EASTERN CARIBBEAN SUPREME COURT
TERRITORY OF THE VIRGIN ISLANDS
IN THE HIGH COURT OF JUSTICE
Claim No. BVIHCV 2017/0175
FINANCIAL SERVICES COMMISSION
HARNEYS INSURANCE MANAGEMENT SERVICES
Appearances: Mr. Michael Beloff, QC with Ms. Dian Fahie, Counsel for the Claimant
Mr. Michael Bloch, QC with Mr. Jonathan Addo, Counsel for the Defendant
2019: January 10th
Ellis J: The Appellant (“the Commission”) herein is a regulatory authority established under the Financial Services Commission Act, 2001 and responsible for the regulation, supervision and inspection of all financial services within the British Virgin Islands (BVI). The Appellant also has a statutory duty to ensure full compliance with measures relative to Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT).
The Respondent herein is a licensed insurance manager providing management services for a licensed domestic BVI Insurance Company (“the Company”).
Pursuant to section 35 of the Financial Services Commission Act,  (the “Act”) the Respondent was the subject of an onsite compliance inspection conducted by the Commission. On 12th June 2014, the Commission provided the Respondent with a draft inspection report in which the Commission asserted that it had observed several breaches of various provisions of the financial services legislation including the Anti-Money Laundering and Terrorist Financing Code of Practice (“the Code”). The Respondent was invited to review the report and to provide their comments before the Report was finalized.
On 14th July 2014, the Respondent forwarded its responses to the draft report which were considered by the Commission and a final report was then issued on 23rd September 2014. On that same date, the Commission issued a proposed notice to the Respondent in which it levied the following penalties:
i. $5,000.00 for an alleged breach of section 11 (#A) of the Code – failure to establish and maintain an independent audit function that is adequately resourced to test compliance.
ii. $10,000.00 for alleged breaches of sections 20 (2), (3) and (4) (a) of the Code – failure to engage in proper enhanced customer due diligence.
iii. $5,000.00 for alleged breaches of sections 21 (1), (2) and (4) of the Code – failure to review and keep up to date customer due diligence information in the required manner.
iv. $5,000.00 for alleged breaches of sections 49 (1) and (2) of the Code – failure to provide adequate education and training.
The Commission again considered the Respondent’s written representations made on 16th October 2014. Following a further exchange of correspondence between the Parties, the Appellant elected not to impose a penalty in respect of the purported breach of section 11 (3A) of the Code but maintained the penalties in respect of the other breaches. On 18th March 2016, the Appellant issued a Notice of Imposed Penalty (“NIP”) which reflected this decision.
Pursuant to section 44 of the Act, the Respondent lodged an appeal to the Financial Services Appeal Board (FSAB) against the NIP on 31 st March 2016. In their Notice of Appeal, the Respondent denied all of the alleged breaches. However, the appeal proceeded only on the basis of the challenge to sections 20 (2), 20 (3), 20 (4) (a), 21 (1), 21 (2), 21 (4) of the Code.
On 12th June 2017, the FSAB rendered its decision in favour of the Respondent. The FSAB identified the contention between the Parties in the following terms:
“Therein lies the difference between the FSC and the Appellant, namely is the liability to carry out enhanced due diligence under section 20 (4) a strict liability arising on the involvement of a PEP irrespective of the knowledge (whether actual, determined, an opinion formed or otherwise) of the Appellant or is it dependent upon such knowledge.”
At paragraphs 40 – 41 of its Written Decision, the Board concluded:
“In our opinion, interpreting section 20 (4) (a) to require an entity that has not pursuant to its other obligations under the Code determined (or formed an opinion that) a customer is a PEP, to nevertheless treat that customer as a PEP creates an absurdity within the meaning of that word as set out in the extract from Binnion (sic) above. In our view, section 20 (4) should be read as if it included the following underlined words:
(4) Where a business relationship or transaction involves:
(a) a person determined by an entity or professional to be a politically exposed person,
(b) a business activity, ownership structure, anticipated, or volume or type of transaction that is determined by an entity or professional to be complex or unusual, having regard to the risk profile of the applicant for business or customer, or where the business activity involves an unusual pattern of transaction or does not demonstrate any apparent or visible economic or lawful purpose; or
(c) a person who is determined by an entity or person to be located in a country that is either considered or identified as a high risk country or that has international sanctions, embargoes or other restrictions imposed on it,
an entity or a professional shall consider the applicant for business or customer to present a higher risk in respect of whom enhanced due diligence shall be performed…”
In the circumstances, we do not consider that the Appellant is in breach of section 20 (4) (a).”
At paragraph 42, the FSAB also held that:
“….for the same reasons as we identified above, that section 20 (3) should be read as if it contained the following underlined words:
(3) An entity or a professional shall adopt such additional measures with respect to business relationships or transactions determined to be higher risk business relationships or transactions as are necessary: …
In the circumstances, we do not consider that the Appellant is in breach of section 20 (3)”.
The FSAB did not consider that section 20 (4) (a) can operate so as to render otiose the need to make a determination or form an opinion for the purpose of sections 20 (2) 21 (1) and 21 (4). The FSAB also did not consider the Respondent to be in breach of those provisions. In the event that the FSAB was wrong on this issue and section 20 (4) (a) does impose a strict liability requiring entities to treat individuals who are PEPs as a PEPs even if the entity is unaware of the fact that the entity is a PEP, the FSAB did not consider that such a construction would render otiose the express need for an entity to make such a determination, or form an opinion, in order for the entity to be required to engage in enhanced customer due diligence under sections 20 (2), 21 (1) and 20 (4).
The FSAB also held that section 20 (4) does not have the effect (even if interpreted in the manner advanced by the Appellant) that an entity must treat a PEP as a PEP for the purposes of those sections. So that an entity will be required to engage in enhanced customer due diligence, for the purposes of these sections only if it had made the necessary determination or formed the necessary opinion that the relevant individual is indeed a PEP.
The FASB also found that the Respondent could not have breached section 21 (2) of the Code because it assessed the Company as presenting normal to low risk and carried out standard customer due diligence.
The Appellant seeks an order that the decision of the FSAB be set aside and that the Respondent’s Notice of Appeal be dismissed. The appeal is lodged pursuant to section 16 (5) of the Financial Services Appeal Board Act  and challenges the following failings by the FSAB:
i. The FSAB failed to give any or any proper effect to the intention and objective of the Code which is to promote the use of an appropriate and proportionate risk based approach to the detection and prevention of Money Laundering and Terrorist Financing in relation to ensuring due diligence.
ii. The FSAB failed to give proper effect to section 20 (2) which requires the Respondent to engage in enhanced customer due diligence in respect of transactions which are determined to be of higher risk. In coming to the conclusion that the determination ought to be made by the Respondent, the FSAB erred. The FSAB erred further when it failed to consider that section 20 (4) (a) of the Code has already determined that transactions involving PEP’s present a higher risk.
iii. The FSAB failed to give proper effect to the mandatory wording of section 20 (4).
iv. The words imported into section 20 (4) contradict the ordinary and clear meaning of the provision. The imported words effectively remove the strict mandatory nature of the provision and wrongly imply a meaning whereby it only becomes mandatory if and when an entity or professional makes a determination that a person is a Politically Exposed Person.
v. The FSAB failed to read section 21 in light of the mandatory nature of section 20 (4) which requires PEPs to be treated as presenting a higher risk and failed to consider that the discretion afforded in section 21 (1) could not relate to PEPs which are declared by section 20 (4) (a) to present a higher risk. The FSAB failed to consider that the discretion to make a determination as to whether an applicant is a higher risk could only relate to section 20 (4) (b) with respect those applicants for business not specifically identified as presenting a higher risk.
