Security of Clients’ Assets: Thematic Feedback for Trust and Corporate Service Providers

Issued July 2019 Security of Clients’ Assets Thematic feedback for Trust and Corporate Service Providers July 2019

Isle of Man Financial Services Authority Issued July 2019 Page 2 of 6 Contents

1. Introduction .......................................................................................................................3 1.1. Regulatory objectives..................................................................................................3
2. Overview ............................................................................................................................3 2.1 Trust and company law...............................................................................................3 2.2 Regulatory requirements ............................................................................................3 2.3 Purpose of feedback....................................................................................................4 2.4 Risks to statutory objectives of the Authority ............................................................4
3. Findings of themed visits...................................................................................................4 3.1 The visits......................................................................................................................4
4. Good practice.....................................................................................................................4 4.1 Yachts and aircraft.......................................................................................................4 4.2 Property holding structures........................................................................................5
5. Areas for improvement......................................................................................................5 5.1 Art and jewellery .........................................................................................................5 5.2 Insurance.....................................................................................................................5
6. Management controls........................................................................................................6 6.1 Effective policies and procedures................................Error! Bookmark not defined.
7. External links......................................................................................................................6 7.1 Links and articles relevant to this topic ......................................................................6

Isle of Man Financial Services Authority Issued July 2019 Page 3 of 6

1. Introduction 1.1. Regulatory objectives One of the Authority’s regulatory objectives is “securing an appropriate degree of protection for… the customers of persons carrying on a regulated activity”. The protection of clients’ assets is a key aspect of this objective. It is therefore essential that licenceholders make adequate arrangements to segregate clients’ assets from their own, and that they establish and maintain appropriate policies and procedures to limit the risk or potential for loss to clients. The Authority provided feedback in March 2019 on client money and other assets covered by the Clients’ Assets Report. This document complements the Clients’ Assets Report feedback and addresses the protection of other types of clients’ assets which are held by TCSPs, concentrating on physical assets such as yachts, aircraft, property and chattels.
2. Overview 2.1 Trust and company law The protection of clients’ assets is a core function of a TCSP business. The duty of care owed by a TCSP to its customers includes but is not limited to trustees’ and directors’ duties. Trust law and company law establish the responsibilities of trustees and directors. Where trustees and directors act in a professional capacity on behalf of a TCSP, the proper discharge of their duties is an important element of the protection of the assets in those companies and trusts. The Authority has issued guidance to TCSPs on directorships, trusteeships and similar responsibilities held by directors and individuals in ‘controlled functions’ linked to rules 8.3 and 8.62. 2.2 Regulatory requirements Part 3 of the Financial Services Rule Book “Clients’ Money” contains detailed requirements for the operation of bank accounts which hold clients’ money and trust money 1 . In contrast to clients’ money, the rules specific to safeguarding other client assets are brief. The principal requirement2 is at rule 8.3 “Management controls” which requires at 8.3(2)(d) that a licenceholder “… must establish and maintain appropriate internal and operational controls, systems, policies and procedures relating to all aspects of its business to ensure … the safeguarding of assets belonging to clients for which the licenceholder is responsible. For the avoidance of doubt, in this rule “assets” includes money, property and investments”.

1 Money in the bank account of a client company is an asset of that company, and not client money 2 More general rules on standards of conduct include, but are not limited to, skill care and diligence (rule 6.1) risk management (8.6) and clients’ records (8.28).

Isle of Man Financial Services Authority Issued July 2019 Page 4 of 6 2.3 Purpose of feedback This feedback is intended to assist TCSPs in protecting the assets of trusts and companies to which they provide services.

