishment of new business relationships based on information received from business introducers or other third parties is addressed in the analysis of Recommendation 9.

412. AML Code 2008 paragraph 6(5) provides for a limited exception to the obligation to produce evidence of identity for new business relationships where the identity of the applicant and nature and intended purpose of the relationship are known to the financial institution and the applicant is regulated by the FSC or IPA under their regulatory legislation, or is an advocate or registered legal practitioner or an accountant carrying on business in or from the IOM subject to equivalent AML/CFT professional rules, or is conducting regulated business (as defined) in a country listed by the IOM authorities as having an acceptable AML/CFT regime. While this appears to be a wide set of exceptions, the relief from the obligation to conduct CDD measures applies only to an applicant that meets the specified criteria and not to the customers of or business introduced by such an applicant (except in the case of intermediaries and, for example, fiduciary deposits).

413. For FSC-regulated entities, there is also an explicit requirement in the FSC Rule Book 2008 (Rule 9.6 (5)) that a licenseholder must not proceed with a business relationship unless specified CDD measures have been conducted, including identification and verification of identity. This would appear to have the potential to conflict with AML Code 2008 paragraph 6 which allows some leeway regarding the timing of CDD. However, Rule 9.5 of the FSC Rule Book 2008 allows the FSC-regulated entities to conduct CDD measures, including in respect of an applicant for business, ‘on the basis of materiality and risk’.

414. In the case of insurance, IAMLR 2008 Section 8 permits the insurer to complete the required CDD measures ‘as soon as reasonably practical’ after receipt of an application to enter into a business relationship. In the event that the business relationship is utilized before CDD is completed, the insurer must apply measures to control the type and volume of transactions. IGN 2008 expands on the rationale and provides examples of transactions that might be conducted before CDD is completed and measurements to be taken in such circumstances. Pursuant to IAMLR 2008 Section 9(1) and IGN Section 2.5, in the absence of satisfactory evidence, the business relationship must not proceed.

415. For IPA regulated insurers, discretion regarding the timing of verification of identity is permitted, except for beneficiaries under a trust. Pursuant to IAMLR Section 12, for a beneficiary named or nominated under a life policy, such verification can be undertaken at or before the time of a payout of a claim or exercising of rights under the policy.

5.2(b)

416. With regard to occasional transactions, AML Code 2008 uses the term ‘one-off transaction’ which is defined in paragraph 2 of the Code as any transaction (other than an exempted one-off transaction) carried out by relevant persons other than in the course of an established business relationship. An ‘exempted one-off transaction’ is defined in the Code as a one-off transaction (whether a single transaction or a series of linked transactions) where the amount of the transaction or the aggregate of a series of linked transactions is less than:

  • EUR3,000 (or the equivalent thereof) in the case of a transaction or series of linked transactions entered into in the course of bookmaking or casino businesses; or

  • EUR15,000 (or the equivalent thereof) in any other case. (Code paragraph 2(1)).

417. For IPA-regulated insurers, under IAMLR 2008 Section 7, CDD requirements may be waived for contracts for which:

  • the premium, payable in one installment, does not exceed GBP7,500;

  • the regular premium payable in any calendar year does not exceed GBP2,500; or

  • The contract does not have a maturity or surrender value, such as term life insurance.

418. In line with Recommendation 5, for all transactions outside the scope of these concessions, the regulated entity must undertake the same identification procedures as when entering into a new business relationship before a one-off transaction is entered into (AML Code 2008 paragraph 9). for insurers that avail of the above threshold concessions, CDD measures must be undertaken if a claim or return premium is greater than the monetary waiver thresholds (IAMLR 2008 Section 7(4)(5)).

419. Section 4.3 of the FSC Handbook provides further guidance regarding the interpretation of linked transactions, indicating that the FSC has no objection to the adoption of the previous UK standard of three months as the minimum acceptable monitoring period to determine whether a series of transactions has exceeded the applicable threshold for linked transactions.

5.2(c)

420. There is no provision in primary legislation, in the AML Code 2008, or the FSC Rule Book 2008 relating to wire transfers. The IOM authorities opted instead to implement European Regulation 1781/2006 on Wire Transfers by means of orders made by the Council of Ministers, which constitutes secondary legislation in the IOM: the “European Community (Wire Transfers Regulation) (Application) Order 2007”, as amended by the “European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007”.

421. Payment service providers are required, before transferring funds, other than from an account, to verify the complete information on the payer on the basis of documents, data, or information obtained from a reliable and independent source, where the amount exceeds EUR1,000 (or the transaction is carried out in several operations that appear to be linked and together exceed EUR1,000). The exemption threshold does not apply where there is a suspicion of money laundering. (European Regulation (Application) Order, paragraph 5.4).

422. The measures applicable to wire transfers are compliant for purposes of Recommendation 5 and are analyzed in more detail later in this report when addressing SR.VII.

5.2(d)

423. Financial institutions are required pursuant to the AML Code 2008 to undertake CDD measures regardless of any available exemption if they know or suspect (or a suspicious pattern of behavior causes them to know or suspect) that the transaction is or may be related to money laundering when entering into a new business relationship or conducting a one-off transaction (paragraphs 6(8)(a) and (b), 9(8)(a) and (b), and 11(11)(a) and (b) AML Code 2008).

424. The application of this requirement to situations when financing of terrorism is known or suspected is based on the definition in the AML Code 2008 of ‘money laundering requirements’ which includes the requirements of ATCA 2003 Sections 7-11 and 14. As discussed elsewhere in the report, the power of the DHA to issue the Code under CJA 1990 Section 17F refers explicitly to preventing and detecting money laundering and, although accepted for purposes of this assessment that FT is also covered by extension, the assessors recommend that the authorities seek the opportunity for a more explicit legal basis. On balance, the assessors concluded that, in this respect, the IOM can be considered compliant with Recommendation 5.

425. For IPA-regulated insurers, simplified or reduced levels of CDD must not be applied where there is a suspicion of money laundering (IAMLR 2008 Section 13(3)) and IAMLR Section 5 extends this provision to FT. Pursuant to IGN 2008 5.3, CDD must also be undertaken upon surrender or maturity of a contract if there is suspicion of ML or FT

5.2(e)

426. AML Code 2008 paragraph 7(2)(f) requires customer due diligence procedures to be undertaken where a relevant person ‘becomes aware of anything which causes the relevant person to doubt the veracity or adequacy of evidence of identity produced under paragraph 6(3)’ of the Code. AML Code 2008 paragraph 7(2)(e) requires CDD procedures to be undertaken if ‘the relevant person becomes aware of anything which causes the relevant person to doubt the identity of the person who, in relation to the formation of the business relationship, was the applicant for business’. These paragraphs apply regardless of any exemptions or thresholds in the Code.

427. AML Code 2008 paragraphs 6, 9, and 11 each set out circumstances under which relevant businesses are able to waive certain requirements for undertaking CDD. However, each of these sections further set out that any such ability or option to waive must be ignored in the event that the business has cause to doubt the identity of the applicant or beneficial owner or it becomes aware of anything that causes it to doubt the bona fides of the applicant or beneficial owner (paragraphs 6(8)(c), 6(8)(d), 9(8)(c), 9(8)(d), 11(11)(c), and 11(11)(d)). The assessors found the IOM compliant with Recommendation 5 in this regard.

Identification measures and verification sources (c. 5.3):

428. AML Code 2008 paragraphs 6(3) and 9(3) provide that financial institutions are required to have in place procedures for: (a) the identification of, and (b) the verification of the identity of the applicant for business using reliable, independent source documents, data, or information. Applicant for business includes any person, natural or legal. The Code also provides for a series of exceptions to the identification requirement which are discussed in detail below in relation to measures applied to low-risk business.

429. For FSC-regulated entities, the FSC Rule Book 2008 Rule 9.6 imposes specific requirements in relation to identification and verification with regard to legal persons and legal arrangements. These provisions are discussed further below.

430. The FSC Handbook Section 4 provides guidance regarding the types of documents and information the FSC considers necessary to fulfill these information and verification requirements. For natural persons, the information has to include name, permanent residential address, date and place of birth, nationality, and gender. Except in the lowest-risk cases or to guard against financial exclusion, information collected should also include an official personal identification number or other unique identifier contained in an unexpired official document. Using a risk-based approach, it may also be warranted to collect information on occupation, name of employer, and source of income and, if applicable, details of any public or high-profile positions held. FSC Handbook Section 4.2.2 sets out the verification procedures in considerable detail and lists the forms of acceptable official and occupation-related documentation. It is evident from the language used in the Handbook that it is in the first instance the responsibility of the licenseholders to satisfy themselves that they have taken adequate steps to identify and verify the identification of the applicant for business. Considerable discretion is given to the licenseholders in meeting the requirements of the AML Code 2008 and FSC Rule Book. This includes reference to the use of independent electronic data sources to provide confirmatory material, subject to meeting specified quality criteria. There is also guidance to assist in a pragmatic manner where the applicant for business does not possess standard identification information; examples quoted include the elderly, the disabled, students, and minors.

431. For IPA-regulated insurers, IAMLR 2008 Section 9 provides that an insurer must take reasonable measures to verify the identity of the applicant31 and beneficial owner and satisfy itself as to the source of wealth and funds, using reliable, independent source documents, data or information. Evidence of identity, wherever it appears in the Regulations, shall not be satisfactory unless reasonable measures have been taken by the insurer to identify the applicant. Pursuant to IGN 2.6, all applicants must at a minimum be subject to a standard range of CDD measures including but not limited to the identification of the beneficial owner whilst permitting the application of a risk based approach. The identification and verification requirement applies to natural or legal persons and to legal arrangements.

432. Discretion is permitted in relation to evidence of identity where an insurer can utilize either original or suitably certified copies of identification documentation or ‘undertake a form of investigation which has satisfied the insurer as to the identification of the person concerned’. IGN 2.5 restates the verification requirements of the Regulation and expands on the available flexibility of verification procedures in 2.9, covering verification by the insurer non face-to-face; verification by outside agency or using data bases; and verification by use of the internet or other methods.

433. FSC and IPA licenseholders informed the assessors that, in practice, their account-opening or policy application forms include all of the matters set out in the Handbook, the IAMLR 2008, and IGN 2008, as appropriate, together with questions on source of funds and purpose of the business relationship. Verification is usually done by means of an official document (preferably a passport or national identity card, where available), and supported by an original recent utility bill confirming address information. As most of the new applicants for business are nonresident and non face-to-face, often involving the intervention of business introducers, additional risk arises. In practice in such cases, the licenseholders often rely for verification on copy passports, certified by a suitable certifier, as defined. In some cases, the verification is delegated to an eligible introducer, though for insurance business Introducer Certificates are seldom used in practice. In other cases, introducers provide copies of supporting identity/address information. The conduct of this business is also addressed in detail in the assessments of Recommendations 8 and 9.

Identification of Legal Persons or Other Arrangements (c. 5.4):

5.4(a)

434. With effect from December 18,2008, a requirement was incorporated under AML Code 2008 paragraph 5(3) that a relevant person must: (a) verify that any person purporting to act on behalf of a legal person or legal arrangement is so authorized, and (b) identify that person and take reasonable steps to verify their identity using reliable and independent source documents, data, or information. For FSC-regulated entities, FSC Rule Book Rule 9.6(3)(a) and (b) also requires that, in the case of a legal person or legal arrangement applicant, the licenseholder must verify that any person purporting to act on behalf of the applicant is authorized to do so and ‘identify and verify the identity of that person using reliable and independent source document, data, or information’. Although the requirement did not apply to all relevant financial institutions at the time of the on-site visit, it was introduced shortly afterwards and the assessors were satisfied that the measures were already being applied, in line with prudent business practice, at the time of the assessment.

435. For IPA-regulated insurers in the case of a legal person or body, pursuant to IAMLR 2008 Section 11(1) an insurer is required to confirm the appropriate authorization of any person acting on behalf of the legal person or body and Sections 9(1) by reference to 10(1)(c) requires verification of identity.

5.4(b)

436. AML Code 2008 introduced, effective December 18,2008, a specific requirement under paragraph 5(3)(e) to verify the legal status of the applicant using relevant information or data obtained from a reliable source. Applicant for business includes any person, natural or legal.32 Although this requirement did not apply to all relevant financial institutions at the time of the on-site visit, it was introduced shortly afterwards and the assessors were satisfied that the measures were already being applied at the time of the assessment.

437. Moreover, with regard to FSC-regulated entities, FSC Rule Book 2008 Rule 9.6(3) sets out that licenseholders must, inter alia:

  • Verify the legal status of an applicant for business using relevant information or data obtained from a reliable source;

  • Identify any known beneficiaries in the case of a legal arrangement; and

  • Obtain information concerning the names and addresses of the legal person or legal arrangement, any natural person having power to direct its activities, and any person who may (and the means by which they may) impose obligations on the legal person or arrangement.

438. The FSC Handbook provides additional detailed guidance on the implementation of the provisions for legal persons (Section 4.7) and trusts and other legal arrangements (Section 4.6). With regard to legal persons, the Handbook clarifies that the scope of the term ‘legal person’ in Rule 9.6 would encompass any body corporate or unincorporated capable of establishing a permanent customer relationship or own property (including e.g., foundations, anstalts, or partnerships). It states that, as Rule 9.6 does not provide any concession for companies administered by corporate service providers, licenseholders are obliged to look through to the directors and signatories of the administered companies. The guidance explains that licenseholders are expected to ‘lift the corporate veil’ and know the identity of the beneficial owner. It notes that, where the owner is another corporate entity or trust (which is a common occurrence in the IOM), ‘reasonable measures’ should be taken to verify the identity of the principals.

439. Although not referring to any specific legal provision, the FSC Handbook lists the identification information required for legal persons, including details of registration and of the directors and other persons exercising control, as well as persons authorized to act on behalf of the legal person, including holders of powers of attorney. For ‘standard risk’ business, at least two of the signatories and two directors should be identified; all must be identified for business deemed to be of higher risk.

440. The FSC Handbook also uses mandatory language in setting out detailed measures to be implemented by licenseholders regarding the identification and verification of trustees and express trusts (to include any other arrangement that has similar legal effect) to supplement FSC Rulebook Rule 9.2(1) and the definition of beneficial owner in the context of a legal arrangement, which includes trustees and settlors. Rule 9.6(3)(c) requires beneficiaries to be identified and Rule 9.8 requires verifying the identity of beneficiaries.

441. For IPA-regulated insurers, in the case of a legal person or body, IAMLR 2008 Section 11 requires an insurer to ascertain the legal status, existence, and identity of the legal person or body, its nature, and the appropriate authorization of any person acting on behalf of the legal person or body; and take reasonable measures to understand the ownership and control structure. Similar to FSC requirements detailed above, the IGN 2008 Sections 4.3–4.15 detail specific requirements relating to evidence of incorporation, details of trustees and directors, memorandum and articles, extracts of trust deeds, and identities of beneficiaries including beneficiaries of trust arrangements.

442. On the basis of the provisions in effect at the time of the on-site visit or shortly thereafter, and of the quality of the implementation observed, the assessors found the IOM to be in compliance with this aspect of Recommendation 5.

Identification of Beneficial Owners (c. 5.5; 5.5.1 & 5.5.2):

443. The requirement to identify beneficial owners is set out in secondary legislation. AML Code 2008 paragraph 2 defines the term ‘beneficial owner’ using the key sentence of the FATF definition as ‘the individual who ultimately owns or controls the applicant for business or on whose behalf a transaction or activity is being conducted’. In relation to a legal person, beneficial owner includes a natural person who:

  • (a) ultimately owns or controls (directly or indirectly, including through bearer shares) more than 25 percent of the shares or voting rights; or

  • (b) otherwise exercises control over the management of the legal person. In the case of a legal arrangement, beneficial owner includes the trustees or other persons controlling the applicant.