Between the Parties, there is common ground as to the factual background of this Appeal. It is agreed that the Respondent was at all material times, an entity within the meaning of the Code and therefore bound by the Code’s provisions. Section 2 (1) defines an entity as:
“(a) a person that is engaged in a relevant business within the meaning of regulation 2 (1) of the Anti-Money Laundering Regulations, 2008 and, for the avoidance of doubt, it includes a person that is regulated by the Commission by virtue of any regulatory legislation provided in Part 1 of Schedule 2 of the Financial Services Commission Act, 2001; or
(b) a Non-Financial business designated by the Commission in the Non-Financial Business (Designation) Notice, 2008;”
It is also agreed that the Respondent is the insurance manager of a company whose directors and shareholders include persons who fall within the definition of Politically Exposed Persons (PEPs) under the Code. Section 2 (1) of the Code defines PEPs as:
“Politically Exposed Person” or “PEP” means an individual who is or has been entrusted with prominent public functions and members of his immediate family, or persons who are known to be close associates of such individuals and, for the purposes of this definition, the Explanations to section 22 shall serve as a guide in identifying a PEP;”
The directors who are referred to as NP1 and NP2 are shareholders of the Company. NP3 although a director has no ownership interest in the Company. NP1 is and was at all material times a PEP within the definition of the Code. The Respondent’s position with regard to NP2 vacillated during the course of the proceedings below. The Parties nevertheless agree that the question of whether or not NP2 is PEP is ultimately irrelevant to the outcome of this Appeal, since the penalties would be appropriate if only NP1 qualifies as PEP.
It is agreed that the Respondent failed to treat both NP1 and NP2 as PEPs at the date of the inspection. It is further agreed that the Respondent did not make a determination under the provisions of section 20 (2) and 20 (3) that the Company was a higher risk applicant for business, customer generally or in respect of any transactions. It follows that the Appellant had not made any determination for the purpose of section 20 (4) of the Code which provides that where a business relationship or transaction involves a Politically Exposed Person, an entity shall consider the applicant for business or customer to present a higher risk in respect of whom enhanced due diligence shall be performed.
It is also agreed that the Appellant did not make a determination under the provisions of section 21 (1) and 21 (2) that any relationship with the Company presented a higher risk and so did not review and keep up-to-date the customer due diligence information in respect of the relevant customer at least once every year.
During the course of the Appeal, the Respondent essentially argued that the obligation to treat the business relationship as higher risk does not arise if the Respondent did not know (whether by determination in forming an opinion or otherwise) that NP1 was a PEP. The Respondent accepts that if it knew or was aware that NP1 was a PEP, it would be obliged to carry out enhanced customer due diligence. However, the Respondent submits that if it was unaware that NP1 was a PEP, then it had no obligation to treat the business relationship as higher risk.
This contention was trenchantly opposed by the Commission who argued that it matters not whether the Respondent knew, determined or formed an opinion that NP1 was a PEP. The Commission argued that the fact that NP1 is a PEP is all that is required to trigger the obligation to consider the relationship as presenting a higher risk in respect of which enhanced due diligence must be performed. Having admitted that NP1 is a PEP and that it did not carry out enhanced due diligence under section 20 or review and update the customer due diligence information in respect of the Company at least once every year, the Commission contends that the Respondent effectively breached its obligations under the Code.
COURT’S ANALYSIS AND CONCLUSION
The practical starting point of any discussion relative to the scope of statutory provisions must begin with the construction and interpretation of the particular legislative framework. In R v Secretary of State for the Environment, Transportation and Regions ex parte Spath Holme Lord Nicholls explained the scope of that exercise in the following terms:
“Statutory interpretation is an exercise which requires the court to identify the meaning borne by the words in question in the particular context. The task of the court is often said to be to ascertain the intention of Parliament expressed in the language under consideration. This is correct and may be helpful so long as it is remembered that the ‘intention of Parliament’ is an objective concept, not subjective. The phrase is a shorthand reference to the intention which the court reasonably imputes to Parliament in respect of the language used.”
In carrying out this exercise, this Court has had regard to the most recent dictum delivered in the 2018 by the Eastern Caribbean Court of Appeal in Telecommunications Regulatory Commission v Cable & Wireless (BVI) Limited.  At paragraphs 22 – 25 of the judgment, Carrington JA (Ag) considered the appropriate approach to be adopted by a court:
“Parliament is expected to say what it means and mean what it says. The first recourse in determining the meaning of a statutory provision should be to the grammatical meaning of the words used and their context. If the grammatical meaning of the words used is clear and the context does not lead to the conclusion that the words used may have more than one meaning or a different meaning from the natural grammatical meaning, then effect should be given to the clear grammatical meaning as disclosing the intention of Parliament in using them.
When considering the context of words in an enactment, one has to consider the enactment as a whole, and not only the section in which the words under consideration appear, as well as all facts relevant to the subject matter of the Act that are before the court, including any commentary supplied by the drafters of the Act. The ultimate aim of the court is to arrive at what Bennion on Statutory Interpretation refers to as an informed interpretation of the legislation under consideration. Bennion on Statutory Interpretation suggests that this is arrived at in two stages:
“What may be called first stage of interpretation arises when the enactment is first looked at. Here a provisional view may be formed, perhaps that the meaning is clear. Or it may appear at the first stage that the enactment is grammatically ambiguous or vitiated by semantic obscurity. In all three cases it is necessary to go on and apply the informed interpretation rule. Thereafter, at second stage interpretation, a final view on legal meaning is formed.”
Bennion’s “informed interpretation rule” is that the court should infer that the legislator, when settling the wording of legislation intended it to be given a fully informed, rather than a purely literal interpretation (though the two usually produce the same result).”
Turning to the case at bar, the Court is asked to consider the provisions of the Anti-Money Laundering and Terrorist Financing Code of Practice 2008 which was issued pursuant to powers conferred by section 27 (1) of the Proceeds of Criminal Conduct Act  and after consultation with the Anti-Money Laundering and Terrorist Financing Advisory Committee. Section 27 of the Proceeds of Criminal Conduct Act which provides that:
“27. (1) Without prejudice to anything that may be contained in the Terrorism (United Nations Measures) (Overseas Territories) Order, 2001 and the Anti-Terrorism (Financial and Other Measures) (Overseas Territories) Order 2002, the Commission may, after consultation with the Anti-Money Laundering and Terrorist Financing Advisory Committee established under section 27A, issue a Code of Practice for the purpose of:
(a) giving practical guidance on issues relating generally to money laundering and the financing of terrorism;
(b) providing guidance regarding adherence to the requirements of this Act and any other enactment relating to money laundering and the financing of terrorism;
(c) preventing, detecting and dealing with money laundering and terrorist financing activities;
(d) implementing, consistent with the provisions of this Act and any other enactment relating to money laundering and terrorist financing, internationally established standards for the prevention and detection of money laundering and terrorist financing activities; and
(e) providing such other things as are necessary, relevant or incidental to the matters outlined in paragraphs (a) to (d).”
Although the Explanatory Note which accompany the Code make it clear that it is subsidiary legislation which has the force of law and is enforceable against any person (natural or legal) to whom it applies, one of the main aims of the Code is to provide guidance to the persons and entities who are regulated under its provisions. This is made clear in the objectives which are set out at section 3 of the Code. Section 3 provides:
“The objectives of this Code are:
(a) to outline the relevant requirements of the Drug Trafficking Offences Act, 1992, Proceeds of Criminal Conduct Act, 1997 and Financial Investigation Agency Act, 2003 with respect to the detection and prevention of money laundering;
(b) to ensure that every entity and professional puts in place appropriate systems and controls to detect and prevent money laundering and terrorist financing;
(c) to provide guidance to every entity and professional in interpreting, understanding and appropriately applying the requirements of the Anti-money Laundering Regulations, 2008 and this Code;
(d) to assist every entity and professional in developing necessary measures to ensure;
(i) the adoption of adequate screening procedures and processes with respect to employees;
(ii) the appropriate training of employees; and
(iii) the fitness and appropriateness of the professionals and of the management of an entity; and
(e) to promote the use of an appropriate and proportionate risk-based approach to the detection and prevention of money laundering and terrorist financing, especially in relation to ensuring;
(i) adequate customer due diligence;
(ii) that measures adopted to effectively deal with such activities are commensurate with the risks identified; and
(iii) a more efficient and effective use of resources to minimize burdens on customers.”
