Department of Internal Affairs v Jin Yuan Finance Ltd
[2019] NZHC 2510
•3 October 2019
IN THE HIGH COURT OF NEW ZEALAND AUCKLAND REGISTRY
I TE KŌTI MATUA O AOTEAROA TĀMAKI MAKAURAU ROHE
CIV-2017-404-002604
[2019] NZHC 2510
UNDER The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 IN THE MATTER
of an application for a pecuniary penalty order and restraining injunctions
BETWEEN
THE DEPARTMENT OF INTERNAL AFFAIRS
Plaintiff
AND
JIN YUAN FINANCE LIMITED
First Defendant
REX YOUNG
Second Defendant
Hearing: 24 July 2019 Appearances:
K E Hogan for the Plaintiff
J Ussher for the First Defendant (Given leave to withdraw)
Judgment:
3 October 2019
JUDGMENT OF WOOLFORD J
This judgment was delivered by me on Thursday, 3 October 2019 at 4:00 pm pursuant to r 11.5 of the High Court Rules.
Registrar/Deputy Registrar Date:
Solicitors:Kayes Fletcher Walker Ltd, Manukau City PCW Law Limited (J Ussher), Auckland
THE DEPARTMENT OF INTERNAL AFFAIRS v JIN YUAN FINANCE LIMITED [2019] NZHC 2510 [3
October 2019]
[1] In a statement of claim dated 30 October 2017, the Department of Internal Affairs (DIA) sought pecuniary penalties against Jin Yuan Finance Limited (JYFL) for civil liability acts under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the Act), as well as restraining orders against JYFL and a shareholder and director, Rex Young. Between 30 June 2013 and 30 June 2017 (the relevant period) JYFL carried on business as a financial institution, including transferring money for or on behalf of customers. During the relevant period, DIA alleges that JYFL committed civil liability acts in six different ways:
(a)It failed to conduct customer due diligence as required by sub-part 1 of Part 2 of the Act.1
(b)It failed to adequately monitor accounts and transactions.2
(c)It entered into and continued business relationships with customers who did not produce or provide satisfactory evidence of their identities.3
(d)It failed to comply with the requirement to report suspicious transactions.4
(e)It failed to keep records as required by sub-part 3 of Part 2 of the Act.5
(f)It failed to implement or maintain a compliance programme as required by sub-part 4 of Part 2 of the Act.
[2] On 16 April 2018, restraining orders were made without opposition against JYFL and Mr Young, restraining them from carrying out any financial activities within the definition of financial institutions in s 5 of the Act. Upon the grant of the only remedy sought against Mr Young, he took no further steps in the proceeding.
1 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 90(3). Maximum penalty of $2 million.
2 Section 90(2), maximum penalty of $1 million.
3 Section 90(2), maximum penalty of $1 million.
4 Section 90(3), maximum penalty of $2 million.
5 Section 90(3), maximum penalty of $2 million.
[3] On 19 December 2018, JYFL advised the Court that it intended to admit it committed the civil liability acts set out in the statement of claim, such that the sole issue for the hearing would be the appropriate pecuniary penalties. On 11 July 2019, JYFL confirmed it admitted the civil liability acts, but not the pleaded particulars of those acts. Counsel for JYFL also advised the Court that he would seek leave to withdraw. As a result, the Court directed that the penalty hearing proceed by way of formal proof. After granting leave to counsel for JYFL to withdraw, I then proceeded with the formal proof hearing on 24 July 2019.
Background
[4]JYFL was incorporated under the Companies Act 1993 on 30 October 2012.
[5] On 4 April 2013, JYFL was registered as a financial service provider as defined in s 5 of the Financial Service Providers (Registration and Dispute Resolution) Act 2008. From that date, JYFL was registered to provide the following financial services:
(a)Keeping, investing, administering, or managing money, securities, or investment portfolios on behalf of other persons;
(b)Operating a money or value transfer service; and
(c)Changing foreign currency.
[6] JYFL’s head office was situated at 125A Meadowland Drive, Sommerville, Auckland. It operated from its head office and nine outlets – eight of which were situated in Auckland and one in Hamilton.
[7] On 30 June 2013, the Anti-Money Laundering and Countering Financing of Terrorism Act came into force. It introduced a more rigorous regime for the monitoring of New Zealand’s financial system for the purposes of detecting and deterring money laundering and the financing of terrorism. JYFL was both a financial institution and reporting entity as defined in the Act. The Act set out extensive requirements on JYFL as a financial institution and reporting entity. These included conducting customer due diligence, monitoring accounts and transactions, requiring
customers to provide satisfactory evidence of their identities, reporting suspicious transactions, keeping records to enable every transaction to be reconstructed, and establishing, implementing and maintaining a compliance programme.