2.4 Risks to statutory objectives of the Authority The risk of financial loss is relevant to the objective of appropriately safeguarding customers. This risk includes destruction of an asset, theft of moveable property such as works of art, and loss or destruction of title deeds. Risks from financial crime include identity theft to raise a mortgage or purport to sell a property, and cyber threats including hacking of yachts’ systems. A significant loss of clients’ assets might damage the reputation of the Isle of Man. A claim from a client as a result of such a loss would also have adverse financial and reputational implications for the TCSP concerned. 3. Findings of themed inspections 3.1 The inspections The Authority carried out 21 themed inspections across a sample of TCSPs to gain a greater understanding of the type of assets held by structures, and the measures being taken to protect and manage assets. In general we found that the controls were most effective for yachts and aircraft, which have the highest perceived risk. Thus to some extent the approach of TCSPs to the security of assets varied according to the nature and relative value of the assets. However, chattels such as works of art can still have values in the millions and represent a significant financial risk. 4. Good practice 4.1 Yachts and aircraft As well as being high value assets, yachts and aircraft can pose significant risks to the safety of third parties. They are subject to stringent requirements for registration and inspection. TCSPs collected a wealth of information in order to meet the requirements for registration. Some licenceholders also handled crew management and yacht administration. TCSPs demonstrably understood and monitored the assets. Most had comprehensive files and review checklists in place. Staff working on the files understood the management of the asset, and how it was operating.

Isle of Man Financial Services Authority Issued July 2019 Page 5 of 6 4.2 Property holding structures The risks to third parties from buildings are less than for yachts and aircraft, but still material. The majority of licenceholders appeared to be managing property holding structures with appropriate skill and diligence. Many licenceholders retained a separate file for each property which contained all the appropriate documents relating to the property. However, some TCSPs were not able to evidence that all property was insured. 5. Areas for improvement 5.1 Art and jewellery Chattels present little risk to third parties, but are vulnerable to loss, theft and damage. These assets can be high value; global art sales reached an estimated $67.4 billion in 20183 . Works of art were not always valued, located or properly reviewed. The issues identified included:  Location of assets not verified  Acquisition of works of art not properly documented  Jewellery not insured, and rationale for this not formally documented  Chattel not verified as genuine or appraised by a specialist in the appropriate field  An asset was listed in company or trust accounts but no documentation relating to the chattel was retained on file Some licenceholders did not have the same systems for retaining information on chattels as for other asset classes. When chattels were held by a customer or person related to the customer, this position was not always monitored or documented on file. 5.2 Insurance In general where a client entity owns a building or other asset, the directors or trustees would be expected to insure that asset. Failing that, they should establish and evidence that it has been validly insured by somebody else, or make and evidence a decision not to obtain insurance. On some occasions, however, the Authority’s review of client files identified that the directors of a company had neither insured the assets, nor established that somebody else had insured them, nor made a decision not to insure the assets. Observations included:

3 Source - 2019 Art Basel and UBS Global Art Market Report

Isle of Man Financial Services Authority Issued July 2019 Page 6 of 6  Property was not insured or the insurance had expired  Procedures for monitoring renewals were not documented or included in the file review process  No copy of the insurance had been retained on client files  Responsibility of a third party to insure was not formally documented on file or minuted  Insurance documents had not been translated into English Licenceholders should have appropriate procedures to manage the insurance of client assets. 6. Management controls 6.1 Effective policies and procedures Effective policies and procedures relating to client assets should:  Cover all types of client asset  Maintain evidence of legal ownership  Verify the location and condition of the asset  Value the asset  Identify the risks arising from the asset  Identify appropriate controls to manage the risks of the asset  Maintain appropriate insurance, or ensure that another party is doing so  Ensure that agreements are documented and current The effectiveness of these policies and procedures should be subject to periodic monitoring and reporting by internal audit or compliance. Where staff in these internal control functions also have involvement in operational functions related to client assets, an independent external review is recommended. 7. External links 7.1 Links and articles relevant to this topic The following links are to sites that are not maintained or endorsed by Isle of Man Public Services which accepts no responsibility for the accuracy or currency of information provided on these sites. UK Government – “Protect your land and property from fraud” STEP guidance note on property holding by trustees (Part 9 addresses insurance) Boat International article on cyber-crime risks for yachts