In providing such guidance, the Code outlines the requirements of legislation which deals with the detection and prevention of money laundering, setting out the steps to be followed by all relevant entities that are regulated by the Commission. The Code provides a base from which a regulated entity can design and implement systems and controls and tailor their own policies and procedures for the prevention and detection of money laundering and the financing of terrorism. It does so by emphasizing the particular money laundering and financing terrorism risks of certain financial services and products, promoting the use of a proportionate, risk based approach to customer due diligence measures, which directs resources towards higher risk customers. The Code also provides practical guidance on applying customer due diligence measures, and emphasizes the responsibilities of relevant persons and entities in preventing and detecting money laundering and the financing of terrorism.
The Code contains guidance notes which are intended to provide ways of complying with the codes of practice. The appropriate application of the provisions contained within the guidance notes are intended to provide a good indication that a relevant entity is in compliance with the relevant statutory requirements and provisions of the Code.
This is important because under Article 27 (4) of the Proceeds of Criminal Conduct Act failure to comply with the provisions of the Code is a criminal offence.  Subsection 27 (4) – (6) provides that:
“27 (4) Where a person fails to comply with or contravenes a provision of a Code of Practice, he commits an offence and is liable on summary conviction to a fine not exceeding seven thousand dollars or to a term of imprisonment not exceeding two years or both.
(5) Where a body corporate commits an offence under subsection (4), every director, partner or other senior officer of the body corporate shall, subject to subsection (6), be proceeded against as if the director, partner or other senior officer committed the offence and is liable on conviction to the penalty prescribed in subsection (4).
(6) A director, partner or other senior officer of a body corporate does not commit an offence under subsection (5) if the director, partner or other senior officer can show that he neither knew nor connived in the commission of the offence.”
However, the Proceeds of Criminal Conduct Act also provides an alternative means of enforcement. Under section 27 (7), the Legislature mandates that administrative penalties may be imposed by the Commission without recourse to a court. Section 27 (7) Proceeds of Criminal Conduct Act provides:
“(7) Notwithstanding subsection (4), a Code of Practice may in specific cases of non-compliance with or contraventions of the provisions of the Code create offences and impose penalties to be enforced by the Commission as administrative penalties, but no penalty imposed shall exceed four thousand dollars.
(8) An administrative penalty collected by the Commission by virtue of subsection (7) shall be paid into a bank account to be retained for use by the Commission.
This alternative means of enforcement is quite useful because the delay and cost of court proceedings are thereby avoided and decisions are ultimately made by officials who are better acquainted with the purposes of the relevant regulations.
In compliance with section 27 (7) a number of offences were created and appropriate penalties imposed under section 57 and Schedule 4 of the Code. Section 57 provides:
“57.(1) A person who contravenes or fails to comply with a provision of this Code specified under column 1 of Schedule 4 commits the corresponding offence specified in column 2 of that Schedule in relation to the section specified and is liable up to the maximum of the penalty stated:
a. in column 3, with respect to an entity; or
b. in column 4, with respect to an individual.
(2) Where an offence is committed by a body corporate the liability of whose members is limited, then, notwithstanding and without affecting the liability of the body corporate, any person who at the time of the commission of the offence was a director, general manager, secretary or other like officer of that body corporate or was purporting to act in that capacity is liable to the penalty as if he has personally committed that offence, and if it is proved to the satisfaction of the Commission that he consented to, or connived at, or did not exercise all such reasonable diligence as he ought in the circumstances to have exercised to prevent the offence, having regard to the nature of his functions in that capacity and to all the circumstances.
(3) The Penalties imposed pursuant to subsection (1) shall be enforced as administrative penalties in accordance with section 27 (7) of the Proceeds of Criminal Conduct Act, 1997 and collected and applied by the Commission as prescribed in subsection (8) of that Act.
(4) This section does not apply to an offence which is prescribed under this Code to be dealt with in accordance with section 27 (4) of the Proceeds of Criminal Conduct Act, 1997.
Included under Schedule 4 of the Code is an offence termed “failure to engage in enhanced customer due diligence” and another termed “failure to review and keep up-to-date customer due diligence information in the required manner “. The Appellant alleges that both of these offences have been committed by the Respondent and it has imposed appropriate penalties for each breach. The Respondent on the other hand contends that on a strict reading of these provisions no breach has been made out.
In applying the relevant interpretative principles, a court must first consider the nature of the relevant legislative provisions. In construing the relevant legislative provisions in the case at bar, this Court is cognizant that legislative provisions which are coercive in nature (as in the case at bar) must be construed strictly giving the benefit if the doubt to any alleged wrongdoer.  In his treatise Statute Interpretation, Prostitution and the Rule of Law, Glanville Williams described the proper approach in the following terms:
“The ancient rule was that penal statutes are to be construed strictly – that is in favour of the defendant and against the prosecution – on the theory that the legislature must make its intention clear if it proposes to have people punished.”
It is unarguable that this common law principle of strict construction of penal statutes is now firmly entrenched in our jurisprudence.  The useful expression of the principle is found in the Privy Council judgment of The Gauntlet  .
“No doubt all penal statutes are to be construed strictly, that is to say, the court must see that the thing charged as an offence is within the plain meaning of the words used, and must not strain the words on any notion that there has been a slip, that there has been a casus omissus, that the thing is so clearly within the mischief that it must have been intended to be included, and would have been included if thought of. On the other hand, the person charged has a right to say that the thing charged, although within the words, is not within the spirit of the enactment. But where the thing is brought within the words and within the spirit, there a penal statute is to be construed, like any other instrument, according to the fair commonsense meaning of the language used, and the court is not to find or make any doubt or ambiguity in the language of a penal statute, where such doubt or ambiguity would clearly not be found or made in the same language in any other instrument.”
This dictum references the application of the interpretative principle which prescribes that where an enactment is grammatically capable of one meaning only and, on an informed interpretation of that enactment, the interpretative criteria raises no real doubt as to whether that grammatical meaning is the one intended by the legislator, the legal meaning of the enactment corresponds to that grammatical meaning and is to be applied accordingly. This so called “plain meaning rule” is described by the learned authors in Cross – Statutory Interpretation in the following way: 
“The essential rule is that words should generally be given the meaning which the normal speaker of the English language would understand them to bear in their context at the time when they are used.
In other words, the plain meaning of the statute should not be derailed by artificial doubts. Per denning LJ in McCarthy v Coldair  .
In Pinner v Everett,  Lord Reid expressed the plain meaning rule as follows:
“In determining the meaning of any word or phrase in a statute, the first question to ask always is what is the natural or ordinary meaning of that word or phrase in its context in the statute. It is only when that meaning leads to some result which cannot be reasonably be supposed to have been the intention of the legislature that it is proper to look for some other possible meaning of the word or phrase.”
Another useful interpretive principle prescribes that whenever the question arises as to the meaning of a certain provision in a statute, it is proper and legitimate to read that provision in its context. The authorities on the interpretation of statutes generally agree that a statute is to be read as a whole and that every clause is to be construed with reference to the other clauses of the act and its context, to the greatest extent possible.  In Attorney General v Prince Ernest Augustus of Hanover  Viscount Simonds put the position in the following terms:
“A question of construction arises when one side submits that a particular provision of an Act covers the facts of the case and the other side submits that it does not. Or it may be agreed it applies, but the difference arises as to its application. It is unreal to proceed as if the court looked first at the provision in dispute without knowing whether it was contained in a Finance Act or a Public Health Act. The title and the general scope of the Act constitute the background of the contest. When a court comes to the Act itself, bearing in mind any relevant extraneous matters, there is, in my opinion, one compelling rule. The whole or any part of the Act may be referred to and relied on……Hence, to arrive at the true meaning of any particular phrase in a statute, that particular phrase is not to be viewed, detached from its context in the statute: it is to be viewed in connexion with its whole context – meaning by this as well the title and preamble as the purview or enacting part of the statute.”‘
The words of any statutory provision must therefore be read in the context provided by the statute as a whole. The Court is obliged to examine every word of a statute in its context. Such context will include not only other enacting provisions of the same statute, the existing state of the law, and the mischief which a court can, by those and other legitimate means, discern the statute was intended to remedy. In as much as there may be inaccuracy and inconsistency a court must, if possible ascertain what is the meaning of the instrument taken as a whole in order to give effect to the intention of the legislator.