[8] In terms of the Act, DIA is one of three supervisors, the others being the Reserve Bank of New Zealand and the Financial Markets Authority. DIA is the designated supervisor of JYFL. It has issued publicly available Codes of Practice and Guidelines in relation to the Act.
[9] On 28 May 2013, before the Act came into force, DIA initiated contact with JYFL regarding its obligations under the Act. On 4 June 2013 and 26 March 2014, DIA met with JYFL to provide advice regarding its obligations under the Act. On 3 April 2014, DIA found JYFL’s written risk assessment and compliance programme to be non-compliant with the Act in a number of areas. On 22 April 2014, DIA proposed a remediation plan to JYFL, which was agreed. On 27 April 2014, JYFL emailed an updated written risk assessment and compliance programme to DIA. However, on 5 May 2014, DIA again found JYFL’s written risk assessment and compliance programme to be non-compliant. DIA provided extensive feedback to JYFL.
[10] JYFL then engaged Starfish Consulting Limited to assist with its written risk assessment and compliance programme. On 1 July 2014, JYFL emailed an updated written risk assessment and compliance programme to DIA. DIA found the written risk assessment and compliance programme predominantly met the Act’s minimum obligations.
[11] On 8 July 2014, JYFL further engaged AML Solutions Limited to conduct an audit of its written risk assessment and compliance programme and the operation of it for the period 30 June 2013 to 31 October 2014. AML Solutions Limited found that JYFL was unable to demonstrate compliance with the relevant requirements of the Act. DIA then requested JYFL to provide a copy of its current risk assessment and compliance programme and explain why AML Solutions Limited appeared to have been provided with a version of the written risk assessment and compliance
programme different from that emailed to DIA on 1 July 2014. JYFL did not respond to these requests.
[12] On 14 April 2015, DIA undertook an on-site inspection of JYFL. At the on- site inspection, Mr Rex Young, who was a director and shareholder of JYFL and who appeared to be in control of JYFL, advised DIA that in carrying out financial services, JYFL was using only one New Zealand bank account in the name of Jin Yuan Holiday Limited.
[13] Following the on-site inspection, DIA issued an on-site inspection report dated 1 May 2015. It recorded that JYFL was non-compliant with the Act’s requirement in a number of different areas. In particular, JYFL’s risk assessment and compliance programme was non-compliant. Customer due diligence was also non-compliant in that, for example, JYFL was not identifying whether individual customers were acting on behalf of another person or entity and was rarely carrying out enhanced customer due diligence in relation to large or suspicious transactions. Certain records regarding customer due diligence had not been kept.
[14] JYFL’s suspicious transaction reporting was also non-compliant because staff had minimal knowledge of suspicious transaction obligations and reporting processes. It did not make suspicious transaction reports within three working days of the occurrence of factors that should have given rise to a reasonable suspicion.
[15] Finally, JYFL’s record keeping was non-compliant because the written risk assessment could not be located and records relating to enhanced customer due diligence appeared to have not been kept.
[16] On 7 July 2015, DIA issued JYFL with a formal warning in terms of s 80 of the Act, which enables a formal warning to be given if the Act supervisor has reasonable grounds to believe that the person has engaged in conduct that constitutes a civil liability act. Subsequently, JYFL provided DIA with an updated written risk assessment and updated compliance programme. The risk assessment, again, advised that in carrying out financial services, JYFL was using only one New Zealand bank
account in the name of Jin Yuan Holiday Limited. This was confirmed once more by JYFL on 29 October 2015.
[17] On 16 December 2015, following information received, DIA asked JYFL if it had currently or historically any direct or indirect banking agreements with a number of other specified companies. On 22 January 2016, JYFL provided DIA with “letters of authorisation” signed by Mr Young, for JYFL, purporting to have been issued by the named companies on various dates in 2014. On 25 January 2016, JYFL confirmed that bank accounts in these names were currently being used by JYFL. In response to a further request by DIA, on 28 January 2016 JYFL provided DIA with “letters of authorisation” in respect of two individuals. Also in January 2016, JYFL provided DIA with a staff list which described 10 of the 19 staff members as volunteers. Such volunteers did not have the necessary permission from Immigration New Zealand to work in New Zealand.
