UT-2022-00097 - [2024] UKUT 00352 (TCC)

The Decision Notice summarises the regulatory failings of the Applicant in relation to its dealings with the Solo Group at paragraphs 5.3 to 5.7 as follows:

“Principle 3

5.3

Principle 3 requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.

5.4

Arian breached this requirement during the Relevant Period, in relation to the Solo Trading, as its policies and procedures were inadequate for identifying, assessing and mitigating the risk of financial crime as they failed to:

a)

set out the circumstances where reliance could be placed on an authorised firm’s CDD;

b)

include a requirement for risk assessments to be documented, and to document the rationale for any due diligence measures the firm waived when compared to its standard approach, in view of its risk assessment of a particular customer;

c)

set out adequate processes and procedures for EDD;

d)

set out adequate processes and procedures for client categorisation; and

e)

set out adequate processes and procedures for transaction monitoring including how transactions were to be monitored, or with what frequency, and how to identify suspicious transactions.

5.5

The breaches revealed serious or systemic weaknesses in both Arian’s procedures and the management systems or internal controls relating to Arian’s governance of financial crime risk.

Principle 2

5.6

Principle 2 requires a firm to conduct its business with due skill, care and diligence. The Authority considers that Arian breached this requirement by failing properly to assess, monitor and manage the risk of financial crime associated with the Solo Clients and purported trading activity, in that it:

a)

failed properly to conduct customer due diligence prior to onboarding the Solo Clients, and consequently failed to identify that they presented a higher risk of financial crime before they started trading;

b)

failed to gather information to enable it to understand the purpose and intended nature of the business that the Solo Clients were going to undertake, the likely size or frequency of the purported trading intended by the Solo Clients or the source of funds for the Solo Clients. Arian relied on its retained compliance consultants becoming “comfortable” following concerns raised by the consultants, after Arian explained some information about the trading strategy. However, Arian should have ensured that it fully understood the nature of the Solo business;

c)

failed to undertake and document a risk assessment for each of the Solo Clients prior to onboarding and trading for the Solo Clients;

d)

failed adequately to complete EDD for any of the Solo Clients despite the fact that none of the Solo Clients were physically present for identification purposes and a number of other risk factors were present, and despite the fact that its retained compliance consultants advised that Arian would need to undertake EDD. Although Arian had engaged its retained compliance consultants to give some limited assistance during the onboarding process, they were not instructed to provide any substantive assistance with regard to EDD prior to onboarding;

e)

failed to assess each of the Solo Clients against the categorisation criteria set out in COBS 3.5.2R and failed to inform the Solo Clients prior to any provision of services of their specific client categorisation, contrary to COBS 3.3.1R;

f)

failed to conduct transaction monitoring of the Solo Clients’ purported trades, including assessing whether the transactions were consistent with its knowledge of the customers and their risk profile, and when instructing a second external compliance firm to undertake monitoring of the trades (after the Solo Trading had commenced) the remit of those instructions was limited and did not include trade monitoring from an AML or other financial crime perspective; and

g)

failed to recognise numerous “red flags” with the purported trading, including that Arian did not consider whether it was plausible and/or realistic that sufficient liquidity was sourced within a closed network of entities for the size and volumes of trading conducted by the Solo Clients. Likewise, Arian failed to consider or recognise that the profiles of the Solo Clients meant that they were highly unlikely to meet the scale and volume of the trading purportedly being carried out, and/or failed at least to obtain sufficient evidence of the clients’ source of funds to satisfy itself to the contrary.”

We shall use these findings as a basis for our assessment of the financial penalty to be imposed in this case, subject to one clarification. In relation to the finding set out at paragraph 5.6 (f) of the Decision Notice, we accept that some transaction monitoring took place. Although Compliance Asset were instructed to undertake anti-market-abuse monitoring, there could be an overlap between such work and monitoring for wider financial crime purposes. Compliance Asset could have identified suspicious transactions where the suspicions went wider than market abuse and, if it did so, would have reported them to the Applicant.