The relevant statutory provisions cannot be read in isolation: their colour and content are derived from their context. This Court is therefore obliged to read the provisions of sections 20 and 21 in the context provided by the Code as a whole.
When the Court has regard to the legislative context, it is clear that a key aim of the Code is to encourage entities to develop detailed customer due diligence (CDD) processes. While the Code does prescribe certain minimum requirements, it also contemplates (that an entity will have) the ability to apply a risk-based approach somewhat flexibly in many areas. The Explanatory Note to section 19 reinforces this at sub-paragraph (iv):
“( iv) CDD entails adopting a risk-based approach to enable an entity or a professional to make a risk assessment in relation to a particular customer who is an applicant for business or a customer. This will assist the entity or professional to make an informed determination of the extent of the identification and other CDD information to be sought, how such information is to be verified and the extent to which the resulting relationship is to be monitored.”
Section 12 of the Code imposes an obligation on the regulated entity or professional to carry out money laundering and terrorist financing risk assessments in respect of each customer, business relationship or one-off transaction. It provides that:
12. An entity and a professional, in addition to establishing a written system of internal controls, shall carry out money laundering and terrorist financing risk assessments in relation to each customer, business relationship or one-off transaction in order:
(a) to determine the existence of any risks;
(b) to determine how best to manage and mitigate any identified risks;
(c) to develop, establish and maintain appropriate anti-money laundering and terrorist financing systems and controls to effectively respond to the identified risks; and
(d) to ensure that at all times there is full compliance with the requirements of the Anti-Money Laundering Regulations, 2008 and other enactments, policies, codes, practice directions and directives in place in relation to Anti-Money Laundering and Terrorist Financing activities.
Section 19 of the Code, provides the essential guidelines for adopting a risk-based approach to CDD. Entities and professionals (as applicable) are required to comply with the guidelines and to include the essence of these guidelines as part of their internal control systems. Under this section, they are required to develop a risk profile for all applicants for business and the guidelines provide particular considerations to be taken into account in assessing such risk.
It is acknowledged that such systems may not be fool proofed. Ultimately, it is a question of applying good judgment in any particular circumstances or situation. 
Carrying out a careful assessment under sections 20 and 21 of the Code demands that an entity have regard to provisions under section 19 (6) which prescribes the factors which an entity may take into account in determining that a customer or transaction carries a low risk in terms of the business relationship. It also requires that an entity have regard to the provisions of section 20 (4) which prescribe when a business relationship would be deemed to present a higher risk.
Section 20 (4) prescribes inter alia that once a business relationship or transaction involves a PEP, the entity shall consider that such business relationship or transaction presents a higher risk. The reason for such concern is that PEPs are at higher risk of corruption because of their position or their associates and relationships.
The term PEP has been helpfully defined under section 2 of the Code, which provides that:
“an individual who is or has been entrusted with prominent public functions and members of his immediate family, or persons who are known to be close associates of such individuals and, for the purposes of this definition, the Explanations to section 22 shall serve as a guide in identifying a PEP.”
In determining whether an entity has complied with any of the requirements of sections 20 and 21 of the Code, one must take account of any guidance provided in the Explanatory Note. Section 22 of the Code which makes it clear that a PEP is a person who is entrusted or who has been entrusted, with a prominent public function by a community institution, an international body, or a Territory other than the BVI, including: heads of State/government, cabinet ministers/secretaries of state, judges (including magistrates where they exercise enormous jurisdiction), senior political party functionaries and lower political party functionaries with an influencing connection in high ranking government circles, military leaders and heads of police and national security services, senior public officials and heads of public utilities/corporations, members of ruling royal families, senior representatives of religious organizations where their functions are connected with political, judicial, security or administrative responsibilities.
The Explanatory Note also makes it clear that in addition to the primary PEPs listed above, a PEP will also include the immediate family members of a PEP – including spouse, partner, children and their spouses or partners and parents; known close associates of a primary PEP – any individual who is known to have joint beneficial ownership of a legal entity or legal arrangement, or any other close business relations, with a primary PEP, or who is a sole beneficial owner of a legal entity or arrangement known to have been set up for the benefit of the primary PEP.
The drafters appreciate that it is not always easy to establish whether or not a person qualifies as a PEP but section 22 of the Code mandates that an entity must have a part of its internal control systems, appropriate risk-based policies, processes and procedures for determining whether an applicant for business or a customer is a PEP. The section further prescribes that where an entity fails to do so, it commits an offence and is liable to be prosecuted under the provisions of the Proceeds of Crime Act. Section 22 provides as follows:
(1) An entity or a professional shall:-
(a) have, as part of its or his internal control systems, appropriate risk-based policies, processes and procedures for determining whether an applicant for business or a customer is a politically exposed person;
(b) in dealings with a politically exposed person, take such reasonable measures as are necessary to establish the source of funds or wealth respecting such person;
(c) ensure that senior management approval is sought for establishing or maintaining a business relationship with a politically exposed person;
(d) ensure a process of regular monitoring of the business relationship with a politically exposed person;
(e) in circumstances where junior staff deal with politically exposed persons, ensure that there is in place adequate supervisory oversight in that regard; and
(f) ensure that the requirements of paragraphs (a) to (d) apply in relation to a customer who becomes a politically exposed person during the course of an existing business relationship.
(2) Where a third party acts for a Politically Exposed Person in establishing a business relationship or performing a transaction, the entity or professional shall nevertheless perform the necessary enhanced customer due diligence measures as if the business relationship or transaction is being made directly with the politically exposed person.
(3) Subject to subsection (4), a customer who ceases to qualify as a PEP by virtue of no longer holding the post or relationship that qualified him as a PEP shall, for the purposes of this Code, cease to be so treated after a period of two years following the day on which he ceased to qualify as a PEP.
(4) Notwithstanding the fact that a customer has ceased to be treated as a PEP by virtue of subsection (3), an entity or a professional may, where it or he considers it appropriate to guard against any potential risks that may be associated with the customer, continue to treat the customer as a PEP for such period as the entity or professional considers relevant during the currency of the relationship, but in any case not longer than ten years from the date the customer ceased to qualify as a PEP.
(5) Where an entity or a professional fails to comply with a requirement of this section, it or he commits an offence and is liable to be proceeded against under section 27 (4) of the Proceeds of Criminal Conduct Act, 1997.
It therefore cannot be reasonably argued that there is no practicable or sensible way in which an entity can ascertain whether a person is a PEP or not.
The Explanatory Note very helpfully provides further guidance which can be applied by entities in establishing internal control systems and appropriate risk-based policies and procedures for determining whether an applicant for business or a customer is a PEP. The Code clearly prescribes measures which could be employed so as to ensure that entities comply with the Code’s provisions and entities are urged to implement measures even over and above those prescribed.
Where however these measures fail, or where there are slips or gaps, the Code provides as follows:
“Where a high risk transaction is not detected, for example, or the transaction of a high risk customer falls through the cracks, especially in relation to significant financial transactions, this may be indicative of weak internal control systems – weak risk management practices, regulatory breaches regarding the identification of high risks, insufficient staff training and weak transaction monitoring mechanisms. These must be viewed as some of the red flag indicators which may justify not only corrective action, but also the application of administrative penalties and criminal sanctions – systemic breakdowns or inadequate controls should invariably attract proportionate responses .”  Emphasis mine
As part of its regulatory process, the Commission is empowered to conduct both on-site and off-site inspections of entities that it regulates. Inspectors are, during the course of their inspections, expected (amongst other things) to identity weaknesses in an entity’s AML/CFT risk assessments through an analysis of the entity’s internal control and management systems.  Section 9 (3) of the Code provides that:
(3) After every review of an entity’s or a professional’s risk assessments on money laundering and terrorist financing, the Commission or the Agency, as the case may be,
(a) will prepare a report outlining the weaknesses identified and recommending necessary remedial action; and
(b) may provide a specific period within which a recommended remedial action must be complied with.
(4) A copy of the report prepared pursuant to subsection (3) shall be transmitted to the entity to which or professional to whom it relates.