[18] On 9 March 2016, DIA undertook a second on-site inspection in which DIA formed the view that Mr Young endeavoured to mislead them regarding the bank accounts being used by JYFL and his knowledge of them. Following the second on- site inspection, DIA requested further information from JYFL regarding yet further bank accounts in the name of other companies.
[19] On 24 May 2016, DIA issued a second on-site inspection report. It recorded that JYFL’s compliance officer was not permitted to work in New Zealand. It also recorded that JYFL’s risk assessment was non-compliant with the Act’s requirements because it was premised on JYFL using one New Zealand bank account when it was using multiple bank accounts in the name of third parties and made no reference to the risks associated with the use of such accounts or JYFL’s use of text messages to advise customers of bank account numbers. The risk assessment made no reference to having customers that were not private individuals and was not current and effective.
[20] The compliance programme continued to be non-compliant because it did not address monitoring customer account activity and transaction behaviour in bank accounts, other than that in the name of Jin Yuan Holiday Limited. It did not address the identification and reporting of suspicious transactions in bank accounts other than
in the name of Jin Yuan Holiday Limited. It did not address storing and analysing text and App messages sent regarding customer transactions. Furthermore, JYFL’s customer due diligence was non-compliant. Its account monitoring was non- compliant. Its suspicious transaction reporting was non-compliant and its record keeping was non-compliant.
[21] Correspondence then followed between JYFL and DIA in which DIA requested that JYFL provide it with an independent audit. Accordingly, on 17 November 2016, JYFL engaged AML Solutions Limited to conduct an audit for the period 1 November 2014 to 31 October 2016. As recorded in AML Solutions Limited’s report dated 30 November 2016, JYFL was unable to demonstrate compliance with relevant requirements of the Act. JYFL has not been independently audited since 30 November 2016.
[22] During the relevant period, JYFL carried out a large number of transactions through the account of Jin Yuan Holiday Limited. In addition, it carried out an unidentifiable number of transactions through at least five other company’s accounts.
[23] During the relevant period, JYFL submitted suspicious transaction reports relating to 32 transactions. This can be seen against the volume of transactions. For instance, in the year 1 July 2013 to 30 June 2014, JYFL declared 25,988 transactions with a gross value of $122,237,698. It declared that 90 per cent of its annual revenue came from international wire transfer/electronic fund transfer services.
[24] The last suspicious transaction report by JYFL during the relevant period was submitted on 2 February 2016. Some of the reports do not comply with the requirements of the Act. None of the suspicious transaction reports submitted by JYFL related to transactions that were carried out through accounts other than Jin Yuan Holiday Limited. During the relevant period JYFL had reasonable grounds to believe that transactions it carried out, other than those which it had declared, were suspicious. That is because suspicious transaction reports were submitted by other reporting entities such as banks, in relation to transactions carried out by JYFL that were not the subject of a suspicious transaction report by JYFL.
[25] The DIA filed the statement of claim on 30 October 2017. JYFL says that it ceased trading on 15 February 2018.
Previous pecuniary penalty decisions under the Act
[26] Section 90(4) of the Act states the Court must have regard to all relevant matters in determining an appropriate pecuniary penalty, including:
(a)the nature and extent of the civil liability act; and
(b)the likelihood, nature, and extent of any damage to the integrity or reputation of New Zealand’s financial system because of the civil liability act; and
(c)the circumstances in which the civil liability act occurred; and
(d)whether the person has previously been found by the court in proceedings under this Act to have engaged in any similar conduct.
[27] There have been two previous pecuniary penalty decisions under the Act - Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Limited,6 and Department of Internal Affairs v Qian Duoduo Limited.7 Both of these decisions relate to civil liability acts committed by money remittance businesses, very similar to the civil liability acts in this case. The methodology used to assess appropriate penalties was the same in both cases. It requires:8
(a)Assessing the seriousness of the civil liability acts to select a starting point based on the seriousness of the non-compliance and the aggravating and mitigating factors relating to it.
(b)Next, considering aggravating and mitigating factors relating to the circumstances of the reporting entity, to determine whether these warrant imposition of a higher or lower penalty.
6 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Limited
[2017] NZHC 2363 [Ping An].
7 Department of Internal Affairs v Qian Duoduo Limited [2018] NZHC 1887 [Qian Duoduo].
8 Ping An at [88], approved in Qian Duoduo at [25].
(c)Next, deducting from the starting point to reflect any admission of liability and/or co-operation with the authorities, especially in relation to others who have breached the Act.