444. For FSC-regulated entities, the FSC Rule Book 2008 Rule 9.6.2(a) and (b) also requires licenseholders to determine who is the beneficial owner of the applicant for business. The Rule Book defines the term ‘beneficial owner’ in Rule 9.2(1) and allows for some pragmatic concessions (broadly consistent with the methodology). The relevant extract from the definition in the Rule Book is as follows:

  • ‘In relation to a legal person or legal arrangement, [beneficial owner] includes (but is not restricted to):

  • (a) in the case of a legal person other than a company whose securities are listed on a recognized stock exchange, a natural person who ultimately owns or controls (whether through direct or indirect ownership or control, including through bearer share holdings) more than 25 percent of the shares or voting rights in the legal person; or

  • (b) in the case of any legal person, a natural person who otherwise exercises control over the management of the legal person;

  • (c) in the case of a legal arrangement —(i) the trustees or other persons controlling the applicant; and (ii) the settlor or other person by whom the arrangement is made.

445. Rule 9.6 further requires licenseholders to:

  • take reasonable steps to verify the identity of the beneficial owner, using relevant information or data obtained from a reliable source; and

  • determine whether the applicant is acting on behalf of another person and, if so, to take reasonable steps to identify and verify that other person. (5.5.1)

446. Sections 3 and 4 of the FSC Handbook provide guidance regarding whether a customer is acting on behalf of another person.

447. For IP A regulated insurers, IAMLR 2008 Section 9(1) sets out that the insurer must undertake ‘reasonable measures’ for identification and verification. However, insurers are also subject to the AML Code 2008 which requires identification in all cases and, in accordance with the FATF Recommendations, provides for ‘reasonable measures’ for purposes of verification of identity. As noted above, pursuant to IAMLR Section 12, for a beneficiary named or nominated under a life policy, verification can be undertaken at or before the time of a payout of a claim or exercising of rights under the policy. In discussions with insurers, the assessors did not observe any evidence of weaknesses in the implementation of identification procedures.

5.5.1

448. Further to the analysis above, the FSC has provided for a concession from the requirement to identify and verify the beneficial owner. Section 4.12 of the FSC Handbook explains that financial services businesses (termed ‘intermediaries’ in relation to this activity) frequently hold funds or assets on behalf of their customers with IOM banks. Examples mentioned in the Handbook include overseas banks (Swiss banks are mentioned as an example in the Handbook) that place deposits on a fiduciary33 basis with IOM banks. Section 4.12 provides that, where an intermediary acting on behalf of underlying customers falls under the definition of an “Acceptable Applicant” 34, the licenseholder can, subject to specified risk-based conditions, regard the intermediary as its customer and not identify the underlying depositors. The CDD obligations regarding the persons for whom the intermediary is acting rests with the intermediary. The arrangement is analogous to that applied to the funds industry and other pooled investment mechanisms such as unit trusts, to which the provisions of Section 4.12 also apply. In practice, it appears that each distinct holding within the account held in the intermediary’s name is identified by a unique reference number. While the concession may be pragmatic, it places significant reputational reliance on the quality of the AML/CFT processes of the originating foreign bank or other ‘applicant’ and could leave the IOM bank in a difficult position should weaknesses subsequently emerge regarding the quality of the CDD conducted abroad, particularly as—unlike the Eligible Introducer regime described later—there does not appear to be any requirement that the IOM bank identify the ultimate beneficial owner, spot-check the originator’s CDD measures, or be in a position to obtain copies of the CDD documentation should it be duly required, for example, for FCU or law enforcement purposes. As the Handbook mentions Swiss banks as an example, the impact of bank secrecy laws there would further ensure that the IOM bank would not be in a position to obtain any information on the beneficial owner of the funds they hold on behalf of customers of their Swiss-bank customers. Due to the underlying risk of misuse, the assessors concluded that this arrangement could not be considered fully compliant, including on a risk-based approach, with Recommendation 5, under which financial institutions should be required to determine whether the customer is acting on behalf of another person and should then take reasonable steps to obtain sufficient identification data to verify the identity of that other person..

5.5.2 (a)

449. With effect from December 18,2008, and in compliance with Recommendation 5, AML Code 2008 paragraph 5(3)(h) requires financial institutions and other relevant persons to obtain information to understand the ownership and control structure of the applicant.

450. For FSC-regulated entities, Rule 9.6(3)(g) also requires licenseholders to ‘take reasonable steps to understand the ownership and control structure of the applicant’ where applicants for business are legal persons or legal arrangements. The FSC Handbook provides useful guidance in this respect. For example, the Handbook Section 4.7 indicates that financial institutions should, for corporations and partnerships, “look behind the institution to identify those who have control over the business and the company’s/partnership’s assets, including those who have ultimate control and ultimate principal ownership.”

451. For IPA-regulated insurers IAMLR 2008 Section 11(2) requires insurers, in relation to legal persons or bodies, to ‘take reasonable measures to understand the ownership and control structure of the legal person or body’. IGN 4.3–4.24 provide considerable supporting detail in relation to publicly listed and private corporate businesses; trustee and nominee structures; various partnership structures; pensions; charities; foundations; and holding companies. The relevant requirements for insurance managers and intermediaries, as they are not within the scope of the IAMLR 2008 and IGN 2008, are contained in AML Code 2008, as discussed above.

452. Based on discussions with financial institutions, the assessors were satisfied that there was already evidence of compliance with this aspect of Recommendation 5 at the time of the on-site visit.

5.5.2 (b)

453. AML Code 2008 paragraph 5(3) introduced a number of requirements relevant to legal arrangements, including requiring relevant persons to identify any known beneficiaries and the settlor (or equivalent). The requirements that apply to applicants for business more broadly are also relevant to legal arrangements and include obtaining information on any natural persons having power to direct activities and information to understand the ownership and control structure. For FSC-regulated entities in relation to legal arrangements, Rule 9.6(3)(c) of the FSC’s Rule Book requires licenseholders to identify any known beneficiaries and Rule 9.8 requires licenseholders to have identified a beneficiary and verified their identity before making any payment of capital or income.

454. The FSC Handbook Sections 3 and 4 provide additional guidance as to how these requirements could be met, in particular when the applicant is a legal person: the licenseholder must in that case ‘obtain identification information on the underlying principals, i.e., persons exercising control over the management of the legal person, or any person having power to direct the activities of the legal person’. If the customer is a trust, the FSC Handbook explains that the trustee(s) or other persons controlling the applicant must be identified, as well as ‘the settlor(s) or any other person by whom the arrangement is made, protector(s), any other person having power to direct the activities of the applicant, any person whose wishes the trustee may be expected to take into account, known beneficiaries, and potential beneficiaries presenting a high risk’ (FSC Handbook, Section 3.2.1).

455. For IPA-regulated insurers, in relation to legal arrangements, IAMLR 2008 (9) and (10) require insurers to identify and verify beneficial owners, whether natural or legal, and Section 12 requires insurers to have identified a beneficiary under a life insurance policy and verified their identity before making any payment under a policy.

456. IGN 2008 4.3–4.14 provides considerable detail in relation to the requirements where the applicant is a legal person or body, including a list of officers from whom it can take instructions and their specimen signatures; satisfactory evidence of a corporate investor; verification of identity of controllers holding 25 percent or more and where the controller is another entity lift the veil to the ultimate owner or controller. The insurer must, pursuant to IGN 2008 4.5, where the applicant is a trust, identify the trustee(s) or other persons controlling the applicant including evidence of proper appointment; the settlor(s) or any other person by whom the arrangement is made, protector(s), any other person having power to direct the activities of the applicant, any person whose wishes the trustee may be expected to take into account, known beneficiaries, and potential beneficiaries, as well as the nature and purpose of the trust and the source or origin of the assets under trust.

457. A further point to take into account in the IOM context is the extent to which financial institutions–mainly the banks–depend on others (eligible introducers or otherwise, from within the IOM or nonresident) to conduct on their behalf the identification and verification procedures. A particular vulnerability may arise in relying on third parties to reliably identify and verify the ultimate beneficial owners. The financial institutions interviewed indicated to the assessors the importance they attach to protecting their reputations by taking care in addressing the beneficial owner challenge, whether or not they rely on third parties and, as such, appeared to be implementing measures equivalent to those subsequently formalized in the AML Code 2008. The issue of reliance on third parties is addressed further in the analysis of Recommendation 9.

Information on Purpose and Nature of Business Relationship (c. 5.6):

458. AML Code 2008 paragraph 6(3)(c) introduced a requirement for financial institutions and other relevant persons to establish, maintain, and operate procedures in relation to new business relationships and to obtain information on the purpose and intended nature of the business relationship.

459. For FSC-regulated entities, relevant and detailed guidance is provided in the discussion in the FSC Handbook Section 3 on CDD measures and the development of client profiles, for which an understanding of the purpose and intended nature of the relationship is essential.

460. For IPA-regulated insurers, IAMLR 2008 Section 14 stipulates that an insurer must satisfy itself (obtaining information where necessary) as to the purpose and intended nature of the business relationship. Moreover, pursuant to IGN 4.5(c), 4.7 (a), and 4.13 (e), this requirement also applies for trustee business; partnerships and unincorporated businesses; and foundations, respectively.

461. Financial institutions interviewed during the assessment confirmed that their account opening or policy application forms, as applicable, included questions in this area, the answers to which would be reviewed carefully as part of their customer acceptance procedures.

Ongoing Due Diligence on Business Relationship (c. 5.7; 5.7.1 & 5.7.2):

462. The requirement to conduct ongoing due diligence is set out in secondary legislation. AML Code 2008 paragraph 15 requires, as did its predecessor, ongoing and effective monitoring of any existing business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, when necessary, the source of funds.

463. For FSC-regulated entities, FSC Rule Book Rule 9.15 requires licenseholders to perform ongoing and effective monitoring whose extent and frequency must be determined on the basis of materiality and risk and in accordance with the licenseholder’s current risk assessment. Detailed practical guidance is provided in Sections 3.2.5 and 5 of the FSC Handbook.

464. For IPA-regulated insurers, IAMLR 2008 Section 18(1) replicates this requirement (and in particular for PEPs Section 20(6) reinforces the requirement). IGN 2008 provides detailed requirements in relation to ongoing due diligence in Sections 1.4 (enhanced CDD requirements); 3.4 and 3.5 (PEPs); 5 (existing policyholders and the requirement for ongoing review); and 9.5 (complex and unusual transactions).

465. In discussions with financial institutions, the assessors were largely satisfied that effective ongoing due diligence procedures were in place and being implemented, although there appeared to be significant differences in the scale and scope of the measures across the financial institutions, which could not readily be explained by the application of the risk-based approach.

5.7.2

466. The AML Code 2008 introduced a requirement under paragraph 15(1)(a) to ensure that customer CDD information is reviewed to ensure that it is up to date and appropriate (in particular where the relationship poses a higher risk).

467. Although the assessors were not in a position to review the implementation of this requirement across the full range of financial institutions, in the case of FSC-regulated entities, FSC Rule Book Rule 9.15(1)(a) already required licenseholders to review CDD information held to ensure it is up to date and appropriate ‘in particular where the relationship poses a higher risk’. Rule 9.9 further requires enhanced CDD to be undertaken for relationships posing a higher risk.

468. The FSC’s Handbook provides guidance on keeping information up to date at Sections 2.1.1, 3.1, 3.2.1, 3.2.5, and 4.7. Section 5 also provides guidance on conducting further CDD procedures where the basis of the relationship changes and undertaking a risk based approach to monitoring including particular considerations for high risk relationships.

469. While IPA-regulated insurers are subject to the relevant requirements set forth in the AML Code 2008, there is no specific parallel requirement in the insurance regulations to maintain up-to-date documents, data, or information, which creates the potential for confusion as to which set of requirements insurers should follow. More broadly, IAMLR 2008 Section 18(1) requires the insurer to continually consider the changing risk profile and circumstances of a policyholder or beneficial owner and consider whether or not additional CDD is required.

470. IGN 2008, while again not specifically requiring or maintaining up-to-date records, includes considerable detail in relation to policies requiring enhanced due diligence and monitoring (1.4); trigger events (5.1); subsequent business transactions not expected by the insurer (5.2); and 5.4 in relation to retrospective risk based reviews of deficient identification documentation per file with a focus on high risk relationships and low-risk relationship reviews on a trigger event basis. The requirements contained therein may be expected to include review of existing records and updating as necessary.

Risk—Enhanced Due Diligence for Higher Risk Customers (c. 5.8):

471. As noted, AML Code 2008 introduced in paragraph 8 a requirement that relevant persons must carry out enhanced CDD where an applicant for business poses a higher risk. Paragraph 8(2) specifies that higher-risk customers include, but are not restricted to: PEPs; persons in a country that does not apply or insufficiently applies the relevant FATF Recommendations; a person subject to a warning issued by a competent authority; or a company with bearer shares. Other relevant categories of high-risk business listed as examples in the FATF Recommendations (e.g., nonresident customers; private banking; trusts or other personal asset-holding vehicles; and companies with nominee shareholders) are not listed but neither are they excluded from the overall requirement for enhanced diligence for higher-risk business.

472. For FSC-regulated entities, Rule 9.9 of the FSC’s Rule Book also deals with circumstances when enhanced CDD must be carried out. These circumstances include (but are not restricted to):

  • (a) a business relationship with

    • (i) a politically exposed person; or

    • (ii) a person or legal arrangement resident or located in a country which the licenseholder has reason to believe does not apply, insufficiently applies, the FATF Recommendations in respect of the business or transaction in question;

  • (b) a person or legal arrangement which is the subject of a public warning issued by the FSC for the purposes of Rule 9.9

  • (c) a company which has shares in bearer form.

473. Furthermore, in respect of non face-to-face business, FSC Rule Book Rules 9.6(4) and 9.15(3) require adequate measures to be taken to compensate for any risk arising as a result of the relationship being non face-to-face. Rule 9.11 sets out specific requirements for dealing with relationships with politically exposed persons. These requirements have been included also in AML Code 2008 with regard to all relevant persons at paragraphs 6(6), 7(5), 9(5), and 15(3) with respect to non face-to-face business and at paragraph 10 with respect to politically exposed persons.

474. IPA-regulated insurers must undertake a risk assessment of their clients and those considered to be higher risk must be subject to enhanced due diligence pursuant to IAMLR 2008 Section 13. In addition, IGN 2.6 and 4 provide considerable detail on the risk assessment process to be undertaken at a recommended minimum level, although insurers may adopt a risk-based approach for assessing documentation and require additional or reduced evidence.

475. The IOM authorities recognize that the nature of most of the financial services business in the IOM is potentially high risk, as it is largely nonresident, non face-to-face business and much of it originates through introduced business. The requirements, as extended in late-2008 and supported by detailed guidance in the FSC Handbook and IGN 2008, deal specifically with a range of enhanced due diligence issues to encourage financial institutions, in applying a risk-based approach, to take appropriate account of all categories of customer they regard as high-risk. While the assessors regarded the current approach in the IOM as largely consistent with Recommendation 5, they recommended that the authorities expand the current list of categories of high-risk customers and consider including, for example, private banking and business involving trusts and other legal arrangements.