(5) Where a report provides a remedial action to be taken by an entity or a professional and a specific period within which the action must be taken, failure to comply with such action within the period stated constitutes an offence punishable under section 27 (4) of the Proceeds of Criminal Conduct Act, 1997.
The Explanatory Note to section 9 of the Code provides that in preparing their reports following an inspection, inspectors of the Commission should note that while it is not in every case of a regulatory breach or an identified AML/CFT deficiency that a criminal sanction or a fine or a penalty need be applied, they should nevertheless feel free to provide guidance on the nature and gravity of the breach or identified AML/CFT weakness in order to enable an informed decision to be taken in respect thereof.
Generally, some breaches or AML/CFT deficiencies may only require corrective action, but sanctions may need to be applied in cases of substantial breaches or deficiencies. What constitutes a “substantial breach or deficiency” is a matter of fact to be determined by the Commission.
It is apparent that in this case, the PEP was not detected. This highlights obvious weaknesses in Respondent’s systems which would warrant corrective action or in the event that the conduct was sufficiently egregious, prosecution under section 22 of the Proceeds of Criminal Conduct Act. The Court note that neither of these measures was employed in this case, which is surprising, given that the matters raised in this Appeal stem from the failure to detect the PEP.
Having considered the statutory context, the Court will now turn to consider the breaches alleged in the case at bar. Turning first to the failure to engage in enhanced due diligence under section 20 of the Code. This section provides that:
“20 (1) For the purposes of this Code, a reference to “enhanced customer due diligence” refers to the steps additional to customer due diligence which an entity or a professional is required to perform in dealings with an applicant for business or a customer in relation to a business relationship or one-off transaction in order to forestall and prevent money laundering, terrorist financing and other financial crime.
(2) Every entity or professional shall engage in enhanced customer due diligence in its or his dealings with an applicant for business or a customer who, or in respect of a transaction which, is determined to be a higher risk applicant for business or customer, or transaction, irrespective of the nature or form of the relationship or transaction.
(3) An entity or a professional shall adopt such additional measures with respect to higher risk business relationships or transactions as are necessary:
(a) to increase the level of awareness of applicants for business or customers who, or transactions which, present a higher risk;
(b) to increase the level of knowledge of an applicant for business or a customer with whom it or he deals or a transaction it or he processes;
(c) to escalate the level of internal approval for the opening of accounts or establishment of other relationships; and
(d) to increase the level of ongoing controls and frequency of reviews of established business relationships
(4) Where a business relationship or transaction involves:
(a) a politically exposed person,
(b) a business activity, ownership structure, anticipated, or volume or type of transaction that is complex or unusual, having regard to the risk profile of the applicant for business or customer, or where the business activity involves an unusual pattern of transaction or does not demonstrate any apparent or visible economic or lawful purpose; or
(c) a person who is located in a country that is either considered or identified as a high risk country or that has international sanctions, embargos or other restrictions imposed on it,
an entity or a professional shall consider the applicant for business or customer to present a higher risk in respect of whom enhanced due diligence shall be performed.
The section requires regulated persons to apply enhanced due diligence measures on a risk-sensitive basis where it is determined that a particular business relationship or transaction presents a higher risk of money laundering or terrorist financing or other financial crime. The Code then provides clear guidance as to when a situation (business relationship or transaction) could be said to present such a higher risk. Section 20 (4) identifies that where a business relationship or transaction involves a PEP then an entity shall consider that the relevant applicant or customer presents a higher risk for money laundering, terrorist financing and other financial crime and therefore the entity must apply the enhanced due diligence measures prescribed in subsection 20 (3).
The case for the Respondent is set out in the witness statement of Adam Rhodes, a director of the Respondent Company. His evidence is that NP1 operates a well-known and successful medical practice in the BVI and has an extensive property portfolio. NP1 is a shareholder and director of the Company. In February 2012, the Company sought the advice of the Respondent regarding the feasibility of a corporate insurance structure in relation to the medical practice and property portfolio. Mr. Rhodes contends that the Company was considered as a standard or low risk because it had a pre-existing professional relationship with the BVI Private Client Department of Harneys, Westwood and Riegels which wholly owns the Respondent and because the Respondent was familiar with the source of funds for the Company’s business. He stated that the Company was incorporated in July 2012, and the Commission subsequently approved an insurance licence for the Company in November 2012.
The Respondent asserted that it made no determination that the Company presented a higher risk for money laundering, terrorist financing or other financial crime, and so it was therefore not obliged to employ the enhanced due diligence measures prescribed by subsection 20 (3) of the Code.
However, it turns out that NP1 is the brother of a current Minister of Government and an elected representative and the brother-in-law of another Minister of Government.
During the proceedings before the FSAB, Counsel for the Respondent argued that section 22 of the Code is the legislative gateway through which liability under section 20 is founded. However it is only engaged where an entity first identified the customer as a PEP but then fails to comply with the requirements under section 20. In other words, where an entity fails to identify a PEP, there would be no basis to conclude that the business relationship or transaction would attract a higher risk thus demanding enhanced due diligence.
This argument appears to have found favour with the FSAB and at paragraphs 38 – 43 of the Decision, the Board concluded:
“In our opinion, it is not appropriate to read section 20 (4) in isolation from the remainder of section 20, or indeed in isolation from the remainder of the Code. When read in the context of the other provisions of section 20, and in the context of the remainder of the Code, and in particular those set out above, it is our view that section 20 (4) does not impose a strict liability on an entity to perform enhanced due diligence in the event that an applicant for business or a customer happens to be a PEP if the entity is unaware that the customer is a PEP.
The requirement under section 22 is to have “appropriate risk-based policies, processes and procedures for determining whether an applicant for business or a customer is a PEP” not to have an infallible system. Thus, it is possible that an entity might have an appropriate system which, notwithstanding that it is applied properly, does not pick up every PEP to which it is applied.
In our opinion, interpreting section 20 (4) (a) to require an entity that has not pursuant to its other obligations under the Code determined (or formed an opinion that) a customer is a PEP, to never the less treat that customer as a PEP creates an absurdity within the meaning of that word as set out in the extract from Binnion (sic) above. In our view section 20 (4) should be read as if it included the following underlined words…”
It is on this basis that the FSAB felt obliged to import words into section 20 which essentially predicates liability on the entity subjectively making a determination that a person is a PEP.
On the other hand, the Commission has argued that there is no basis for making the objective definition of a PEP subject to the subjective assessment of the entity. Counsel for the Appellant argued that when section 20 (4) is read in line with the interpretive provisions under section 2 of the Code, it clearly prescribes specific factors by which an entity must conclude that a higher risk attaches. Counsel further submitted that the importation of these words would deprive section 20 of any force at all and would lead to the absurd conclusion that notwithstanding that a PEP has specifically defined and designated as presenting a higher risk thus demanding enhanced due diligence in relationships and transactions, an entity may nonetheless apply a different risk rating and accordingly avoid its obligations to conduct customer due diligence simply by failing to make appropriate determinations. The Commission submits that such an interpretation would undermine the clear legislative intent and the mischief which section 20 of the Code seeks to address.
Indeed, Explanatory Note (ii) makes it clear that:
“The imperatives outlined in section 20 (4) must be adhered to as necessary measures to reduce the potential for inadvertently aiding a money laundering or terrorist financing activity. While, for instance, a PEP may be personally known to an entity and such PEP may be highly regarded, the possibility cannot be discounted of unscrupulous persons preying on such PEP to advance their criminal activities through such PEP unknown to the PEP. It is not an entity’s or a professional’s function to protect a PEP, but it is an entity’s or a professional’s function to prevent the direct or indirect abuse of its or his or her business facilities.”
The considerable disagreement as to whether the determination is objective or subjective is, in the Court’s view, resolved by the peculiar legislative context as a whole which clearly places the burden on the regulated person or entity to employ measures which would assist in verifying or identifying low to high risk individuals, business relationships or transactions. Part III of the Code reinforces the risk-based approach which is enshrined in much of the Code. It contained minimum requirements for standard with additional requirements or relaxations in certain circumstances for low risk due diligence or to enhanced due diligence.