(d)Finally, taking into account totality considerations by looking at the number of separate breaches, ensuring there is no overlap between the penalties imposed for different types of non-compliance, and considering whether the total penalty imposed fairly and adequately reflects the overall extent of non-compliance.
[28] In Ping An, Toogood J found that there had been “serious, systemic deficiencies in complying with a multiplicity of obligations under the Act, result[ing] in widespread contraventions against several key areas which were not isolated or infrequent.” He also found that the sole director/shareholder of Ping An had misled DIA in the course of its investigation and demonstrated a complete disregard for the Act’s requirements, if not a wilful intention to flout them. He found that the company’s non-compliance amounted to a calculated and contemptuous disregard for the Act’s requirements and that the non-compliance “was a cultural norm within the business”.
[29]In particular, Toogood J found that the company:
(a)did not carry out the customer due diligence required of it under the Act, evinced by its failure to provide to DIA any adequate transaction or identity and verification records;
(b)failed to adequately monitor accounts and transactions, again evidenced by Ping An’s paucity of records;
(c)breached the Act’s prohibition against entering or continuing business relationships with customers who did not evince their identity;
(d)failed to keep appropriate records for 1,588 transactions totalling
$105,413,026.44, 362 customers and 122 business relationships;
(e)carried out 173 transactions with indicia of suspicious transactions, but failed to submit a single suspicious activity report.
He described Ping An’s failure as being at the higher end of non-compliance.
[31] Toogood J imposed pecuniary penalties on Ping An totalling $5.29 million and granted restraining injunctions against Ping An and its sole director/shareholder. The pecuniary penalties were reached as follows:
(a)Starting points:
(i)Failure to conduct customer due diligence: $1.3 million (65 per cent of the maximum penalty of $2 million);
Failure to adequately monitor accounts and transactions:
$500,000 (50 per cent of the maximum penalty of $1 million);
(iii)Entering into or continuing business relationships with insufficiently identified persons: $500,000 (50 per cent of the maximum penalty of $1 million);
(iv)Failure to keep records: $1 million (50 per cent of the maximum penalty of $2 million);
(v)Failure to report suspicious transactions: $1.3 million (65 per cent of the maximum penalty of $2 million).
(b)He then applied a 15 per cent uplift for misleading conduct (which included advising DIA that Ping An would cease financial activity, which it did not).
(c)Section 74 of the Act provides that a person may not be required to pay more than one civil penalty in respect of the same or substantially the same conduct. Toogood J noted that there was a degree of overlap in
Ping An’s non-compliance, but was satisfied that the particular conduct relied upon by DIA to found each claim was discrete.
(d)He declined to reduce the penalties on a totality basis.
[32] In contrast to Ping An, in the case of Qian Duoduo, Powell J concluded that Qian DuoDuo Ltd’s (QDD) failures cumulatively stood at the lower end of non- compliance.
[33] Powell J repeatedly emphasised the parties’ agreement that QDD did not deliberately intend to breach the Act. Powell J did not accept that the mere fact of filing documents indicated that QDD was aware of its obligations. He found that QDD was not aware until the DIA investigation that it was substantially non-compliant.
[34]It was also deemed to be relevant that:
(a)QDD misunderstood its obligations in relation to customer due diligence when carrying out wire transfers;
(b)if the transactions where QDD acted as an intermediary between other money remitters ($94 million worth) had occurred after July 2015, QDD would have been able to call in aid the “managing intermediaries’ exemption” and avoid customer due diligence obligations.
(c)QDD erroneously thought that WeChat and Skype records remained permanently available.
(d)QDD was generally co-operative with the DIA investigation.
[35] Powell J placed significant weight on QDD’s good faith reliance on consultants and DIA approval of its systems. He found that that provided critical context to QDD’s civil liability acts and substantially reduced its culpability to the lowest level.
[36] Powell J imposed pecuniary penalties on QDD totalling $356,000, reached as follows:
(a)Starting points:
(i)Failures in respect of risk assessments: $225,000 (from a maximum penalty of $2 million);
(ii)Failures in respect of enhanced customer due diligence:
$175,000 (from a maximum penalty of $2 million);
(iii)Failures in respect of ongoing customer due diligence and account monitoring: $100,00 (from a maximum penalty of $1 million);
(iv)Failures in respect of keeping adequate records: $120,000 (from a maximum penalty of $2 million).
(b)In light of an overlap between the first three failures, he reduced the total penalties for them to $300,000.