Risk—Application of Simplified/Reduced CDD Measures when appropriate (c. 5.9):

476. A number of concessions to the standard CDD requirements are provided for in secondary legislation and expanded somewhat in guidance. Having regard to the wording of the relevant FATF Recommendations and published guidance, it is not a straightforward task to determine whether any or all of these concessions are within the scope of FATF Recommendation 5 as representing appropriate reduced or simplified CDD measures, when identifying and verifying the identity of the customer and the beneficial owner where there are low risks. The conclusion for the purposes of this assessment is indicated following the analysis below for each type of concession.

477. AML Code 2008 paragraphs 6(4) and 9(4) provide for what is commonly termed in the IOM the ‘Acceptable Applicant’ process. This permits both FSC and IPA licenseholders to conduct business with particular types of regulated businesses without having to obtain full CDD documentation for purposes of identity verification. The businesses concerned are listed in the Code as:

  • a) a regulated person (defined in paragraph 2 of the Code to include specified categories of regulated financial institutions and fiduciaries in the IOM).

  • b) an advocate within the meaning of the Advocates Act 1976 or legal practitioner within the meaning of the Legal Practitioners Registration Act 1986 or an accountant carrying out business in or from the IOM, where subject to rules of a professional body that include requirements and procedures at least equivalent to the Code;

  • c) a person who acts in the course of external regulated business (defined in paragraph 2 of the Code to mean a regulated business outside the IOM that corresponds to any of those businesses regulated by the FSC or IPA) and which is regulated under the law and regulations of a country in the list in Schedule 2 to the Code (in which the IOM authorities have listed jurisdictions which, in their view based at least in part on published AML/CFT assessment reports, adequately apply the FATF Recommendations).

478. In order to take advantage of the above concession in accordance with the Code, the licenseholder must:

  • know the identity of the applicant for business i.e., it must not be anonymous;

  • know the nature and intended purpose of the relationship; and

  • be satisfied that the applicant for business is one of the businesses listed at paragraph 6(5) and 9(4) of the Code.

479. Pursuant to paragraphs 6(7) and 9(7) of the Code, the above concession does not apply where the licenseholder has any reason to believe that the country in which the applicant for business is incorporated or formed does not apply or insufficiently applies the FATF Recommendations. Furthermore, under paragraphs 6(8) and 9(8) this concession does not apply where there is knowledge or suspicion of money laundering or terrorist financing or there is doubt about the identity or bona fides of the applicant for business.

480. For IPA-regulated insurers undertaking long-term business, detailed obligations are set out in IGN 2008 Paragraphs 2.13 and 4.1 with respect to business involving Acceptable Applicants, including provision for the Acceptable Applicant to provide verification of identity documents, duly certified. If this documentation is not provided by the Acceptable Applicant, the insurer must itself obtain it. The insurer must monitor the status of the Acceptable Applicant on an ongoing basis.

481. The obligations of insurers notwithstanding, a number of broader issues arise with respect to the scope of the concession:

  • It goes beyond the suggested example in the FATF methodology which refers to financial institutions (while this is merely an example, it nonetheless underlines that any concession granted should have a low risk threshold).

  • While the inclusion of certain IOM-regulated DNFBPs within the potential scope of the concession (particularly for CSPs and TSPs) may appear justifiable by reference to the AML/CFT measures required of them in the IOM, as noted in section 4 of this report, the AML/CFT measures for a number of relevant categories of DNFBP in the IOM are still in the course of development and implementation. The current scope of AML Code 2008 Paragraphs 6(4)–6(5) and 9(4) could be misinterpreted as already granting the concession without regard to the enhancements still needed in AML/CFT coverage, particularly for advocates and accountants.

  • While measures are already in place at least to some degree for IOM advocates, as noted elsewhere in this report there is no basis (and no proposal at the time of the assessment to introduce a basis) for applying or supervising the implementation of AML/CFT measures for non-IOM legal practitioners registered to conduct certain business in the IOM. Yet it would appear that the Acceptable Applicant concession could apply in their case, albeit subject to the external regulated business test.

  • The scope of the definition of external regulated business is broad and imposes a challenge (and therefore a heightened risk) for IOM institutions to determine accurately the extent of supervision to which the external regulated businesses are subject and whether or not that supervision adequately addresses AML/CFT matters.

482. In discussions with the assessors, financial institutions confirmed that the Acceptable Applicant facility is used, though they pointed out that they determine on a risk basis the level of due diligence warranted in each case. Having regard to the level of due diligence which many of the institutions opt to conduct in any case, regardless of the available concession, the assessors were not clear of the value of maintaining the Acceptable Applicant concession in its current form. Having regard to the range of issues raised above, the assessors do not consider that the current Acceptable Applicant facility to be fully compatible with the FATF Recommendations, including on a risk-based approach nor with the guidance in the Basel CDD paper.

483. AML Code 2008 paragraph 11 provides a concession in respect of introduced business. This concession is commonly termed the Eligible Introducer’s system. This concession allows introducers to maintain the verification documentation relating to the applicant for business being introduced, subject to the controls outlined in the Code. In respect of businesses regulated by the FSC, further requirements are in place in respect of the Eligible Introducer’s system at Rule 9.10 of the FSC’s Rule Book. For IPA-regulated insurers, further requirements are specified in respect of an Introducer’s Certificate, detailed in IGN 2008 Section 8. The IPA indicated that, insofar as insurance is concerned, Insurance Certificates are seldom used in practice (and by only one insurer) and, even when they are used, they will often be accompanied by supporting identity and address documentation. (The more common practice in the insurance sector is the use of the Acceptable Applicant system, as discussed previously.) The Eligible Introducer concession is addressed in detail in the analysis of Recommendation 9.

484. In respect of businesses regulated by the FSC, the definition of beneficial owner at Rule 9.2 of the FSC’s Rule Book allows for a concession where the applicant for business is a company whose securities are listed on a recognized stock exchange. This form of concession is envisaged in the FATF methodology.

485. The FSC’s AML/CFT Handbook set out certain concessions which do not appear to have a clear legal basis in either the AML Code 2007 or 2008 or FSC Rule Book. FSC Handbook Section 4.8 offers a pragmatic clarification in relation to employee benefit schemes, share option plans, and pension schemes that it is the trustee, controller, administrator, or scheme manager who is the principal to be identified and verified for CDD purposes. This concession is broadly consistent with the FATF Recommendations, but, although it purports to grant an exemption from a requirement in secondary legislation, it does not appear to have been provided for in the IOM in law, but only in guidance.

486. FSC Handbook Section 4.10 describes a further concession that can apply (but for which no legal basis is indicated) ‘where the ML and FT risk has been assessed to be at its lowest’ (e.g., savings accounts) to permit licenseholders to accept source of funds as evidence of identity. Certain conditions must be met to limit the risk of this concession, as follows. Where:

  • a) All initial and future payments are made from a financial services product or account in the name of the customer that is held with another local regulated financial services business or regulated financial services business in an equivalent jurisdiction; and

  • b) No initial or future payments may be made by or received from third parties; and

  • c) The funds can only be repaid to the customer; and

  • d) Cash payments are not permitted with the exception of face-to-face withdrawals by the customer where evidence of identity is required to be produced before the withdrawal can be made; and

  • e) There is no suspicion of money laundering or terrorist financing,

  • a licenseholder may take the view that satisfactory verification has been achieved without the need for additional evidence of identity or address. However, the concession will be in respect of this product or service only.

487. While the assessors accept that the above conditions, where met, should significantly limit ML or FT risk arising from this activity, they do not entirely eliminate the scope for abuse. for example, the requirement that funds may be repaid only to the customer does not specify that such repayment may only be in the same form, currency, and to the same account or location as the source of funds. It is not clear, therefore, that this facility is entirely compatible with the FATF Recommendations (which provide for simplified or reduced measures when identifying or verifying identity—rather than no verification measures—where the risk is lower, or with applicable primary and secondary legislation in the IOM, which does not appear to explicitly provide the power to grant such an exception. The assessors understand that the use of this facility is not material in the IOM.

488. As noted earlier, Section 4.12 of the FSC Handbook provides that financial services businesses (termed ‘intermediaries’ in relation to this activity) frequently hold funds or assets on behalf of their customers with IOM banks. Examples include overseas banks (the Handbook refers to Swiss banks) that place deposits on a fiduciary basis with IOM banks. Section 4.12 provides that, where an intermediary acting on behalf of underlying customers falls under the definition of an ‘Acceptable Applicant’, the licenseholder can, subject to specified risk-based conditions, regard the intermediary as its customer and not identify the underlying depositors. The CDD obligations regarding the persons for whom the intermediary is acting rests with the intermediary. The arrangement is analogous to that typically applied to the funds industry and other pooled investment mechanisms such as unit trusts, to which the provisions of Section 4.12 also apply. However, the assessors could not identify any legal basis in either the AML Code 2007, AML Code 2008, or FSC Rule Book to support this concession. As noted above, the assessors concluded that this arrangement is not compliant with Recommendation 5, under which financial institutions should be required to determine whether a customer is acting on behalf of another person and should take reasonable steps to obtain sufficient identification data to verify the identity of that other person.

489. For IPA regulated insurers, a number of concessions for reduced or delayed CDD are permitted pursuant to IAMLR 2008 Section 7(1) These concessions relate to monetary thresholds of a single premium and accumulated related premium in a calendar year, as detailed above. Section 7 (2) permits concessions where the policy in question has no surrender or maturity value. Where concessions apply pursuant to Section 7, CDD must still be undertaken before a payout under the contract.

490. The requirements for publicly listed companies on a recognized stock exchange are less detailed than other corporate business structures in IGN 4.3 reflecting the differing levels of risk arising. IGN 2.6 details the recommended starting measures of CDD and 1.2 states that where deviation from the Guidance Notes occurs, it can only be done so on a justified case-by-case basis and approved by senior management or by genre of business and approved by the Board of Directors of the insurer. Pursuant to Section 1.3, any deviation from or variation to the standard requirements set out in the Guidance Notes may be considered on its own merits by the courts.

491. IAMLR 2008 Section 13(3) does not permit the use of the concessions if the application is considered a higher risk or there is a suspicion of ML/FT.

Risk—Simplification / Reduction of CDD Measures relating to overseas residents (c. 5.10):

492. The concessions discussed above, and those arising under the Eligible Introducer arrangements, are restricted to countries listed in Schedule 2 of the AML Code 2008. This list was prepared by the DHA in consultation with the FSC and IPA as a list of selected FATF members and other jurisdictions that the IOM authorities are satisfied adequately meet the FATF Recommendations. However, whether or not the jurisdiction is listed in Schedule 2 of the Code, if the licenseholder or other relevant person has any reason to believe that the jurisdiction in question does not apply, or insufficiently applies, the FATF Recommendations in respect of the business of that person, the concessions cannot be applied. This prohibition is set out in AML Code 2008 paragraphs 6(7), 9(7), and 11(6) in respect of introduced business and complies with Recommendation 5.

Risk—Simplified/Reduced CDD Measures Not to Apply when Suspicions of ML/TF or other high risk scenarios exist (c. 5.11):

493. In line with Recommendation 5, the listed concessions are not allowed by AML Code 2008 paragraphs 6(8), 9(8), and 11(11) where there is any knowledge or suspicion of ML. As noted, the Code defines money laundering to also include FT, the legal basis for which was discussed earlier. However, the Code makes no reference to disapplying the concessions where specific high-risk scenarios apply.

494. In respect of FSC-regulated entities, as there is no clear legal basis under the Code for the concessions described above arising under FSC Handbook sections 4.8,4.10, and 4.12, it is also unclear whether they would be subject to the disallowance in the Code relating to any knowledge or suspicion of ML. Moreover, there is no direct prohibition in the FSC’s Rule Book from conducting the simplified CDD measures of paragraphs 6(4), 9(4), and 11 where specific higher risk scenarios apply. However, Rule 9.5 of the Rule Book requires FSC licenseholders to apply CDD measures on the basis of materiality and risk. Rule 9.9 requires enhanced CDD to be undertaken in respect of certain higher risk relationships and Rule 9.11 applies further requirements in respect of relationships involving politically exposed persons. Furthermore, Rule 9.15 requires appropriate ongoing monitoring of all relationships. Where simplified CDD had been applied at the outset of the relationship, and through the ongoing monitoring requirement it was found that higher risk scenarios applied, the requirements at 9.15(1)(a) would come into effect and the FSC licenseholder would need to take steps to ensure the CDD obtained was appropriate. There are also parallel requirements in the AML Code 2008 to those quoted from the FSC Rule Book in the second half of this paragraph.

495. For IPA-regulated insurers, as discussed above, IAMLR 2008 Section 13(3) does not permit the use of the concessions, including reduced or simplified CDD, if the application is considered a higher risk or there is a suspicion of ML or FT.

Risk Based Application of CDD to be Consistent with Guidelines (c. 5.12):

496. In respect of the concessions provided by the AML Code 2008 as outlined above, the Code does not contain any provisions that the implementation of CDD measures on a risk-sensitive basis should be conducted in consistence with guidelines issued by competent authorities. However, paragraph 4(3)(a) of the Code states that where a Court is determining whether a person has complied with any of the requirements of the Code, the Court may take account of any regulatory guidance applied to that person by a competent authority, which is defined in paragraph 2 to include the FSC and the IPA. Moreover, AML Code 2008 introduced with effect from December 18,2008, a requirement that relevant persons must conduct risk assessments which, the assessors accept, would be expected to take into account relevant guidance issued by the authorities.

497. For FSC-regulated entities, extensive guidance is provided in the FSC Handbook, including in relation to the implementation of the specified concessions.

498. The IPA requires a risk sensitive approach pursuant to IAMLR 2008 Section 13 and sets out the basis under which risk assessment and the application of an appropriate standard of CDD must be performed by the insurer. Extensive details on a minimum recommended standard and implementation and treatment of concessions is contained in the Guidance Notes.

Timing of Verification of Identity—General Rule (c. 5.13): Timing of Verification of Identity— Treatment of Exceptional Circumstances (c.5.14 & 5.14.1):

499. With regard to the timing of CDD measures, AML Code 2008 paragraph 6(2) addresses new business relationships and requires that identification and verification of identity must take place before a business relationship is entered into, or during the formation of that relationship, but in any event it must take place as soon as reasonably practicable (taking into account the need not to interrupt the normal conduct of business where there is little risk of money laundering or terrorist financing occurring) after contact is first made between the relevant person and the applicant for business. AML Code 2008 paragraph 9(2) applies relevant requirements in relation to one-off transactions and Paragraph 11(3) in relation to introduced business. However, unlike the provisions for new business relationships, these paragraphs require identification and verification to be completed before entering into a transaction or a relationship, respectively.

500. For FSC-regulated entities, FSC Rule Book Rule 9.6(5) stipulates that licenseholders must not proceed with a business relationship or transaction unless they have determined who is the beneficial owner and taken reasonable steps to verify that beneficial owner and, where appropriate, applied specified basic CDD measures to customers that are legal persons or arrangements, with enhanced measures for non face-to-face business. In the case of a legal arrangement, Rule 9.8 of the FSC’s Rule Book permits licenseholders to verify the identity of beneficiaries after a relationship has commenced but it must be completed before any payment of income or capital is made.

501. There appear to be differences in the scope of the timing requirements of the AML Code 2008 and the FSC Rule Book which could create the potential for confusion and conflict. However, the FSC’s Handbook Section 4.13 provides some guidance to clarify that licenseholders must complete identification and verification procedures before entering into a business relationship. However, in exceptional circumstances, where there is little risk of money laundering or terrorist financing, identification and verification procedures may be carried out as soon as reasonably practicable if it is essential not to interrupt the normal conduct of business. This is subject to certain controls that are outlined at Section 4.13 of the Handbook and apply in cases where identification and verification has not been completed at the outset, requiring senior management approval and monitoring, management of ML and FT risks, limiting of types and amounts of transactions, and monitoring of large, complex, or unexpected transactions. While this is useful, it does not resolve the basic differences in terminology between the AML Code 2008 and the FSC Rule Book.