Regulated entities must carry out a written risk-based assessment, which operates as the platform or reference point for the rest of their compliance programmes, and must be available to the Commission on request. The Code contains detailed options of the type of documentary evidence or other verification methods that may be considered acceptable when making such critical determinations. Moreover, regulated entities are also obliged to develop additional processes and filters to determine whether more stringent measures are required in high risk cases.
In this context, the due diligence obligations which follow are clearly predicated upon entities having carried out the relevant assessments and having appropriately classified the risk. The Court finds support for this at paragraph IV of the Explanatory Note to section 19. This provides that:
(iv) CDD entails adopting a risk-based approach to enable an entity or a professional to make a risk assessment in relation to a particular customer who is an applicant for business or a customer. This will assist the entity or professional to make an informed determination of the extent of the identification and other CDD information to be sought, how such information is to be verified and the extent to which the resulting relationship is to be monitored . Section 19 of this Code, in effect, provides the essential guidelines for adopting a risk-based approach to CDD and entities and professionals (as applicable) are required to comply with the guidelines; indeed they may wish to include the essence of the guidelines as part of their internal control systems.
Later, the Explanatory Note provides that:
Customer Risk: Within the context of its own internal control systems, an entity is expected to determine the potential risk that an applicant for business or a customer poses and the potential impact of any mitigating factors in relation to that assessment. An application of the risk variables may mitigate or exacerbate any risk assessment made; ultimately, it is a question of applying good judgment in any particular circumstance or situation.
Under section 20 of the Code, an entity must enhance such processes and filters when dealings with an applicant for business or a customer who, or in respect of a transaction which it has determined to be a higher risk. For the avoidance of doubt, section 20 (4) clearly establishes circumstances in which a business relationship or transaction presents a higher risk. It prescribes inter alia that once a business relationship or transaction involves a PEP the entity shall consider that such business relationship or transaction presents a higher risk. The term PEP has also been helpfully defined in the Code. So that where a person falls within the definition of the term, then he is a PEP as defined by the Code and an entity would be obliged to so find.
Having reviewed the relevant legislative context, the Court is satisfied that the words can be read in a way that makes grammatical sense and from which one can see a clear meaning. The words used are not ambiguous as they appeared to address a specific situation and desired action. The determination in section 20 (2) would clearly have been made by the regulated entity or professional and it is consequent on this determination that the enhanced due diligence obligations would arise.
Where, as is contended here, the entity failed to make the appropriate determination that the business relationship or transaction presented a higher risk because it neglected or failed to identify the involvement of a PEP, then the regulator’s direct recourse is to section 22 of the Code and section 12 of the Code which provides that:
12. An entity and a professional, in addition to establishing a written system of internal controls, shall carry out money laundering and terrorist financing risk assessments in relation to each customer, business relationship or one-off transaction in order:
(a) to determine the existence of any risks;
(b) to determine how best to manage and mitigate any identified risks;
(c) to develop, establish and maintain appropriate anti-money laundering and terrorist financing systems and controls to effectively respond to the identified risks; and
(d) to ensure that at all times there is full compliance with the requirements of the Anti-Money Laundering Regulations, 2008 and other enactments, policies, codes, practice directions and directives in place in relation to anti-money laundering and terrorist financing activities.
Turning now to the failure to review and keep up-to-date the customer due diligence information in the required manner under section 21 of the Code. This section provides that:
21. (1) Where an entity or a professional makes a determination that a business relationship presents a higher risk, it shall review and keep up-to-date the customer due diligence information in respect of the relevant customer at least once every year.
(2) In cases where a business relationship is assessed to present normal or low risk, an entity or a professional with whom the relationship exists shall review and keep up-to-date the customer due diligence information in respect of that customer at least once every three years  .
(3) In circumstances where the business relationship with a customer terminates prior to the period specified in subsection (2), the entity or professional shall to the extent possible, in respect of that customer, review and keep up-to-date the customer due diligence information as of the date of the termination of the relationship.
(4) Notwithstanding anything contained in this section, where an entity or a professional forms the opinion upon careful assessment that an existing customer presents a high risk or engages in transactions that are of such a material nature as to pose a high risk, it or he shall apply customer due diligence or, where necessary, enhanced customer due diligence, measures and review and keep up-to date the existing customer’s due diligence information.
(5) The requirements of subsection (4) apply irrespective of the periods stated in subsections (1) and (2).
(6) For the purposes of subsection (4), “existing customer” refers to a customer that had a business relationship with an entity or a professional prior to the enactment of this Code and which continued after the date of the coming into force of this Code.
The Explanatory Note for this section is revealing. Note (iii) provides that:
” While it is required that an entity or a professional must effect the necessary review and updating of customer due diligence information for the periods stated in section 21 (1) and (2), depending on whether a customer is assessed as low or high risk, subsection (4) provides the additional requirement to perform a similar review and update in respect of customers with whom an entity or a professional had had a business relationship prior to the effective date of this Code (20th February, 2008) which continued beyond the effective date. However, this requirement applies only in the circumstances where the entity or professional forms the view that any of those customers presents some risk or engages in transactions that are of a material nature as to present some risk. It is a question of judgment on the part of the entity or professional concerned to make that assessment and come to a conclusion. In such cases, the entity must not wait for the period specified in section 21 (1) or (2) to mature before effecting the required review and updating of the customer’s due diligence information . Where an existing customer is not assessed as presenting a high risk or to be engaged in any material transaction that has the potential to present a high risk, the entity or professional need only comply with the requirements of section 21 (2).” Emphasis mine
The Explanatory Note to section 21 is therefore clear. It compels an entity to assign a money laundering and terrorist financing risk rating at the time of establishing business relationships. Section 21 of the Code imposes an obligation on the entity to ensure that these ratings are to be updated and reviewed periodically depending on the rating assigned.
Where a business relationship is assigned a normal or low rating, the entity is required to review and keep up to date the customer due diligence information in respect of that customer at least once every 3 years high rating. On the other hand, where the business relationship is assigned a high rating, the entity must conduct a review of its customer due diligence information and keep the same up-to-date at least once year.
A breach of this provision arises where an entity fails to assign a rating. Once a determination has been made, a breach will also arise where an entity fails to appropriately review the customer due diligence information in accordance with the relevant schedule prescribed.
During proceedings before the FSAB, the Respondent relied on the evidence of Mr. Adam Rhodes who reiterated that the Respondent was only informed of the possible PEP status of the Company during the on-site inspection in 2014. Mr. Rhodes asserted that in assessing the level of risk associated with the Company, the Respondent took into account a number of factors including the fact that it did not identify that the Company had any PEPs. On that basis, it ascribed a standard risk rating and conducted reviews in 2015, three (3) years following incorporation and thereafter in 2016, following the re-evaluation. Both parties agree that he qualifies as a PEP because he is an immediate family member and known close associate of a primary PEPs who are current members of the Legislative Assembly and who carry out prominent public functions. When this information was brought to the Respondent’s attention, NP1 was then added to the Respondent’s PEP register.
This evidence is not disputed by the Commission. The Compliance Inspection Report records that there was no evidence on the file that high risk client files were reviewed on an annual basis. During proceedings before the FSAB, Mr. Stanley Dawson, Director of the Insurance Division of the Commission gave evidence on behalf of the Appellant. He stated:
“…the Appellant represented that they had no high risk clients. However by section 20 (4) of the AML Code, the entity identified by the Appellant as “the Company” must necessarily be regarded as presenting a higher risk. Even if the Appellant is of the view that NP2 is not a PEP (which I disagree with), the Appellant still has obligations with respect to NP1 (which it does not deny)…”
Counsel for the Commission has argued that the obligations under section 21 arise automatically in respect of PEP’s. Although he concedes that the circumstances in which the obligations are said to be triggered are prefaced with language which ascribes an entity’s state of mind, he submitted that this is necessarily subordinate to section 20 (4). Counsel for the Appellant further relied on the judgment in R v Moore (Deborah) (CA) QB 353 in submitting that section 20 (4) is the leading provision. In that case the Court observed that:
“Although, therefore, there is no ambiguity of language or obscurity of literal meaning in section 1C taken on its own such as would entitle the court to seek out the true meaning by other means (see Pepper v. Hart A.C. 593 ), this is a situation in which loyalty to the literal wording of the statute will frustrate the plain legislative intent. Moreover, loyalty to the literal wording of section 1C would involve a failure to recognise the inconsistency with section 8 of the Act of 1991. In such a situation (see Bennion, Statutory Interpretation, 2nd ed. (1992), p. 607, s. 287), the court is affirmatively required to give the enactment a “rectifying construction” of the kind described by Lord Herschell L.C. in Institute of Patent Agents v. Lockwood A.C. 347 , 360:
“You have to try and reconcile [the provisions]as best you may. If you cannot, you have to determine which is the leading provision and which the subordinate provision, and which must give way to the other.”