(c)He then applied a $25,000 uplift (six per cent of the starting point) for misleading behaviour (namely, post-dating third-party agreements, which “can only be construed as an attempt to mislead the DIA”).
(d)He held that “nothing in the DIA investigation in any way caused or otherwise induced the civil liability acts” and that “any communication difficulties are simply irrelevant to the circumstances of the civil liability acts”. Also, no discount could be claimed for “previous good character”.
(e)He applied a discount of 20 per cent for QDD’s admission of liability, co-operation, and subsequent steps to ensure compliance.
The nature and extent of JYFL’s civil liability acts
[37] The DIA submits that JYFL’s conduct created a real avenue for money laundering or the financing of terrorism to have occurred in New Zealand and that the case is highly analogous to Ping An.
[38] In Ping An and Qian Duoduo, the total value of non-compliant transactions was referred to: 1588 transactions totalling $105 million over a 12 month period and 1327 transactions totalling $136 million over an eight month period in the latter. In this case, because of the complex network of bank accounts used by JYFL, the DIA has been unable to calculate the total value of non-compliant transactions. However, JYFL was using a total of 17 bank accounts to carry out its money remittance business. During the relevant period some 55,097 transactions with a gross value of
$278.5 million were declared to the DIA by JYFL. On the evidence before me it can be inferred that JYFL’s actual business, including through non-disclosed bank accounts, involved significantly greater figures. Reports to the DIA by other entities have disclosed a significant volume of suspicious transactions involving JYFL. The DIA has also pointed to examples of JYFL processing large transactions that should have been reported, made in divided portions in an apparent effort to avoid suspicion.
[39] Given the DIA’s extensive engagement with JYFL to educate it about the Act’s requirements, as well as JYFL’s own risk assessment and compliance programmes, it can be inferred that JYFL was aware of its obligations and that its civil liability acts were intentional. The non-compliance, including its use of 16 non-disclosed bank accounts, continued even after JYFL was issued a published formal warning under s 80 of the Act. An inference is available that JYFL was deliberately concealing its use of non-disclosed bank accounts as a number of its bank accounts had been closed by the major banks on the basis of risk under the Act.
Starting point
[40] Overall, I consider JYFL’s breaches as at the higher end of non-compliance with the Act’s requirements. Accordingly, I set the starting points as follows:
(a)$1.3 million for failing to conduct customer due diligence (65 per cent of maximum penalty);
(b)$500,000 for failing to adequately monitor accounts and transactions (50 per cent of maximum penalty);
(c)$500,000 for entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity (50 per cent of maximum penalty);
(d)$1.3 million for failing to report suspicious transactions (65 per cent of maximum penalty);
(e)$1 million for failing to keep records (50 per cent of maximum penalty).
[41] However, based on the s 74 ‘one penalty only’ rule, the penalties for failing to conduct customer due diligence and entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity will be conflated since they relate to much the same conduct. The overall starting point is therefore $4.1 million.
Aggravating/mitigating factors
[42] Having reviewed the evidence, I am satisfied that JYFL’s behaviour was misleading. An inference is available that JYFL was deliberately concealing its use of non-disclosed bank accounts. JYFL made numerous express representations to the DIA that it was only using one New Zealand bank account, including in its risk assessments and in inspections, as well as to the consultant it hired. Letters of authorisation to some of the bank accounts were apparently backdated to 2014 before being provided to the DIA. JYFL admitted its use of non-disclosed accounts piecemeal and only once directly confronted by the DIA. A 15 per cent uplift is available in respect of JYFL’s misleading behaviour. This takes the total penalty to
$4,715,000.
[43] No discount is available for JYFL’s cooperation with the DIA or steps taken by JYFL to achieve compliance with the Act. JYFL provided vague or misleading information to the DIA and failed to rectify its non-compliance. JYFL represented that it ceased trading on 15 February 2018.
[44] The DIA acknowledges that an early stage in the proceeding JYFL did not oppose a restraining order being made against it. JYFL has admitted the civil liability acts, but not the particulars of them. A discount for admission of liability will be less than in Qian DuoDuo, where a statement of facts was agreed. A 15 per cent discount is available. This produces an end penalty of $4,007,750.
Decision
[45]JYFL is to pay to the DIA a pecuniary penalty in the sum of $4,007,750.
[46] As this is a civil proceeding the DIA is entitled to costs on a 2B basis. I will determine any costs issues that arise following the filing of memorandum.
Order
[47]Orders accordingly.
Woolford J
7
0
0