502. For IPA-regulated insurers, IAMLR 2008 Section 9(1) requires that insurers must not proceed with a business relationship unless they have conducted CDD. Timing of CDD concessions regarding the beneficiary of a life policy is permissible pursuant to Section 12 whereby verification of the identity of beneficiaries can be obtained after a relationship has commenced but must be completed before any payment is made under the contract. This concession is not available if the beneficiary of a life policy is also an applicant under the same policy.

503. The FATF standard allows some discretion to defer the completion of initial CDD and among the examples quoted by the FATF methodology is non face-to-face business, which is the norm in the IOM. In discussions with financial institutions, the assessors were informed that it is common in the IOM for new business to be accepted prior to the completion of CDD measures. Some institutions would allow up to 30 days for all verification documentation to be submitted; at least one institution would allow up to 60 days. In most—but not all—cases, active business would not be allowed to commence on the account prior to completion of all relevant CDD measures. Most institutions indicated that delays typically related only to a minor technical deficiency such as a poorly-photocopied or outdated verification document, rather than a complete absence of initial due diligence. The decision to accept the customer and to allow the business to commence would be taken on a case-by-case basis in accordance with internal procedures and taking into account potential ML or FT risk. Nonetheless, it appeared to the assessors that financial institutions were prepared to offer unusual levels of flexibility regarding the conducting of financial business in advance of completing full CDD which could potentially impact on the effectiveness of the AML/CFT measures. A further example was identified in discussions with legal and accounting professionals—some of whom introduce business to financial institutions—that, in allowing themselves up to three months to complete the CDD, situations arise where the business with their client is completed within that timeframe, the client relationship does not have reason to continue, and, in reality, CDD is never conducted. This is a concern from the perspective of any financial institution relying on the professional to have completed the CDD.

504. Overall, therefore, while the IOM requirements are broadly consistent with Recommendation 5, some questions remain regarding the effectiveness of some aspects of implementation and particular attention by the regulatory authorities to the issue of delayed CDD may be warranted in future onsite inspection work.

Failure to Complete CDD before commencing the Business Relationship (c. 5.15):

505. In line with Recommendation 5, paragraph 4(2) of the AML Code 2008 makes it an offense for any person who contravenes the requirement not to form a business relationship or carry out a one-off transaction with or for another person nor continue a business relationship unless that relevant person establishes, maintains, and operates CDD procedures (referred to as identification procedures in the Code) as set out in AML Code 2008 paragraphs 5 to 15 (i.e., new business, existing business, and one-off and introduced business relationships). Pursuant to AML Code 2008 paragraph 6(9), 7(6), 9(9), and 11(12), in any case where a relevant person, including a financial institution, does not succeed in completing the identification and verification as required under the Code, the business relationship and transactions shall not proceed any further, the relationship shall be terminated, and the relevant person shall consider whether to file an STR.

506. For FSC-regulated entities, the prohibition on proceeding with a business relationship or transaction is repeated in FSC Rule Book Rule 9.6(5). The FSC’s Handbook provides further guidance at Section 4.13.1. The FSC Handbook also sets out, in Section 4.13.1, that where verification of identity cannot be concluded within a reasonable timeframe and without adequate explanation, licenseholders must assess whether the circumstances are in themselves suspicious. In such circumstances licenseholders must consider making a disclosure/suspicious transaction report to the FCU. FSC Handbook Section 5.4.4 also provides guidance on the types of situations giving rise to suspicion which includes ‘where the customer refuses to provide the information requested without reasonable explanation’. FSC Handbook Section 6.5 also provides guidance on reporting declined business to the FCU where there is knowledge or suspicion of money laundering or terrorist financing.

507. IPA-regulated insurers are required, pursuant to IAMLR 2008 Section 16, to consider making a suspicious transaction report to the FCU when the insurer is unable to obtain satisfactory evidence of identity and throughout the policy’s lifetime, including for any claim payment (Section18(2)). Additionally, IGN Section 9.4(a) provides examples of insufficient identity verification as triggers for suspicion which may necessitate the making of a suspicious transaction report.

508. In practice, financial institutions interviewed in the course of the assessment confirmed that they would and do refer suspicions to the FCU in cases where they have difficulty in obtaining full CDD information from existing and prospective customers, and that they file STRs where warranted. This information was confirmed by the FCU.

Failure to Complete CDD after commencing the Business Relationship (c. 5.16):

509. In the context of continuing business relationships under AML Code 2008, paragraph 7(6) requires that the business relationship shall not proceed any further in the event that satisfactory CDD information and verification documentation (referred to in the Code as evidence of identity) is not obtained or produced, the relevant person shall consider terminating the relationship, and consider whether to file an STR.

510. For FSC-regulated entities, FSC Rule Book Rule 9.6(5) requires that licenseholders ‘must not proceed with the business relationship or transaction in question’ unless the CDD requirements contained at Rule 9.6 have been complied with. Section 6.5 of the FSC’s AML/CFT Handbook also provides guidance on reporting declined business to the FCU where there is knowledge or suspicion of ML or FT.

511. Similar to the FSC requirements, IAMLR Section 9(1) requires that, in the absence of satisfactory evidence to verify the identity, the application for a business relationship must not proceed any further. This requirement is continued throughout the IGN 2008.

Existing Customers—CDD Requirements (c. 5.17):

512. AML Code 2008 Paragraph 7(2) requires a relevant person, including a financial institution, to apply CDD requirements to existing business relationships, including upon the occurrence of defined ‘triggers’ relating to perceived changes in circumstances. This includes where anything arises to cause doubt as to the adequacy of CDD information and documentation already held. IGN 2008 Paragraph 5 sets forth the obligations of IPA-regulated long-term insurers in relation to the ongoing review of existing policyholders. The requirements are detailed and include trigger events such as subsequent business transactions or any redemption request. The FSC pointed out that there are relevant obligations for FSC-regulated entities under Rule 9.4 of the FSC Rule Book such that, in conducting the mandated risk assessment, licenseholders must cover existing relationships, including a review of information and documentation held.35 While the position as regards implementation was not totally clarified in discussions with financial institutions, the assessors understand that a program of reidentification was undertaken, on the basis of materiality and risk, when the standard for CDD requirements was increased substantially in 2003/4 and that the work on the above-mentioned risk assessments had commenced.

Existing Anonymous-account Customers - CDD Requirements (c. 5.18):

513. No cases of anonymous accounts were identified to the assessors. Should such a case ever arise, AML Code 2008 paragraph 7 requires that, where a financial institution or other relevant person becomes aware that the CDD information or documentation held is inadequate, they must take steps to obtain adequate information or documentation.

Analysis of Effectiveness – R.5

514. The measures outlined above were in force and effect at the time of the assessment and are, therefore, properly taken into account for purposes of this report. It is difficult, however, to provide in all cases an accurate assessment on the effectiveness of their implementation as a number of them were introduced only shortly before the on-site visit or brought into force and effect within a short time thereafter, as follows:

article image

515. The authorities and the financial institutions indicated that the revised Code and the most recent materials have been through a number of consultation phases which has allowed the financial institutions to internalize their provisions even prior to their coming into effect. Moreover, many of the changes represented an upgrading of the legal status of preexisting guidance by incorporation into regulations. However, the regulatory authorities have, in the main, not yet had the opportunity to assess the implementation of the recent changes by means of on-site visits. The FSC and the IPA had plans to do so from early 2009, although the FSC pointed out that they had included the guidance in question within the scope of their inspection work in recent years. while taking into account all evidence obtained from financial institutions during the course of the onsite visit, however, the assessors are constrained in assessing the effectiveness of implementation of some of the provisions, in particular, those introduced through AML Code 2008.

516. In meetings with financial institutions (as well as, in some cases their auditors and legal advisors), the assessors found a very high level of awareness of AML/CFT risks and requirements. It was evident that many of the institutions had been closely involved in supporting the development of the latest CDD measures and understood well the rationale for them. Many noted the degree of change in attitude to AML/CFT compliance issues, both within the institutions and among their client base, since the last assessment in 2002/3. The majority of financial institutions are part of UK, Irish, or other international financial services groups and are required to comply with group AML/CFT policies and procedures as well as the requirements in the IOM. Many, as part of international financial groups, already have experience in implementing a risk-based approach to ML/FT detection and prevention. Overall, the responses received by the assessors pointed to a high level of compliance with the CDD requirements, though it was not possible for the assessors to test this directly.

517. Almost all institutions interviewed stressed that they apply the CDD measures using the permitted risk-based approach. While such an approach has merit, it also has the effect of making internal management and regulation more difficult as it increases the scope for subjective judgment on the part of the institutions. If not carefully managed and documented, the risk-based approach could be a source of increased ML and FT vulnerability. It appeared to the assessors that, in some cases, the risk-based approach was being offered as an explanation for less than full compliance with some aspects of the IOM requirements and it is recommended that the regulatory authorities include testing in this regard as part of the on-site visit program.

518. Closely linked to a discussion of the impact of the risk-based approach is the high-risk profile of much of the financial sector business in the IOM (nonresident, non face-to-face, and often introduced by third parties, or involving the management of financial institutions from the IOM, with concessionary arrangements for identification, certification, and verification of the customer and the beneficial owner, if different). The assessors recognize that much of the business, though matching this profile, is in reality not high risk and is easily understood by the financial institutions. However, the degree of reliance on others, particularly outside the supervisory reach of the IOM authorities, clearly gives rise to increased risk and it was not evident to the assessors that all of the financial institutions took this fully into account in applying their AML/CFT procedures. While some institutions indicated a tightly controlled and cautious approach to the limited use of such arrangements as the Suitable Certifier, Eligible Introducer, or Acceptable Applicant, others were open to using any or all of these facilities, in combination, without indicating any particular need for enhanced due diligence. It could be expected, therefore, that the quality of implementation of the required AML/CFT CDD measures might be uneven, and heavily dependent on the quality of the due diligence work conducted by Eligible Introducers and others to whom the work (although not the ultimate responsibility) is delegated, operating either in the IOM or abroad.

Foreign PEPs—Requirement to Identify (c. 6.1):

519. With effect from December 18,2008, AML Code 2008 paragraph 10 introduced requirements in line with Recommendation 6 for relevant persons to maintain appropriate procedures and controls to determine whether an applicant for business, a customer, or a beneficial owner or controller is a politically exposed person (PEP). The term PEP is defined in detail in AML Code 2008 Paragraph 2 to include an extensive range of nonresident officials and those holding other relevant positions, together with their close relatives and associates.

520. For FSC-regulated entities, FSC Rule Book Rule 9.2 also provides a detailed definition of a PEP covering all aspects of the definition in the FATF glossary. It includes a list of categories of natural persons entrusted with prominent public functions, a list of categories of their family members, and a list of categories of close associates. Domestic PEPs are excluded from the FSC definition.

521. FSC Rule Book Rule 9.11 requires licenseholders to maintain appropriate procedures and controls to determine whether an applicant for business, an existing customer, or beneficial owner or controller is a PEP. Guidance in relation to PEPs in included in the FSC Handbook Section 3.5.

522. For IPA-regulated insurers, IAMLR 2008 Section 2 defines PEPs as natural persons entrusted with prominent public functions, their immediate family members, or persons known to have influence over the decisions of such persons. The IGN 2008 extends the PEP definition to include close associates and a list of natural persons entrusted with prominent public functions, a list of categories of their family members, a list of categories of close associates, and a list of legal PEPs. The definition contained in IGN 2008 is in line with the FATF glossary whereas that in IAMLR 2008 does not expressly include persons who have previously held such a position. While this inconsistency does not impact on the assessment, as the binding guidance notes have been accepted as other enforceable means and, therefore, provide a sufficient legal basis for PEP-related requirements, it would be preferable to also bring the definition in IAMLR 2008 into line with the international standard. In this case, domestic PEPs are not excluded from the definition, although they are outside the scope of the definition of the AML Code 2008.

523. Pursuant to IAMLR 2008 Section 20, regulated entities are required to maintain procedures to determine whether the applicant, policyholder, beneficial owner, person funding the premium, a settler or trustee, named or nominated beneficiary, or a natural person having power to direct the activities of the applicant or policyholder is a PEP. In such instances, simplified or reduced CDD must not be applied.

Foreign PEPs—Risk Management (c. 6.2; 6.2.1):

524. AML Code 2008 Paragraph 10(2) requires relevant persons to maintain procedures for obtaining senior management approval to establish a business relationship or conduct a one-off transaction with a PEP, or to continue a business relationship with a customer who is discovered to be a PEP.

525. For FSC-regulated entities, FSC Rule Book Rule 9.11(2) also requires licenseholders to maintain appropriate procedures and controls for requiring the approval of its senior management, before establishing a business relationship or continuing an existing business relationship with a PEP. The FSC Handbook Section 3.5 reiterates the requirement for senior management approval and calls for a regular review, on at least an annual basis, of the development of the relationship.

526. FSC Rulebook Rule 9.11(2)(b) stipulates that when a PEP is identified as being involved in existing business the approval of the licenseholder’s senior management is required to continue that business relationship. This is reiterated in Section 3.5 of the FSC Handbook.

527. On the identification of a prospective client as a PEP, IAMLR 2008 Section 20(4) requires IPA-regulated insurers to apply procedures and controls for senior management approval to accept an application for a business relationship. Guidance Notes IGN 2008 Section 3.3 further requires senior management involvement and approval, documentation of such approval, and retention of the documentation.

Foreign PEPs—Requirement to Determine Source of Wealth and Funds (c. 6.3):

528. AML Code 2008 paragraph 6(3)(d) introduced a requirement applicable to all new business relationships, which would include PEPs, that relevant persons take reasonable steps to establish the source of funds of an applicant for business. Moreover, FSC Rule Book Rule 9.7 requires licenseholders to take all reasonable steps to establish the source of funds for all customers, which would include any PEPs. FSC Rule Book Rule 9.9, in applying a requirement to apply enhanced due diligence measures to PEPs Rule 9.9 stipulates that licenseholders must take reasonable measures to establish the source of the wealth of the customer and of any beneficial owner when a PEP is involved in a business relationship.

529. For IPA-regulated insurers, the requirement to establish source of funds and source of wealth pursuant to IAMLR Section 9.1 and 24 is also a general business requirement and not an explicit requirement for PEPs. The IGN 2008 require that where a PEP is identified, higher due diligence requirements should apply, including making additional enquiries into the source of wealth pursuant to Section 1.4.

Foreign PEPs—Ongoing Monitoring (c. 6.4):

530. With application to all relevant persons, AML Code 2008 paragraph 8(3) includes as one of the enhanced due diligence measures a requirement to take reasonable steps to establish the source of the wealth of the customer and any beneficial owner for business categories that may pose a higher risk which are defined in paragraph 8(2) to include PEPs. For FSC-regulated entities, FSC Rule Book Rules 9.9 and 9.15 require enhanced ongoing monitoring of a business relationship involving a PEP. Further guidance in this regard is set out in the FSC Handbook Section 5.1.1.

531. Insurers regulated by the IPA are required to undertake ongoing oversight of policies which have a PEP as a policyholder, beneficial owner, settler, trustee, or beneficiary, pursuant to IAMLR 2008 Section 20(6) and IGN 2008 3.4.