“The proper resolution of the inconsistency, in our judgment, is to give priority to what is both the express intendment of section 8 and, more generally, the policy of the Act of 1991 by treating section 1C(1)( a) as ending with the words “under the preceding provisions of this Act.”
Finally, Counsel concluded that in any event, the obligations are all aspects of enhanced customer due diligence required under section 20 (3) (d) as necessary ” to increase the level of ongoing controls and frequency of reviews of established relationships “. He argued that this could not sensibly be less for a PEP in respect of whom the Code has determined that a higher risk exists than for other high risk situations as determined only by the entity.
Given the conclusions drawn herein with regard to the construction of section 20 (4) (which clearly mandates the circumstances where an entity must consider that an applicant for business or customer presents a higher risk, the Court agrees that section 20 (4) cannot be ignored.
Ultimately, the Appellants contention is that the Respondent wrongly ascribed a standard rating when objectively a higher risk rating was appropriate because it failed to correctly identify that the Company with whom it intended to form a business relationship was owned or managed by a PEP.
The relevant legislative provisions do not present any grammatical ambiguity or semantic obscurity. As the meaning of the words is clear and no ambiguity arises then the statutory intention must be found in these words. The Explanatory Note to section 21 clearly mandates that the relevant review obligations are predicated on the subjective finding by a relevant entity. So that in circumstances where the Respondent had ascribed a standard risk rating, a breach of section 21 would only follow where, the Commission was able to verify that the obligations under subsection 21 (2) had not been met.
In this Appeal, it is not disputed that the Respondent arrived at a standard risk rating rather than a high risk rating when it assessed the Company. It is also not disputed that the Respondent adopted a review and monitoring schedule which is consistent with such rating. In point of fact, the essence of the Appellant’s complaint is that having regard to all the circumstances of the case, the Respondent failed to ascribe the correct risk rating which takes into account the fact that the Company involved a PEP and therefore presented a higher risk which required enhanced due diligence. The fact that the Respondent applied the review schedule which was not consistent with that risk is simply consequential to such finding.
The actual offence created under Schedule 4 of the Code is ” failure to review and keep up to date customer due diligence information in the required manner .” In circumstances where it is not disputed that the Respondent carried out due diligence reviews in a manner which was consistent with the standard risk rating, the Court has some difficulty in discerning how the alleged offence could be made out because a breach under section 21 would only arise when an entity fails to comply with the review schedule which is consistent with its determination. In the Court’s judgment, this is not the provision under which the Commission can seek to prosecute an alleged failure to correctly rate the risk of money laundering or terrorist financing.
The constituent elements of the breach demand proof that having determined an appropriate risk rating, the Respondent failed to review the customer due diligence information in accordance with the yearly schedule prescribed.
However, this is not to say that the Respondent would be able to avoid liability in circumstances were it failed to properly identify a PEP. Under section 22, an entity is obliged to have as part of its internal control systems, appropriate risk-based policies, processes and procedures for determining whether an applicant for business or a customer is a PEP. Where it is clear as in this case, that the internal control systems, appropriate risk-based policies, processes and procedures were inadequate for the purpose, then such entity may be liable to criminal prosecution under the Proceeds of Criminal Conduct Act.
The underlying issue in this case, is the failure to appropriately identify NP1 as PEP and the consequential money laundering and terrorist financing risk assessment which should follow. This speaks to an obvious failure under section 22 of the Code which could properly have been prosecuted under the provisions of the Proceeds of Criminal Conduct Act.
This is of particular concern because it is clear from the evidence that the Respondent placed great reliance on its personal knowledge of and long standing “trusted relationship” with the Company and its principals contrary to the guidance clearly sets out at section 19 of the Code which provides that: 
“Thus where, for instance, a customer engages in occasional financial transactions below the established financial threshold but in a series that appear to be linked, serious consideration should be given to not lowering or simplifying the CDD measures in respect of that customer even if the customer is well-known to the entity providing the relevant facility. It must always be remembered that those bent on abusing the legitimate facilities offered by financial institutions in particular go to great lengths to identify ‘loopholes’ in the internal control systems of the institution . It is therefore advisable that even in cases of known identified low risk customers full random CDD measures are applied to transactions relating to them. In any case, simplified CDD measures must not be applied where a suspicion of money laundering or terrorist financing or specific higher risk scenario exists…”  Emphasis mine
This speaks to a possible failure to implement and maintain an effective system of internal controls under section 11 and or possibly a failure to carry out appropriate money laundering and terrorist financing risk assessments under section 12, and sections 19 (6) and 20 (4) of the Code which address the need for an entity or professional to develop appropriate compliance measures that properly enable the assessment of risks with respect to business relationships and one-off transactions. This is critical if the entity is to properly and effectively build a solid regime of internal controls.
It is therefore surprising that these complaints were not levied since they lie at the heart of the Appellant’s inspection report and underpin the alleged offending.
During the course of proceedings before the FSAB, the Commission argued that section 20 (4) of the Code imposes strict liability. This argument was rejected by the FSAB who expressed its position as follows:
“In our opinion, it is not appropriate to read section 20 (4) in isolation from the remainder of section 20, or indeed in isolation from the remainder of the Code. When read in context of the other provisions of section 20 and in the context of the remainder of the Code and in particular those set out above it is our view that section 20 (4) does not impose a strict liability on an entity to perform enhanced due diligence in the event that an applicant for business or customer happen to be a PEP if the entity is unaware that the customer is a PEP.”
This position was somewhat supported by the Respondent who further argued that it is a fundamental principle of English criminal law and quasi criminal law that where the Legislature has not made it clear that strict liability is intended, a statute should be interpreted to punish only blameworthy behavior. Therefore, in the absence of express provisions to the contrary or necessary implication, a criminal or quasi-criminal offence requires a mental element as well as an action element. 
Counsel for the Respondent argued that in circumstances where the Code advocates a risk based approach, it would be absurd to argue that they have an absolute obligation to get it right. While the systems employed to identify a PEP may be good, they are not infallible or fool proof. He submitted that the Court must consider that there will be cases when a PEP is not identified despite the fact that there are appropriate risk based assessments in place. Counsel argued that it is not in the interest of justice that someone who has taken reasonable care, and could not possibly have avoided committing an offence, should be punished by the law. Penalizing a person who is blameless goes against the principle that the criminal law punishes fault. Finally, Counsel argued that the Commission’s justification for imposing strict liability is untenable because the imposition of greater vigilance makes no sense where the legislature has prescribed a lesser obligation or standard in which entities are only encouraged to follow the less onerous regime of applying risk based policies.
Mens Rea is the mental element of a person’s intention to commit a crime or the knowledge that one’s action or lack of action would cause a crime to be committed. It is a necessary element of many crimes, so that when interpreting a statute, there is always a presumption of law that mens rea is required for an offence. There are however, certain factors which can, on their own or combined, displace the presumption that mens rea is required. This principle is most aptly demonstrated in the context of regulatory offences where usually (though not always) no real moral issue is involved, and where the maximum penalty is generally small. Such regulatory offences are imposed to promote compliance with the given regulatory scheme.