Domestic PEPs—Requirements (Additional Element c. 6.5):

532. The IOM requirements do not extend to domestic PEPs for FSC licenseholders. However, the assessors found that, in practice, a number of banks appear to be applying the measures also to domestic PEPs.

533. In relation to the IPA regulated insurers, the IAMLR 2008 and the IGN 2008 do not exclude domestic IOM PEPS.

Domestic PEPs—Ratification of the Merida Convention (Additional Element c. 6.6):

534. As the IOM is not a Sovereign State it cannot sign or ratify the UN Convention against Corruption in its own right. The UK is responsible for the IOM’s international relations and representing the IOM at multilateral treaty bodies and following consultation with, and the approval of, the IOM Government it may arrange for ratification of conventions to be extended to include the IOM. The UK Government will only agree to extend its ratification of a convention to the IOM once it is content that the IOM’s legislation, policy, and practice adequately implements the convention’s provisions. In the area of anti-corruption, the IOM has enacted a revised Corruption Act in July 2008. The Council of Ministers agreed in May 2007 that the UK’s ratification of the Merida Convention should be extended to include the IOM and that IOM legislation should be amended to allow this to take place. The new Corruption Act was the most significant part of this process, which was designed to bring the IOM provisions largely into compliance with the Convention, but a number of ancillary legislative provisions are being progressed by the authorities to extend the UK’s ratification to the IOM.

Effectiveness of implementation — R.6

535. Financial institutions interviewed during the assessment all identified PEPs as being among their higher-risk categories of customer which attracted enhanced due diligence in accordance with their internal control procedures. None indicated any particular difficulty in implementing that due diligence in practice. All appeared to have access to well-known international database products to allow them to determine whether new or existing customers might qualify as PEPs—in some cases, the check was automated and integrated into account and transaction-processing systems; in other cases the checking was done manually. A number of banks indicated that they opted to include domestic IOM PEPs within the scope of their enhanced due diligence.

Cross Border Correspondent Accounts and Similar Relationships (c. 7.1–7.4)

536. With effect from December 18,2008, AML Code 2008 paragraph 13 introduced a set of requirements in relation to correspondent banking in line with the FATF Recommendations. Using the same language, FSC Rule Book. Rule 9.12 also sets out requirements for FSC licenseholders should they provide correspondent banking services. Rule 9.12 applies to a business relationship or one-off transaction, as the case may be, which involves correspondent banking services or similar arrangements.

537. Pursuant to AML Code 2008 paragraph 13(4) and FSC Rule 9.12, before entering into a relationship or transaction, a licenseholder must:

  • (a) obtain sufficient information about the respondent bank to understand fully the nature of its business;

  • (b) determine from publicly available information:

    • (i) the reputation of the respondent bank,

    • (ii) the quality of the supervision to which it is subject, and

    • (iii) whether it has been subject to investigation or regulatory action with respect to money laundering or the financing of terrorism;

  • (c) assess the procedures and controls maintained by the respondent bank for preventing money laundering or the financing of terrorism, and ascertain that they are adequate and effective;

  • (d) ensure that the approval of the licenseholder’s senior management is obtained; and

  • (e) document the respective responsibilities of the licenseholder and the respondent bank with respect to measures to prevent money laundering and the financing of terrorism.

Payable-Through Accounts (c. 7.5):

538. Pursuant to AML Code 2008 paragraph 13(5) and FSC Rule Book Rule 9.12(5), where a relationship or transaction involves a payable-through account, a licenseholder must be satisfied that the respondent bank:

  • (a) has taken steps complying with the requirements of Recommendation 5 (customer due diligence and record keeping) with respect to every customer having direct access to the account; and

  • (b) will provide the licenseholder on request with relevant evidence of the identity of the customer.

Effectiveness of implementation — R. 7

539. IOM banks are not in the business of providing correspondent banking services on a cross-border basis. Some IOM subsidiaries of UK clearing banks provide clearing services to smaller banks in the IOM, but no case was identified to the assessors that would constitute cross-border correspondent banking or the use of payable-through accounts.

Misuse of New Technology for ML/FT (c. 8.1):

540. AML Code 2008 paragraph 23 introduced a requirement that relevant persons maintain appropriate procedures and controls to prevent the misuse of technological developments, in line with one of the key provisions of Recommendation 8. For FSC-regulated entities effective August 1, 2008, using the same language, FSC Rule Book Rule 9.13 also requires that licenseholders maintain appropriate procedures and controls to prevent the misuse of technological developments for ML or FT purposes. This is supported by limited guidance in the FSC Handbook Section 2.8 which advises licenseholders to ensure that staff are kept abreast of relevant technological developments and identified methodologies in ML and FT schemes. FSC licenseholders are further advised in the Handbook that the risks and impact that any technological developments may have on their products or services should be fed back into the business risk assessment required at FSC Rule Book Rule 9.4.

541. However, neither the requirements nor the guidance refer to any particular types of technological risks such as internet banking (establishing new account relationships by internet or providing services on a non face-to-face basis electronically to existing customers); the use of credit/debit cards as part of account relationships, particularly to nonresidents on a non face-to-face basis; security of computer systems, particularly if customer-accessible, to address the risk of fraud, phishing, or other improper access to customer information. While it is not necessary to address such matters in primary or secondary legislation, it would be helpful, perhaps in conjunction with the financial institutions, to develop more detailed guidance to improve the effectiveness of the current basic requirements, rather then merely paraphrasing the wording of the FATF recommendation, particularly having regard to the importance in the IOM of non face-to-face relationships. The authorities pointed out in response that they have provided relevant training on a number of aspects of IT abuse and have followed the FATF methodology.

542. A number of financial institutions confirmed to the assessors that, while prospective customers can access account-opening forms on the internet, it is not possible to open an account without forwarding hard-copy documentation, with an original signature. Reference was made, however, to the emergence of certain UK-based financial services products that are being marketed, including in the IOM, on the basis that the customer relationship can be created using the internet. Financial institutions confirmed to the assessors that their services included the issue of debit and credit cards to nonresidents as a means of giving them access to their funds in the IOM. While this is normal banking business, when combined with the likelihood that the accounts were opened on a non face-to-face basis, while relying on a third party to conduct the CDD, the scenario may merit the issuing of additional guidance by the authorities.

543. For IPA-regulated insurers, IAMLR 2008 Section 37 requires insurers to have procedures in place to regularly consider, and have policies in place and take such measures that are needed to prevent the misuse of technological developments for ML or FT purposes. The training requirement pursuant to Section 32 extends to training for all staff on information on new developments, techniques and trends. IGN Section 2.23 refers directly to IAMLR 2008 Section 37 and expands on the topic of misuse of technological development for ML/FT purposes. The reviews of technological developments can be undertaken on a risk-assessed basis and such reviews are considered particularly relevant where application or other contact is made by electronic methods.

Risk of Non-Face to Face Business Relationships (c. 8.2 & 8.2.1):

544. With effect from December 18, 2008, the AML Code 2008 added a requirement into each of the relevant CDD measures that relevant persons take adequate measures to compensate for any risk arising as a result of dealing with an applicant for business otherwise than face-to-face (paragraphs 5(5), 6(6), 7(5), 9(5), and 15(3). In addition, from August 1, 2008, for FSC-regulated entities, pursuant to FSC Rule Book Rule 9.15(3), licenseholders must take adequate measures to compensate for any risk as a result of not dealing face-to-face with the customer. None of the requirements specify the types of measures that should be applied to non face-to-face business.

545. The FSC Handbook Section 4.5 includes additional guidance, though worded in mandatory terms although the Handbook is not directly enforceable. Section 4.5 provides that, to guard against this increased risk of identity fraud when a customer relationship is established remotely a licenseholder must either:

  • (a) Obtain copies of documents that have been certified by a suitable certifier; or

  • (b) If suitably certified copy documents cannot be obtained, address can be verified using electronic data sources, and at least one of the following checks must be undertaken and recorded prior to full activation of the relationship:

  • (a) Require payment for the product or service to be drawn from an account in the customer’s name at a credit institution in an equivalent jurisdiction.

  • (b) Send a letter by registered post to validate the address of the customer and ensure that the account is not activated until the signed acknowledgement of receipt is returned.

  • (c) Make a “physical” validation, e.g. an initial telephone call by a member of staff of the financial services business to a telephone number that has been independently validated.

  • (d) Requisition additional documents to complement those required for face-to-face customers.

  • (e) Internet sign-on following verification procedures where the customer uses security codes, tokens and/or other passwords which have been provided by mail (or secure delivery) to the named person at an independently verified address.

546. While the above guidance is helpful, it is also indicative of the additional risks arising from non face-to-face business, particularly when use is made of modern technology. As the guidance purports to be mandatory, it would be more appropriate to elevate it (or at least the essential elements) to an instrument that has direct legal effect, such as the FSC Rule Book. There is also scope to add more detailed guidance in the Handbook to emphasize further the risks inherent in non face-to-face business and the recommended additional steps that licenseholders should take to mitigate that risk.

547. IAMLR 2008 Section 13 requires an insurer to assess each applicant or policyholder on a risk basis in order to determine the inherent ML/FT risk; any higher risk business is subjected to higher CDD and enhanced ongoing due diligence. Section 4 and Section 22 enforce the ultimate responsibility remains with the insurer when activities are outsourced or delegated and any such function is undertaken as if by the insurer instead of the service provider. The insurer must have procedures in place to meet the requirements of the Regulations including ensuring that activities or work carried out on its behalf are completed in compliance with the IAMLR Section 21, where reliance is placed by an insurer on an introducer to collect information and evidence of identity or any other form of CDD, Introduced business is addressed in detail in this report under Recommendation 9.

Effectiveness of implementation — R. 8

548. Specific requirements to prevent the risk of use of technological developments for ML or FT purposes were only recently introduced at the time of the onsite visit (August 1, 2008 for FSC licenseholders and September 1, 2008, for IPA-related businesses), with a parallel requirement from December 18,2008 in the AML Code 2008. On that basis, it was not realistic to conduct a meaningful assessment of the effectiveness of the implementation of the new requirement.

549. With regard to non face-to-face business, it was evident to the assessors from discussions with financial institutions that such business is the norm in the IOM and, therefore, in some cases appeared to be regarded as routine. While some institutions identified the business as inherently high-risk and indicated that, as a consequence, they conducted CDD measures (identification and verification, including of the beneficial owner) directly and until the point where certainty had been achieved, other institutions welcomed the availability from the authorities of concessions designed to ease the CDD burden and were open to making full use of facilities such as Suitable Certifiers and Eligible Introducers. This may indicate uneven standards of implementation across the financial sector and the assessors recommend that this area should be a focus for additional supervisory attention by the regulatory authorities.

3.2.2. Recommendations and Comments

R.5

  • The authorities should take steps to eliminate any residual inconsistencies in AML/CFT legal requirements and terminology.

  • The authorities should expand the current list of categories of higher-risk customers and consider including, for example, private banking and business involving trusts or other legal arrangements.

  • The authorities should conduct a risk-based review of the current scope of the Acceptable Applicant facility and, if warranted, limit its availability for consistency with the FATF Recommendations. To comply with the FATF Recommendations, financial institutions should be required in all cases to determine whether a customer is acting on behalf of another person and to take reasonable steps to obtain sufficient identification data to verify the identity of that other person.

  • If the exceptions to the CDD requirements of secondary legislation as currently set out in the FSC Handbook are to be retained, the authorities should amend the secondary legislation as necessary to provide for them.

  • Should the authorities decide to continue allowing source of funds to be used as principal evidence of identity in certain low-risk circumstances, the requirements should be tightened further to eliminate any remaining risk of abuse for ML or FT purposes.

  • The authorities should review on a risk basis the implementation of the concession allowing operations to commence prior to completion of full CDD procedures to ensure it is not being misused.

  • The authorities should ensure that insurance managers and insurance intermediaries are included within the scope of all relevant AML/CFT requirements.

R.8

  • To support the implementation of the basic requirement in this area, the authorities should issue more detailed guidance on the specific ML and FT risks of new technologies, for example in relation to e-money and e-commerce.

3.2.3. Compliance with Recommendations 5 to 8

article image
article image

3.3. Third Parties And Introduced Business (R.9)

3.3.1. Description and Analysis

550. As noted, much of the financial business in the IOM is conducted on a non face-to-face basis for nonresidents. IOM banking, insurance, and other financial services products are marketed globally, including through business introducers. The potentially long distribution chain may increase the exposure of IOM financial institutions to misuse for ML and FT purposes, including through layering and structuring, as they are remote from the customer and face an additional challenge in identifying with confidence the ultimate beneficial owner(s) or controller(s).37 The IOM authorities developed a protocol to accommodate the use of business introducers by IOM entities subject to the AML Code 2008. Additionally, they have provided for a defined class of introducer (generally known as ‘Eligible Introducer’), by availing of the provisions of FATF Recommendation 9 as a means of fulfilling the CDD obligations of Recommendation 5. The stated objective is to eliminate duplication of effort and documentation in cases that meet a set of conditions set out in secondary legislation and developed further in guidance. In addition to assessing formal compliance with Recommendation 9, the analysis below considers whether the protocol is sufficiently robust and implemented effectively to adequately control such additional risks as arise from reliance on third parties in conducting and documenting the necessary CDD procedures.

551. AML Code 2008 paragraph 11 sets out the basis on which CDD measures should be applied where business is introduced by a third party. It also defines the class of introducer commonly known as an ‘eligible introducer’ and sets out the eligibility criteria to permit reliance on them by IOM financial institutions and other relevant persons. The provisions are analyzed below for consistency with the criteria of Recommendation 9.

Requirement to Immediately Obtain Certain CDD elements from Third Parties (c. 9.1):

552. In the case of introduced business in general, pursuant to AML Code 2008 paragraph 11(4), the IOM financial institution or other relevant person is required to establish, maintain, and operate procedures that include:

  • (a) The production by the introducer of evidence of the identity of the applicant for business; or

  • (b) The taking of such other measures as will produce evidence of their identity; in each case in accordance with AML Code 2008 paragraph 6(3) which includes requirements to verify identity, obtain information on the purpose and intended nature of the business relationship; and taking reasonable steps to establish the source of funds.

553. It is not provided expressly in the Code or elsewhere that the evidence of identity should be provided to the IOM financial institution but this is understood by the requirement for ‘production’.

554. With regard to business introduced by third parties pursuant to paragraph 11(4), the obligation to conduct CDD remains directly with the IOM financial institution in accordance with paragraph 11(3) and they may only rely on the introducer to source information and documentation on their behalf from the (prospective) customer and, as appropriate, the beneficial owner. This ultimate responsibility is emphasized in guidance issued to the institutions they regulate by the FSC and is also set out as a requirement for insurers in Sections 4 and 21(5) of the IAMLR.

555. By contrast, under paragraph 11(5), there is an exemption from the requirement to produce verification of identity in respect of business introduced by a third party if:

  • a) The relevant person has identified the applicant for business and the beneficial owner and knows the nature and intended purpose of the relationship; and

  • b) The introducer meets the definition of an ‘eligible introducer’, as set out below:

556. While the term ‘eligible introducer’ is not to be found in either the AML Code 2008 or the IAMLR 2008, it is included for convenience and for clarity in the following analysis as it is commonly used in practice in the IOM to refer to an introducer that meets the definition in AML Code 2008 paragraph 11(5)(c) (i), as follows:

  • a) a regulated person (defined in paragraph 2 of the Code to include specified categories of regulated financial institutions and fiduciaries in the IOM; specifically: banks, investment businesses, building societies, CSPs, TSPs, trustees of retirement benefit schemes, and retirement benefits scheme administrators);

  • b) an advocate or legal practitioner within the meaning of the Legal Practitioners Registration Act 1986 or an accountant carrying out business in or from the IOM, where subject to rules of a professional body that include requirements and procedures at least equivalent to the Code;

  • c) a person who acts in the course of external regulated business (defined in paragraph 2 of the Code to mean a regulated business outside the IOM that corresponds to any of those businesses regulated by the FSC or IPA) and which is regulated under the law of a country in the list in Schedule 2 to the Code (in which the IOM authorities have listed jurisdictions which, in their view based at least in part on published AML/CFT assessment reports, adequately apply the FATF Recommendations).

557. A number of issues arise with respect to the scope of the above definition:

  • While the inclusion of certain IOM-regulated DNFBPs (specifically CSPs and TSPs) within the potential scope of the concession may appear justifiable, as noted in Section 4 of this report, the AML/CFT measures for a number of relevant categories of DNFBP in the IOM are still in the course of development and implementation. The current scope of AML Code 2008 could be misinterpreted as already granting the concession without regard to the enhancements still needed in AML/CFT coverage.

  • While measures are already in place at least to some degree for IOM advocates, as noted elsewhere in this report there is no basis (and no proposal at the time of the assessment to introduce a basis) for applying or supervising the implementation of AML/CFT measures for non-IOM legal practitioners registered to conduct certain business in the IOM. Yet it would appear that the Eligible Introducer concession could apply in their case, albeit subject to the external regulated business test.

  • A basis for the application of AML/CFT measures to IOM accountants based on membership of specific professional bodies had not been finalized at the time of the on-site visit; the pattern of application of AML/CFT measures to accountants in other countries is uneven and AML Code 2008 could be misinterpreted as granting the concession to them just by virtue of membership of professional bodies.

  • The scope of the definition of external regulated business is broad and imposes a challenge (and therefore a heightened risk) for IOM institutions to determine accurately the extent of supervision to which the external regulated businesses are subject and whether or not that supervision adequately addresses AML/CFT matters.

558. To comply with the criteria of Recommendation 9, financial institutions must be required to obtain immediately the necessary CDD information from the third party and, with regard to business introduced by third parties in general, AML Code 2008 paragraph 11(2) provides that the production of satisfactory evidence of identity (or other equivalent measures) shall be undertaken before entering into a business relationship. Based on interviews with IOM financial institutions, the assessors formed the view that the (somewhat more liberal in terms of timeframe) requirement in place at the time of the on-site visit was being interpreted in some cases by financial institutions in a manner not fully consistent with the terms of Recommendation 9. The scope for deferred CDD has subsequently been removed by the authorities. While this post-visit strengthening of the requirements is to be welcomed, the assessors did not have the opportunity to confirm the effectiveness of implementation of the new measures.

559. For business sourced from eligible introducers, the requirement to verify identity may be waived provided that the financial institution has identified the applicant for business and beneficial owner; knows the nature and intended purpose of the relationship; and confirms that the eligibility criteria for introducers are met.

560. While insurers are subject to AML Code 2008, they are also covered by the IAMLR 2008 which sets out the basis on which the insurers can accept business sourced through introducers. A potential exception could arise in the case of entities such as insurance managers or insurance intermediaries because, as noted above, they do not come within the scope of the IAMLR 2008, but are covered by the Code. In relation to insurance business, where the insurance manager is managing an element of an IOM-regulated insurers’ business then the IOM-regulated insurer is obliged to comply or be satisfied that the insurance manager is complying. In the event that an insurance intermediary, regulated by the IP A, introduces its client to an IPA-regulated general insurer, than such insurer is subject to the full range of AML/CFT requirements. Insurance intermediaries of long term insurance business are regulated by the FSC and as such are subject to the FSC Rulebook.

561. Pursuant to IAMLR 2008 Section 9, an insurer must take reasonable measures to verify client identity and satisfy itself on the source of wealth and source of funds. The insurer must hold either original documents or suitably certified copies on its files, or undertake a form of investigation which satisfies the insurer in relation to client identity; the information must be reliable, independent source documents, data, or information. Such information may be obtained from an introducer, as defined in the IAMLR 2008 Section 21 and IGN 2008 Section 7. The introducer is not permitted to certify CDD documentation unless classified as a suitable certifier. Where an insurer is relying on an introducer to collect information and evidence of identity or any other form of CDD and permits the introducer to retain the information, such information and relevant identification data must be made available to the insurer ‘upon request and without delay’ pursuant to IAMLR Section 21.

562. Under the IGN 2008, the use of an Introducer’s Certificate is permissible, defined in Section 12(i) as a document “which historically was an acceptable method of regulated introducers certifying the identity of an applicant without providing certified copy documents”. Pursuant to Section 8, an IPA regulated entity can only accept, among other requirements, an Introducer Certificate if the introducer is regulated in a jurisdiction listed in Schedule 2 of the AML Code 2008. The assessors were advised during meetings with the industry and the authorities that Introducer Certificates are either no longer accepted by insurers or their use is no longer common practice (according to the IPA, currently used by only one insurer and only then from UK FSA-authorized and regulated intermediaries).

563. IAMLR 2008 Section 8 provides that the production of satisfactory evidence of identity (or other equivalent measures) shall be undertaken as soon as is reasonably practicable after the applicant applies to enter into a business relationship. In the event that the business relationship commences prior to the completion of the CDD process, the insurer must apply measures to control the type and volume of transactions that must be performed. While this provision may be pragmatic particularly for non face-to-face business, it does not equate to a requirement to obtain information immediately. However, as noted, AML Code 2008 paragraph 11(3) introduced a requirement for identification before entering into a business relationship, which is consistent with Recommendation 9.

Availability of Identification Data from Third Parties (c. 9.2):

564. AML Code 2008 paragraph 11(7) provides that financial institutions and other relevant businesses may not enter into a business relationship with a person introduced to them by a third party unless written terms of business are in place. Paragraph 11(7)(e) requires that such terms of business must require the introducer to supply to the relevant party forthwith upon request copies of the evidence verifying the identity of the applicant for business and of the beneficial owner and all other CDD data held by the introducer. Similarly, for insurance businesses, IAMLR 2008 Section 21 provides that regulated entities may not enter into a business relationship with an introducer unless written terms of business are in place. Section 21(3) requires that such terms of business must require the introducer to supply forthwith upon request the evidence verifying the identity and all other related CDD of the applicant and of the beneficial owner or controller who exercises influence over the policyholder.

Regulation and Supervision of Third Party (applying R. 23,24 & 29, c. 9.3):

565. AML Code 2008 paragraph 11(8) places responsibility on the relevant person to ensure that the procedures of the introducer are fit for the purpose of ensuring that evidence produced, or to be produced, is satisfactory and that the procedures of the introducer are also fit for that purpose. Paragraph 11(9) of the Code requires that a relevant business must randomly test these procedures to satisfy itself that procedures for compliance with these requirements are sufficiently robust and effective. An explicit requirement has been introduced in paragraph 11(10) in compliance with Recommendation 9 that financial institutions satisfy themselves that the introducer is regulated and supervised for AML/CFT purposes and also requires the taking of steps as necessary to ensure awareness of any material change to the intermediary’s status or of that of the jurisdiction in which the introducer is regulated. This represented a significant strengthening of the IOM requirements.

566. Pursuant to IAMLR 2008 Section 21(2), IPA-regulated entities must ensure that the ongoing monitoring of an introducer includes information on the introducer’s regulatory status. However, it appears that an adequate regulatory status might not be a prerequisite for entering into an agreement with an introducer as IGN 2008 Section 7.4 outlines a procedure that insurers could apply in assessing regulatory status and the regulatory body. Under Section 7.5, an insurer must have in place procedures to monitor the ongoing status of all regulated introducers who hold customer due diligence documentation on its behalf, and also undertake sample testing to ensure that the documents can be retrieved when required and that the regulated introducer has measures in place to comply with the CDD requirements.

Adequacy of Application of FATF Recommendations (c. 9.4):

567. In compliance with Recommendation 9, AML Code 2008 paragraph 11(6) excludes from the scope of the ‘Eligible Introducer’ concession introducers from any country that does not apply or insufficiently applies the FATF Recommendations in respect of the business of the introducer.

568. While IGN Section 7.4 require insurers to consider the location, regulatory status, and regulatory body of the introducer when determining whether the procedures of the introducer are fit for purpose, no specific requirement exists for considering whether the introducer’s jurisdiction adequately applies the FATF Recommendations. IGN 7.4 provides that when an insurer has reason to believe that an introducer is subject to insufficient ML/FT regulation, the insurer may wish to introduce additional measures, including but not limited to devising CDD procedures for the introducer to undertake. These additional measures are not mandatory and are at the discretion of the insurer.

Ultimate Responsibility for CDD (c. 9.5):

569. In line with Recommendation 9, AML Code 2008 paragraph 11(13) provides that the ultimate responsibility for ensuring that CDD procedures comply with the terms of the Code remains with the relevant person. For FSC-regulated entities, clarification is also provided in the FSC Handbook Sections 4.11 and 4.12 that responsibility remains with the IOM licenseholder.

570. For IPA-regulated insurers, IAMLR Section 9(4) prohibits delegation of responsibility for CDD. Responsibility remains with the insurer for outsourcing or delegated functions to ‘ensure that the activities or work carried out on its behalf are completed in accordance with these Regulations, and that adequate procedures are in place which meet the requirements of these Regulations’. While IGN Section 2.5 permits reliance to be placed on the information collected by the third party, pursuant to Section 7.1, the ultimate responsibility for CDD and verification remains with the insurer. As noted in Section 3.2 of this report, IP A regulated insurers need to comply with two pieces of secondary legislation being the AML Code 2008 and the Insurance (Anti-Money laundering) Regulations 2008 and a question could arise as to which takes legal precedence in cases where the legislative provisions overlap or conflict.

Effectiveness of implementation

571. In practice, introducers represent an important source of new and continuing business for IOM financial institutions. The assessors found that a range of approaches is employed by financial institutions in determining whether and, if so, the extent to which they place reliance on the Eligible Introducers to conduct CDD on their behalf, beyond merely using them to source CDD information. Some financial institutions place reliance on Eligible Introducers to the full extent permitted. Others are more selective, working with a smaller sub-set of known and trusted introducers of a particular type and/or in specific jurisdictions. For some, corporate policy requires that all CDD procedures must be conducted directly by staff of the IOM financial institution; while others have learned from unsatisfactory past experiences and no longer rely on the introducers.

572. Among the factors which may undermine the effectiveness of implementation of the concession is the difficulty that may arise in determining whether a foreign introducer is, in reality, regulated and supervised specifically for AML/CFT purposes (rather than for prudential or market practice purposes), particularly given the wide definition of external regulated business in AML Code 2008 Section 2.

573. While it is difficult to form a definitive view regarding the overall quality of implementation, there were strong indications during the assessment that the operation of the Eligible Introducer arrangement was not without significant reputational risk to the IOM, with anecdotal evidence of significant deficiencies in some cases, which contrasted with a high level of reported satisfaction with the quality of the information provided by introducers in other cases. The regulatory authorities provided the assessors with evidence that they take into account the inherent risks and give considerable attention to introduced business as part of their on-site work. It is an area on which regulatory authorities should continue to focus particular attention as part of their onsite inspection programs.

3.3.2. Recommendations and Comments

  • The authorities should review the range of business introducers in respect of which concessions are applied to ensure that all categories are subject to equivalent AML/CFT requirements.

  • By means of on-site supervision or otherwise, the regulatory authorities should assess the effectiveness of CDD being obtained from Eligible Introducers or Introducers including, in the case of insurers, the use and effectiveness of Introducer’s Certificates.

  • The authorities should remove any residual inconsistencies in secondary legislation following the coming into force of the AML Code 2008.

3.3.3. Compliance with Recommendation 9

article image

3.4. Financial Institution Secrecy or Confidentiality (R.4)

3.4.1. Description and Analysis

Inhibition of Implementation of FATF Recommendations (c. 4.1):

574. There are no statutory financial institution secrecy provisions under IOM law that would inhibit the implementation of the FATF Recommendations. There is, however, strict application by financial institutions of the common law duty of confidentiality in respect of their client information. For specified purposes, including for purposes of financial sector supervision and AML/CFT, statutory provisions override the common law duty of confidentiality subject to strict safeguards. Provisions relevant to AML/CFT include:

  • Sections 17K CJA 1990,48 DTA 1996, and 11 ATCA 2003, which make it an offense not to report knowledge or suspicion that a person is engaged in laundering the proceeds of criminal conduct and are the principal powers under which financial institutions report suspicions to the FCU. This topic is analyzed in detail in the assessments of R.13 and elsewhere in Section 2 of this report, including the powers of the law enforcement agencies and the FCU in particular to gain access to confidential client information for purposes of their investigations. In brief, a Court order (‘production order’) or warrant is required for such access, thus overriding the duty of confidentiality.

  • While there is no secrecy law preventing financial institutions from providing information to each other where necessary for AML/CFT purposes, at the time of the onsite visit there also was no specific provision in place that would explicitly override the duty of confidentiality and thus empower financial institutions to exchange such information for purposes of R.7, R.9, or SR.VII. This matter is to be addressed in Section 147 POCA (2008) which had not come into force at the time of the assessment. In practice, however, financial institutions did not identify to the assessors any confidentiality-related difficulties in exchanging information between themselves for AML/CFT purposes when the exchange is conducted in accordance with normal industry practices or in the course of meeting their CDD requirements.

575. With regard to access by relevant (including supervisory) authorities to confidential information held by financial institutions, relevant provisions are contained in the FSA 2008, which came into effect on August 1, 2008 and largely replicates legislative provisions under earlier supervisory legislation. The provisions include:

  • Section 15 FSA 2008 bringing into effect Schedule 2 FSA 2008 which lists the FSC’s powers to inspect books, accounts, and documents of financial institutions; to require the provision by financial institutions of such information as the FSC may reasonably require for the performance of its functions under the FSA 2008 (which includes explicitly as a regulatory objective in Section 2 (2)(c) FSA 2008 ‘the reduction of financial crime’); to enter property and take possession of documents; and other powers to require the appointment of reporting accountants or appoint an external inspector to provide the FSC with a report on any matter relevant to the supervision of a financial institution under FSC supervision.

  • Section 34 FSA 2008 which empowers the FSC to enter into mutual assistance agreements with regulatory authorities (as defined in Section 48 FSA 2008 to apply to a broad categories of regulatory or supervisory authority in the IOM or otherwise). Section 34(3) FSA 2008 empowers the FSC to conduct an investigation on behalf of another regulatory authority where requested by that authority for purposes of assisting it in the exercise of its functions. The exercise by the FSC of its powers under these provisions is subject to specific limitations: Section 34(4) FSA 2008 provides that the above provisions “shall not permit the disclosure of any information relating to the affairs of a customer other than in accordance with Schedule 5” FSA 2008. Schedule 5 contains a complex set of provisions limiting the provision of customer information to ensure that such information may be used only in accordance with regulatory powers and for valid purposes. Unless the approval of the customer is obtained before information is provided to the foreign authority, the information is subject to certain controls on its use and dissemination. The published policy of the FSC, including as signatory of the IOSCO MMOU, is to provide full and timely assistance to other regulators. This issue is addressed further in the analysis in this report of compliance with R.40.