In Sweet v Parsley  Ms. Sweet, a teacher, took a sublease of a farmhouse outside Oxford. She rented the house to tenants, and rarely spent any time there. Unknown to her, the tenants were smoking cannabis on the premises. When they were caught, she was found guilty of being concerned in the management of premises which were being used for the purpose of smoking cannabis, contrary to the Dangerous Drugs Act 1965 (now replaced by the Misuse of Drugs Act 1971). Ms. Sweet appealed, on the ground that she knew nothing about what the tenants was doing, and could not reasonably have been expected to have known.
Lord Reid acknowledged that strict liability was appropriate for regulatory offences, or ‘quasi-crimes’ – offences which are not criminal ‘in any real sense’, and are merely acts prohibited in the public interest. However, the learned Judge observed that the kind of crime to which a real social stigma is attached should usually require proof of mens rea . In the case of such offences, it was not in the public interest that an innocent person should be prevented from proving their innocence in order to make it easier for guilty people to be convicted. Since their Lordships regarded the offence under consideration as being a ‘true crime’ – the stigma had, for example, caused Ms. Sweet to lose her job – they held that it was not a strict liability offence, and since Ms. Sweet did not have the necessary mens rea, her conviction was overturned.
Unfortunately, the courts have not gone further to lay down a list of those offences which they will consider to be regulatory offences rather than ‘true crimes’. They have however provided some general guidance. In Gammon v Attorney General of Hong Kong  the Privy Council had to consider whether the presumption that mens rea is required, is rebutted in the case of regulatory offences. In that case, the defendants were involved in building works in Hong Kong. Part of a building they were constructing fell down, and it was found that the collapse had occurred because the builders had failed to follow the original plans exactly. The Hong Kong building regulations prohibited deviating in any substantial way from such plans, and the defendants were charged with breaching the regulations, an offence punishable with a fine of up to $250,000 or three years’ imprisonment. On appeal, they argued that they were not liable because they had not known that the changes they made were substantial ones. However, the Privy Council held that the relevant regulations created offences of strict liability, and the convictions were upheld.
The Court in Gammon reasoned that, where a statute is concerned with an issue of social concern (such as public safety), and the creation of strict liability will promote the purpose of the statute by encouraging potential offenders to take extra precautions against committing the prohibited act, the presumption in favour of mens rea can be rebutted. The types of offences that do fall into this category cover behaviour which could involve danger to the public, but which would not usually carry the same kind of stigma as a crime such as murder or even theft.
In R v Blake  the Court applied Lord Scarman’s principles in Gammon and found that, though the presumption in favour of mens rea was strong because the offence carried a sentence of imprisonment and was, therefore, “truly criminal”, yet the offence dealt with issues of serious social concern in the interests of public safety (namely, frequent unlicensed broadcasts on frequencies used by emergency services) and the imposition of strict liability encouraged greater vigilance in setting up careful checks to avoid committing the offence.
The Court has no difficulty with the legal principles as adumbrated by the relevant authorities advanced by both sides. However, the Court is not satisfied that these arguments would be determinative of the issues raised in this Appeal. The arguments on strict liability were advanced on the basis that the circumstances in which the obligations under sections 20 and 21 are to be triggered are prefaced with language which variously ascribes an entity’s state of mind. The relevant preface in the case of section 20 is “which is determined to be a higher risk” while section 21 (1) includes the preface “where an entity makes a determination” and section 21 (4) ” where an entity …forms an opinion“. The argument seems to be that this establishes that the Commission needs to prove mens rea on the part of an alleged offender.
This Court does not agree. Mens rea in criminal law is concerned with the state of mind of a defendant. This is distinct from the circumstances of this particular case where what is required to be proved is that the entity carried out the particular act of making a determination or forming an opinion. The relevant provisions make it clear that this factor is an attendant circumstance or context which must exist in order to trigger the obligations imposed by these provisions. It does not, in Court’s opinion, describe the “guilty mind” or the intention to fulfill the actus reus of the offence or recklessness whether it be fulfilled. 
Simply put, (in the case of section 21) if an entity does not determine that a particular business relationship demanded a high risk rating then he would not be obliged to undertake a review or monitoring schedule consistent with section 21 (1). In order to prove that an alleged offender breached section 21 (1), the Commission would first have to be satisfied that the alleged offender had in fact made a determination that the business relationship presented a higher risk. Only when this is proved and it is further shown that customer who was assigned a high risk rating was not subject to any annual review in accordance with the Code could the entity be said to have committed an offence under Schedule 21 (1).
Similarly, although section 20 (4) sets out what qualifies a high risk transaction, liability under section 20 only arises when there is a determination that there is a high risk customer or transaction. If the entity identified a PEP, then it must classify the customer or transaction as high risk and apply enhanced due diligence measures. Where it fails to do so, the Court is satisfied on the authority of Gammon v Attorney General of Hong Kong  that the presumption of mens rea would be displaced and the entity would be strictly liable. However, if the entity has not identified a PEP and has not classified the transaction or customer as high risk, then on the strict reading of these provisions, it could not be in breach of section 20 or 21. There is nothing ambiguous about that.
In its decision, the FSAB stated that it applied the relevant statutory construction in order to avoid an absurd result. In the Courts’ judgment no absurdity arises here. The Respondent has failed to demonstrate that the consequences of the section are objectionable, undesirable unreasonable, unworkable, impracticable, anomalous or illogical. The wording is perfectly consistent with the expressed objective and there is therefore no real basis for importing the words suggested. In the Court’s judgment, the relevant legislative provisions do not present any grammatical ambiguity or semantic obscurity and as the meaning of the words are clear and no ambiguity arises then under the rule of statutory construction the statutory intention must be found in these words. In the Court’s judgment, there is no real doubt about the legal meaning of the provisions and so there is no need to move on to the second stage of the informed interpretive rule.
Claiming that one did not know NP1 was a PEP in circumstances when it clearly within one’s control to do so, would be an offence under section 22. The fact that the Respondent has admitted that NP1 is a PEP may no doubt strengthen the case for prosecution. At the very least, it presupposes that the Respondent’s systems were inadequate and warranted immediate remedial measures.
The Court is not satisfied that this interpretation would stultify or defeat the purpose or intention of the Legislature or produce an absurdity, anomaly or contradiction which would mandate a secondary interpretation. In this case, the regulatory regime is designed to regulate entities and the way they do business, so that money laundering and the financing of terrorism can be detected and deterred. In this way, the legislative regime seeks to maintain and enhance the Territory’s International reputation and to contribute to public confidence in the Financial Services Industry. Naturally, this involves determining whether or not particular customers are high risk and which processes or investigations must be completed if they are. If a regulated entity has reasonable assurance that a person or company poses some risk, they must then decide how much is an appropriate amount of information to gather and how often such information should be reviewed and updated.
Counsel for the Commission has argued that entities may well avoid liability by deliberately choosing to turn a blind eye to the fact that a person or company poses a higher risk. The objectives of this Code are not in doubt. They are clearly established under section 3 of the Code. They emphasize that the key to the effective implementation of the Financial Action Task Force (FATF) 40 Recommendations is the handling of the higher risks PEPs. To this end, regulated entities are required to take reasonable measures to determine whether a customer or beneficial owner is a domestic PEP and the Commission plays an important role in providing guidance on how to effectively apply the PEP requirements.
The determinative factor in the present case is that the Legislature has seen fit to enact a range of statutory offences which are predicated upon appropriate risk control systems. If an entity fails to employ appropriate risk based policies, processes and procedures for determining whether a customer is a PEP or if it fails does not take reasonable measures to establish the PEPs source of funds of wealth or if it fails to ensure a process of regular monitoring of the business relationship with a PEP then it makes perfect sense that such entity should be prosecuted under the provisions of sections 22 of the Code and 27 (4) of the Proceeds of Criminal Conduct Act. Conversely, it would make little sense to seek to prosecute an entity in respect of statutory breaches which are predicated on the entity having determined that the customer presents a higher risk, in circumstances where that particular context cannot be made out.
In light of the findings herein, the Court’s order is therefore as follows:
1. The FSAB’s decision with respect to the breach of sections 20 and 21 is upheld.
The Respondent will have its costs of this Appeal to be assessed, if not agreed.
Vicki Ann Ellis
High Court Judge
By the Court