576. In relation to relevant provisions including supervisory actions vested in the IP A, the IA 2008 Schedule 5 enables the IPA to exercise its powers to inspect the books, accounts, and documents and to undertake such inspections and investigations in relation to the concerned insurer, pursuant to Schedule 5: an insurer or former insurer; a person suspected of or appearing to carry on contracts of insurers; a controller including a body corporate; any associate or former associate; any partnership; customers or former customers; and any other person with whom the insurer had formed a business relationship. Such powers include the power of entry and access.

577. The exercise by the IPA of its powers under these provisions is subject to specific limitations: Schedule 6 IA 2008 provides that, under the above provisions, the IPA shall treat information relating to the business or other affairs as restricted and shall not disclose such information other than in relation to the exceptions listed in Schedule 6.2. Schedule 6.1 does not preclude the disclosure of information to a recognized regulator, whether a governmental or private body, in the IOM or elsewhere, for the purposes of discharging its functions and to exercise such functions relating to financial crime pursuant to Section 37 and Schedule 6.2(2) IA 2008.

578. The IA 2008 Schedule 5 largely replicates the powers conferred on the IPA under IA 1986 and further extends inspection and investigative powers specifically to registered or former insurance intermediaries; managers; persons exempt from registration; any scheme or former scheme including administrators or trustees to such schemes; and to ‘any person who the Supervisor has reason to believe has information that is relevant to the discharge of the Supervisor’s functions under the Act’ on reasonable grounds.

3.4.2. Recommendations and Comments

  • Bring into force the provision that financial institutions do not breach their confidentiality duty in exchanging customer information between themselves for AML/CFT purposes.

3.4.3. Compliance with Recommendation 4

article image

3.5. Record keeping and wire transfer rules (R.10 & SR.VII)

3.5.1. Description and Analysis

Legal Framework:

579. Record keeping requirements applicable to financial institutions and other relevant persons are set out in the AML Code 2008, paragraph 4(1)(a)(ii) of which provides that they must establish, maintain, and operate record keeping procedures in accordance with paragraphs 16–19, dealing respectively with: records of verification of identity; records of transactions; retention of records; and their format and retrieval. For FSC-regulated entities, further requirements are set out in FSC Rule Book 2008 Rule 9.16, supported by detailed guidance in the Handbook 2008.38

580. More broadly, in terms of accounting records, under the Banking Act 1998, Code 78 of the Banking (General Practice) Regulatory Code 2005 requires a licenseholder to keep such accounting records as are necessary to accurately disclose its business transacted in or from the IOM at any time. Such records must be maintained for a period of six years. For IPA-regulated insurers, record keeping requirements are set forth in IAMLR 2008 Regulations 28-30 and further detailed requirements are contained in the IGN 2008.

Record-Keeping & Reconstruction of Transaction Records (c. 10.1 & 10.1.1):

581. In accordance with Recommendation 10, pursuant to AML Code 2008 paragraphs 16 and 17(1), financial institutions and other relevant persons must, for at least five years from the date of the transaction, keep records of all transactions carried out, including identification data, account files, business correspondence records, and records sufficient to permit reconstruction of individual transactions and compliance with the Code. As no distinction is made between domestic or international transactions or based on whether the business relationship is ongoing or has been terminated, the requirement applies to records of all transactions. In respect of insurers, Regulation 29 of the IAMLR 2008 further requires ‘that records be maintained for at least five years from the date of the last transaction or when the business relationship was formally ended’ and therefore, in this instance, distinction is made between whether the business relationship is ongoing or has been terminated.

582. With effect from December 18,2008, AML Code 2008 paragraph 17(3) introduced an explicit provision that, where a relevant person becomes aware that a request for information or an enquiry is underway by a competent authority, all relevant records must be maintained for as long as required by the competent authority. For FSC-regulated entities, Section 8 of the Handbook sets out details of the measures they are expected to have in place, albeit with the status of guidance.

583. An important issue in the case of the IOM, having regard in particular to the eligible introducer system, is the retention of records held on behalf of IOM financial institutions and other relevant persons by third parties, often from outside the IOM. AML Code 2008 paragraph 11(7) requires that record keeping in accordance with paragraph 17(1) shall be included in the written terms of business that must be in place with the eligible introducer, the enforcement of this aspect of the terms of business could present difficulties in practice in some jurisdictions. The authorities pointed out that the fact that records may be retained abroad does not exempt a financial institution from its statutory obligations in the IOM. Also, the risk of difficulties arising in information access is mitigated to some extent by the requirement under AML Code 2008 paragraph 11(9) for the testing, on a random and periodic basis, of the procedures (which would include those for the supply forthwith upon request of the evidence verifying the identity of the applicant for business and the beneficial owner in any particular case) with a view to ensuring their effectiveness. AML Code 2008 paragraph 18(2) tries to address the potential difficulties by requiring that introducer produce upon request copies of the records requested and notify should they be no longer able to comply with that requirement. Moreover, detailed requirements were introduced by means of AML Code 2008 paragraph 11(7)(f) and (h) to ‘supply to the relevant person forthwith copies of’ identification/verification evidence and all other CDD data where:

  • (a) The introducer is to cease trading;

  • (b) The introducer is to cease doing business with the applicant for business; or

  • (c) The relevant person informs the introducer that it no longer intends to place reliance on that introducer.

584. For FSC-regulated entities, FSC Rule Book Rule 9.16 restates the record-keeping requirements of the Code, though with some differences. Under Rule 9.16, in addition to making records available to a constable, requires that the records must also be available if required internally to staff of the licenseholder and to the FSC. Rule 9.10 also contains requirements for record keeping as part of the mandatory terms of business in relation to reliance on Eligible Introducers. Sections of the Rule Book other than Section 9 on AML/CFT also contain requirements on record keeping more generally. However, only Section 9 had been brought into force within the timeframe of this assessment, with the remainder of the Rule Book due to come into effect from January 1, 2009, and, being outside the timeframe of the assessment, are not analyzed further here.

585. IAMLR 2008 Regulations 28–30 require that records be maintained for at least five years from the date of the last transaction or when the business relationship was formally ended. Such records must be sufficient to:

  • identify the source and recipient of payments to permit authorities and competent third parties to assess the insurer’s observance of ML policies and procedures;

  • compile an audit trail for the reconstruction of any transactions; and

  • satisfy within a reasonable timeframe any enquiries or court orders as to the disclosure of information.

586. As with FSC regulated entities, no distinction is made between domestic or international transactions or based on whether the business relationship is ongoing or has been terminated: records of all transactions are required to be maintained.

587. Further, pursuant to IAMLR 2008 Regulation 29(2) where a report has been made to the FCU, or where the insurer should know or knows of a matter under investigation, the insurer must retain all records for as long as required by the FCU.

588. IGN 2008 expands on the record-keeping requirements, detailing the requirements pursuant to Section 10 including transaction records; compliance and money laundering reporting officer records; introducer records; and transaction records and documentation.

Record-Keeping for Identification Data, Files and Correspondence (c. 10.2):

589. In line with Recommendation 10, AML Code 2008 paragraph 16 requires financial institutions and other relevant persons to maintain records of identification data, account files, and business correspondence records for at least five years.

590. For FSC licenseholders, FSC Rule Book 2008 Rule 9.16 also requires the retention of all information resulting from any step taken in identifying, or verifying the identity of, or obtaining any information concerning any person or ascertaining the source of funds. As noted earlier, separate requirements addressing the maintenance of business and accounting records apply a mandatory minimum retention period of six years for some relevant records. Sections of the Rule Book other than Section 9 on AML/CFT also contain relevant requirements in this context. However, only Section 9 had been brought into force within the timeframe of this assessment, with the remainder of the Rule Book in effect from January 1, 2009 and, therefore, outside the timeframe of this assessment.

591. For IPA-regulated insurers, all records prepared and maintained on its policyholder relationships and transactions must be retained for at least five years from the date of the last transaction or when the business relationship was formally concluded. As referred to above, the time frame can be extended as required by the FCU.

592. Pursuant to IAMLR 2008 Regulation 30, all CDD information must be available for investigative purposes ‘wherever held, and whether held by the insurer or not’. IGN 2008 expands on the record-keeping requirements and pursuant to Section 10(2) all documents relating to CDD and all other functional areas that the insurer may be involved in at any stage in the duration of the insurance contract must be detailed and maintained, including any file notes and supporting documentation. Where records are maintained by a third party, including regulated introducers, the legal responsibility remains with the insurer to ensure the ability of retrieval and recreation of the transaction records. IGN 2008 Section 10.4 sets out requirements in relation to transaction records including origin of funds and the destination of funds. Section 10 requires insurers to advise all introducers of the applicable requirements of the AML Code 2008, IAMLR 2008 and IGN 2008.

593. Availability of Records to Competent Authorities in a Timely Manner (c. 10.3):

594. Provisions in relation to retrieval of records are set out in AML Code 2008 paragraph 18. If the records are in the form of hard copies kept in the IOM, the relevant persons must ensure that they are capable of retrieval without undue delay; if they are in the form of hard copies kept outside the IOM, they must ensure that the copies can be sent to the IOM and made available within seven working days; in the case of other records, including copies kept on a computer system, they must ensure that they are readily accessible in or from the IOM and that they are capable of retrieval without undue delay. There is also an obligation on the relevant persons if they rely on third parties, to ensure that they are satisfied that the third party is required upon request to produce copies of the records required and that the third party must notify the relevant person if no longer able to comply for whatever reason. In addition, AML Code 2008 paragraph 11(7)(d) requires that record keeping in accordance with paragraph 16 shall be included in the written terms of business that must be in place with an eligible introducer. These provisions aim to ensure that the appropriate records are available to the IOM licensed entity.

595. With regard to availability of the records to the IOM competent authorities, access for a constable (relevant for FCU and law enforcement purposes) was noted earlier. In addition, a number of methods are provided to allow access for the FSC to the records of its licenseholders under the FSA 2008, including the powers of inspection and investigation in Section 15 and Schedule 2, among which is the power to request information about the affairs of a customer (Schedule 2, Paragraph 2) and the power to issue direction (Schedule 2, Paragraph 2(3)). Paragraph 3 provides the FSC with powers to require information where authorized in writing by a Justice of the Peace, which is the method normally used by the FSC to obtain AML/CFT information for use in investigations.

596. For IPA-regulated entities, both the IAMLR 2008 and the IGN 2008 contain provisions that require an insurer to retrieve all records and satisfy, within a reasonable time, any court orders or enquiries from appropriate authorities requiring disclosure of information. No maximum time-line is stipulated. Pursuant to IAMLR 2008 Regulation 28 (2), any records kept in electronic format must be available, legible, and capable of reproduction in a manner acceptable to the IPA and IOM Courts. IGN 2008 8.6 sets forth that insurers must have in place written procedures for obtaining copies of documentation from the introducer on request, both on an ad hoc basis or in the event of cessation of business.

597. The legal framework as described is in line with the international standard. There remains some risk that the information held by third parties might not be released in practice, particularly if held outside the IOM, despite the IOM licensed entity having been satisfied that no such difficulty would arise. The requirements introduced in this regard in late-2008 by the IOM authorities appear to go as far as it is possible to go to mitigate this risk, but it cannot be eliminated entirely as implementation remains to some extent beyond the control of the IOM-regulated entity.

Effectiveness of implementation – R. 10

598. In practice, all financial institutions interviewed during the assessment confirmed that they retain all records of transactions, account opening and ongoing due diligence, accounts, and correspondence for at least five years, and more typically for 10 or 12 years. All records retained in the IOM are available to the relevant competent authorities without delay. The assessors noted that some financial institutions maintain part of their records at group facilities outside the IOM, mainly in the UK. With regard to dependence on third parties to maintain records and provide them swiftly upon request, some of the institutions interviewed expressed satisfaction with the service provided by eligible introducers and other third parties; others indicated concerns and had stopped availing of the facility to rely on third parties. The relevant competent authorities confirmed that they do not encounter difficulties or delays in obtaining the information and records they request from licenseholders and that they take care to select the appropriate legal channels and follow the set procedures in requesting information and records for investigative purposes.

Obtain Originator Information for Wire Transfers - Introduction:

599. Having regard to the fact that the IOM is in monetary union with the UK, following a request made to the EU by the UK Treasury on behalf of the IOM authorities, a derogation was approved on December 8, 2008 in respect of EU Regulation 1781/2006.39 The derogation provides for the UK to establish agreements with Jersey, Guernsey, and the IOM so that the reduced information requirement can apply to payments passing between the UK and these associated territories. The derogation would not apply between that territory and any other Member State. The assessors understand that for the derogation to take full effect, a formal agreement is still required between the IOM and UK authorities, which was not in place within the timeframe of this assessment.40 However, as the derogation has been approved by the EU Member States and all relevant documentation was available to the assessors, the derogation has been taken into account for purposes of this assessment.

600. Provisions in relation to wire transfers are set out, not in primary legislation, the AML Code 2008, or the FSC Rule Book 2008, but by order. The IOM authorities opted to implement European Regulation 1781/2006 on Wire Transfers with appropriate modifications by means of orders by the Council of Ministers which constitute secondary legislation in the IOM, the “European Community (Wire Transfers Regulation) (Application) Order 2007”, as amended by the “European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007”. To mirror the EU sanctions for non-compliance and date of implementation the EC Wire Transfers Regulation (Enforcement) Regulations 2007 came into force on December 15,2007. In Article 3 (entitled Scope) of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007, the Regulations are not applied to credit/debit card transactions at paragraph 2. Payments between financial institutions whilst acting on their own behalf are excluded from the Regulations at paragraph 7(c) of the same Article 3.

601. Detailed guidance on the application of the wire transfer requirements is set out in the FSC Handbook 2008 Section 5.3. The Handbook clarifies that the Regulation is widely drawn and intended to cover all types of funds transfer falling within its definition as made ‘by electronic means’ other than those specifically exempted wholly or partially by the Regulation. For UK Payment Area41 based payment system provides it includes, but is not necessarily limited to, international payment transfers made via SWIFT, including various EUR payment systems, and domestic transfers via the UK payment systems, CHAPS and BACS.

Obtain Originator Information for Wire Transfers (applying c. 5.2 & 5.3 in R.5, c.VII.1):

602. Payment service providers are required, before transferring funds other than from an account, to verify the complete information on the payer on the basis of documents, data, or information obtained from a reliable and independent source, where the amount exceeds EUR1,000 (or the transaction is carried out in several operations that appear to be linked and together exceed EUR1,000). The exemption threshold does not apply where there is a suspicion of money laundering. (European Regulation (Application) Order, paragraph 5.4).

603. Complete information on the payer is clarified in the Handbook Section 5.3.4.1 to consist of name, address, and account number. A number of exceptions are permitted in the IOM consistent with the terms of SR.VII and are used in practice by the banks. For example, as a substitute for the address information, the Handbook specifies that the payer’s date and place of birth, or national identity number, or customer identification number may be substituted. In the event that the recipient bank demands the payer’s address where one of the alternatives had initially been provided, only with the payer’s consent or under judicial compulsion would the address be additionally provided. Where the payment is not debited to a bank account, the requirement for an account number must be substituted by a unique identifier which permits the payment to be traced back to the payer. One of the IOM banks interviewed during the assessment indicated that, as a matter of practice, they chose to use unique identifiers for wire transfers generally.

Inclusion of Originator Information in Cross-Border Wire Transfers (c. VII.2):

604. Chapter II, Article 5, paragraph 1 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007 requires the full originator information to accompany a wire transfer of the required amount. The SR.VII concession relating to batch file transfers is applied in accordance with the international standard pursuant to Chapter II, Article 7, paragraph 2 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007.

605. Where the banks of both payer and payee are located within the UK Payment Area (defined in the IOM as equivalent to domestic), wire transfers need be accompanied not by full originator information but only by the payer’s account number or by a unique identifier which permits the transaction to be traced back to the payer. However, if requested by the payee’s bank, complete information must be provided by the payer’s bank within three working days. On December 8, 2008, the European Commission confirmed the agreement of Member States to grant a derogation for the IOM for UK Payment Area wire transfers.

Inclusion of Originator Information in Domestic Wire Transfers (c. VII.3):

606. As noted, the IOM provisions define domestic transfers as including those to/from the UK Payment Area. Financial institutions have to comply with VII.2 above as per Chapter II, Article 5, paragraph 1 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007 except where the concession at Chapter II, Article 6 applies. As explained above, the required details must then be supplied within three working days if requested to do so.

607. Clarification of the position of the EU Member States having been obtained, the IOM definition of domestic can be accommodated within the current interpretation of the FATF Recommendations.

Maintenance of Originator Information (c.VII.4):

608. Banks must have systems in place to detect when the originator information is incomplete or missing pursuant to Chapter III, Article 8 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007. If such wire transfers are detected the details must be requested, or the transfer rejected, as per Chapter III, Article 9 of the same Regulation. Intermediary payment service providers are required to ensure that all information received on the payer that accompanies a transfer of funds is kept with the transfer as per Chapter IV, Article 12 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007.

609. The requirements regarding how to proceed when systems have technical limitations and the requirements to keep subsequent records for five years are detailed at Chapter IV, Article 13 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007.

Risk Based Procedures for Transfers Not Accompanied by Originator Information (c. VII.5):

610. The FSC Handbook 2008 clarifies that banks must have effective procedures for checking that incoming wire transfers are compliant with the relevant information requirement, as explained below. In order not to disrupt straight-through processing, it is not expected that monitoring should be undertaken at the time of processing the transfer. The Regulation specifies that banks should have procedures “to detect a lack of presence” of the relevant information, which is a reference to the validation rules of whichever messaging or payment system is being utilized. Additionally, the Regulation requires banks to take remedial action when they become aware that an incoming payment is not compliant. The payment service provider in such circumstances is required to adopt a risk-based approach and take it into account when assessing if such a wire transfer is suspicious and whether to make a report to the FCU. The requirement is at Chapter III, Article 10 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007. Hence, in practical terms it is expected that this requirement will be met by a combination of the following: Licenseholders must therefore subject incoming payment traffic to an appropriate level of post event random sampling to detect non-compliant payments. This sampling should be risk based, explained in the Handbook as follows:

  • (a) the sampling could normally be restricted to payments emanating from banks outside the UK Payment Area where the complete information requirement applies;

  • (b) the sampling could be weighted towards non-FATF member jurisdictions, particularly those deemed high risk under a bank’s own country risk assessment, or by reference to external sources such as Transparency International, or FATF or IMF country reviews;

  • (c) focused more heavily on transfers from those Payer banks are identified by such sampling as having previously failed to comply with the relevant information requirement;

  • (d) other specific measures might be considered, e.g., checking, at the point of payment delivery, that payer information is compliant and meaningful on all transfers that are collected in cash by payees on a “Pay on application and identification” basis.

  • (e) None of the above requirements obviate the obligation to report suspicious actions in accordance with normal suspicious transaction reporting procedures.

611. In practice, the assessors received mixed responses from IOM banks regarding their treatment of incoming wire transfers that lacked full originator information. Additional clarifications were received on this issue from the authorities and some banks subsequent to the on-site visit. The banks confirmed that they apply a risk-based approach in considering whether further action is warranted to address the absence of full originator information. As an indicative example, one bank provided evidence that it systematically reviews incomplete wire transfer receipts from a set of high-risk countries (as defined by the particular financial services group) and may request additional information from the sending bank if the transaction cannot be explained within the bank. for countries of origin not on this list of jurisdictions, a 10 percent sampling rate is applied. A list is maintained of ‘frequent offenders’ with regard to failure to provide complete originator information and such banks are contacted and improvement requested; the assessors understand that these controls are implemented primarily at UK group level. Overall, while the measures in place in IOM banks could be interpreted as within the risk-based terms of SR.VII, they represent only a partial application of the objective that obtaining originator information is the expected standard procedure, with exceptions acceptable only in low-risk circumstances.

612. Some smaller IOM banks, without direct access to wire-transfer facilities, contract with larger IOM banks (typically subsidiaries of UK clearing banks) to transmit payments on their behalf. Based on information provided to the assessors, it appeared that there were difficulties in some cases in arranging to have full originator information on the payer (customer of the smaller IOM bank) transmitted successfully to and through the IOM intermediary bank.

613. The requirement to restrict future business and to take other appropriate action such as terminating the relationship, plus making report to the FSC, is at Chapter III, Article 9, paragraph 2 of EC Regulation 1781/2006, as applied in the IOM by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007.

Monitoring of Implementation (c. VII.6):

614. The FSC does not routinely monitor implementation of the wire transfer provisions as, to date, it has not been viewed as a higher risk issue but plans to do so as part of the visit cycle process in 2009/10. In practice, most of the IOM’s banks are branches or subsidiaries of banks in the EU and group procedures are applied. This reliance on group procedures is not fully in compliance with the monitoring requirements of SR.VII.

Application of Sanctions (c. VII.7: applying c.17.1–17.4):

615. Sanctioning powers as set out in the analysis of Recommendation 17 apply also in relation to wire transfers, pursuant to the EC Wire Transfers Regulation (Enforcement) Regulations 2007 Sections 3 and 5(1–3). Under Section 43 of the FSA 2008, if an FSC licenseholder is in contravention of any statutory provision, the FSC may exercise any power that is an action for breach (but with the exception of the powers under Section 16 and Section 20 of the Financial Services Act 2008). Actions for breach are defined in Section 48 of the Financial Services Act 2008 and include revocation of suspension of a license, issue of directions in respect of an individual’s fitness and propriety and service of warning notices.

Additional elements: elimination of thresholds (c. VII.8 and c. VII.9) (c. VII.8 and c. VII.9):

616. IOM law does not require incoming or outgoing wire transfers under EUR/USD 1,000 to contain full originator information.

3.5.2. Recommendations and Comments

SR.VII

  • The FSC should reconsider whether the current implementation of the risk-based approach for incoming wire transfers lacking full originator information accurately reflect the level of underlying risk.

  • The FSC should continue to include wire transfers within its program of on-site supervision.

3.5.3. Compliance with Recommendation 10 and Special Recommendation VII

article image

3.6. Monitoring of Transactions and Relationships (R.11 & 21)

3.6.1. Description and Analysis

Special Attention to Complex, Unusual Large Transactions (c. 11.1): Examination of Complex & Unusual Transactions (c. 11.2):

617. Financial institutions and other relevant persons are required, pursuant to AML Code 2008 Paragraph 7 which addresses continuing business relationships, to establish, maintain, and operate specified procedures in relation, inter alia, to:

  • A suspicious pattern of transactions;

  • Transactions or patterns of transactions that are complex or unusually large and which have no apparent economic or visible lawful purpose; or

  • Unusual patterns of transactions which have no apparent economic or visible lawful purpose. (paragraph 7(2) (b), (c) and (d))

618. The procedures required pursuant to AML Code 2008 paragraph 7 include an examination of the background and purpose of the transaction or circumstances and, where necessary, reidentification of the customer or beneficial owner.

619. A new provision was introduced in AML Code 2008 paragraph 9(6) to require a relevant person to take adequate measures to compensate from any risk arising from one-off transactions that are complex or unusually large or have no apparent economic or visible lawful purpose. In addition, the FSC Rule Book and IAMLR address all relevant elements for FSC licenseholders and IPA-licensed insurers, respectively. Paragraph 15 of the AML Code 2008 also contains requirements for all relevant persons to perform ongoing monitoring, including scrutiny of transactions and other activities, paying particular attention to transactions that are complex, large, or unusual, or of an unusual pattern, and which have no apparent economic or lawful purpose.

620. For FSC-regulated entities, FSC Rule Book Rule 9.15 requires licenseholders to perform ongoing and effective monitoring, including appropriate scrutiny of transactions and other activities, paying particular attention to those defined in Recommendation 11. The extent and frequency of monitoring must be determined on the basis of materiality and risk, consistent with the risk assessment required under Rule 9.4 and by reference to Rule 9.9 which provides the basis for enhanced due diligence. Rule 9.15(3) requires enhanced measures for non face-to-face business.

621. For IPA-regulated insurers, IAMLR Section 17 provides that insurers must pay special attention to ‘complex transactions; unusual large transactions; unusual patterns of transactions; and transactions with no apparent visible economic or lawful purpose’, both at the inception of the business relationship and during its lifetime. Insurers must maintain a written record of the results of their examination of the background and purpose of such transactions.

Record-Keeping of Findings of Examination (c. 11.3):

622. Pursuant to AML Code 2008 paragraph 7(3), financial institutions and other relevant persons undertake ‘an examination of the background and purpose of the transactions or circumstances’ for the categories listed in paragraph 7, which includes transactions that have no apparent economic or visible lawful purpose. Under paragraph 7(4), in line with Recommendation 11, they must also keep written records of any examination, steps, measures, or determination made or taken and, on request, provide the findings to the competent authorities and auditors. Records required by the Code must be retained for at least five years (paragraph 17(1)).

623. For FSC licenseholders Rule 9.16(1) of the FSC’s Rule Book requires that a record must be kept of any documents produced when further scrutiny is undertaken of transactions that are complex, large and unusual, or of an unusual pattern of transactions and which have no apparent economic or lawful purpose.

624. For IPA-regulated insurers, IAMLR Regulations 28-30 provide that such records must be kept for at least five years, including for one-off transactions, and kept in such a manner that can be produced and such that the transactions can be reconstructed.

625. Financial institutions informed the assessors that they have developed systems and procedures to identify the categories of transactions and circumstances set out in Recommendation 11. In practice, the systems typically highlight divergences between a customer’s actual business and the expected level or nature of activity as set out in the customer’s profile, which is required to be maintained by the institution. The divergences are systematically examined by the institution and, if they cannot be explained, may result in the filing of an STR with the FCU and, potentially in extreme cases, with the termination of the customer relationship.

Special Attention to Countries Not Sufficiently Applying FATF Recommendations (c. 21.1 & 21.1.1):

626. As discussed under Recommendations 5 and 9 in this report, the AML Code 2008 provides for a variety of concessions for financial institutions and other relevant persons from the application of full CDD measures in certain specified circumstances. Pursuant to paragraphs 6(7), 9(7), and 11(6), however, these concessions shall have no effect if the relevant person ‘has reason to believe that the country in question does not apply or insufficiently applies the FATF Recommendations’. AML Code 2008 paragraph 8(2)(a)(ii) sets out the requirement for enhanced due diligence where the applicant for business poses a higher risk, which is specified to include a business relationship or one-off transaction with a person or legal arrangement resident or located in a country which the relevant person has reason to believe does not apply or insufficiently applies the FATF Recommendations in respect of the business or transaction in question.

627. For FSC-regulated entities, FSC Rule Book Rule 9.9 on enhanced due diligence includes as part of ‘matters which pose a higher risk’ a business relationship or one-off transaction with a person or legal arrangement resident or located in a country which the licenseholder has reason to believe does not apply, or insufficiently applies, the FATF Recommendations in respect of the business or transaction in question.

628. For IPA-regulated insurers, IAMLR 2008 Section 6(1) requires insurers to have procedures in place to take into consideration applicants who are located or incorporated in countries on the FATF NCCT list only. While, pursuant to Section 13(2), insurers during the risk assessment process must undertake enhanced CDD for applicants considered high risk, there is no reference in the legislation for insurers to consider if a country does not apply or insufficiently applies FATF recommendations. IGN 2008, which is only applicable for insurers undertaking long-term business, requires insurers to consider the jurisdiction when conducting the risk assessment. IGN2008 Section 1.7 points out that all jurisdictions listed in Schedule 2 of the AML Code 2008 should not be assumed to apply an appropriate standard of AML/CFT regulation and that the list should not be regarded as an automatic trigger to apply reduced CDD.

629. There are no systematic measures in place to ensure that financial institutions are advised of concerns about weaknesses in the AML/CFT systems of other countries. However, relevant information is available to financial institutions from a number of sources with regard to such concerns. FSC licenseholders are required under Rule 9.14(3) to advise the FSC when a foreign branch or subsidiary is unable to apply AML/CFT measures of an appropriate standard. Similarly the IPA requires insurers to submit the same notifications pursuant to Section 3(3) IAMLR 2008. More broadly, the Joint Anti-Money Laundering Advisory Group (JAMLAG) provides a regular forum for public/private sector discussions on AML/CFT issues, which could include concerns about particular jurisdictions. The authorities indicated that they have communicated (directly to licenseholders or via their websites) concerns about specific countries and, for example, warnings issued by the FCU or Customs and Excise. Examinations of Transactions with no Apparent Economic or Visible Lawful Purpose from Countries Not Sufficiently Applying FATF Recommendations (c. 21.2):

630. Pursuant to AML Code 2008 paragraph 7(3) and in line with Recommendation 21, financial institutions and other relevant persons undertake ‘an examination of the background and purpose of the transactions or circumstances’ for the categories listed in paragraph 7, which includes transactions that have no apparent economic or visible lawful purpose. Under paragraph 7(4), they must also keep written records of any examination, steps, measures, or determination made or taken and, on request, provide the findings to the competent authorities and auditors. Records required by the Code must be retained for at least five years (paragraph 17(1)).

Ability to Apply Counter Measures with Regard to Countries Not Sufficiently Applying FATF Recommendations (c. 21.3):

631. The authorities did not identify at the time of the assessment any basis on which the IOM could apply appropriate counter-measures to countries that do not apply or insufficiently apply the FATF Recommendations.42 However, the DHA has the power to remove a jurisdiction from the list in Schedule 2 of the Code of jurisdictions regarded as applying AML/CFT measures equivalent to those of the IOM. The authorities pointed out that, given the size of the jurisdiction, any countermeasures applied by the IOM were unlikely in practice to have significant impact.43

3.6.2. Recommendations and Comments

R.21

  • The authorities should formalize appropriate means of applying counter-measures to countries that do not or insufficiently apply the FATF Recommendations.

3.6.3. Compliance with Recommendations 11 & 21

article image

3.7. Suspicious Transaction Reports and Other Reporting (R.13-14,19, 25 & SR.IV)

3.7.1. Description and Analysis

Requirement to Make STRs on ML and TF to FIU (c. 13.1 & IV.1):

632. Pursuant to Sections 17K CJA 1990,48 DTA 1996 and 11 ATCA 2003 a person may be held criminally liable if he knows or suspect that another person is engaged in laundering the proceeds of a predicate offense, the information or other matter on which that knowledge or suspicion is based came to his attention in the course of his trade, business, profession or employment and the person does not disclose the information or other matter to a constable as soon as is reasonable practicable after it comes to his attention. Additionally, Section 20(2) of the Code requires financial institutions and other relevant persons to establish, maintain, and operate written internal reporting requirements to enable, inter alia, prompt reporting of knowledge or suspicion of money laundering or terrorist financing to the FCU.

633. The Code clarifies that the procedures should relate to disclosure to a constable who is with the FCU. In practice, the inverted nature of the STR reporting requirement is considered to have the same meaning in law as a direct formulation and does not appear to impact negatively on the decision-making by financial institutions on whether or not to file an STR with the FIU.

634. The STRs received by the FCU are analyzed in the following comprehensive published statistics.

Financial Crime Statistics

article image
article image