Financial Markets Authority v Tiger Brokers (NZ) Limited
[2023] NZHC 1625
•28 June 2023
ORDER PROHIBITING PUBLICATION OF NAMES OR IDENTIFYING PARTICULARS OF DEFENDANT’S CUSTOMERS: SEE [72]. IN THE HIGH COURT OF NEW ZEALAND AUCKLAND REGISTRY
I TE KŌTI MATUA O AOTEAROA TĀMAKI MAKAURAU ROHE
CIV-2022-404-2435
[2023] NZHC 1625
UNDER the Anti Money Laundering and Countering Financing of Terrorism Act 2009 BETWEEN
FINANCIAL MARKETS AUTHORITY
Plaintiff
AND
TIGER BROKERS (NZ) LIMITED
Defendant
Hearing: 23 March 2023 Appearances:
S McMullan and M Djurich for the Plaintiff W M Irving and C F Butters for the Defendant
Judgment:
28 June 2023
JUDGMENT OF GAULT J
This judgment was delivered by me on 28 June 2023 at 4:00 pm pursuant to r 11.5 of the High Court Rules 2016.
Registrar/Deputy Registrar
……………………………………
Solicitors:
Mr S McMullan and Mr M Djurich, Meredith Connell, Office of the Crown Solicitor, Auckland Mr W M Irving and Ms C F Butters, Russell McVeagh, Auckland
FINANCIAL MARKETS AUTHORITY v TIGER BROKERS (NZ) LTD [2023] NZHC 1625 [28 June 2023]
[1] By statement of claim dated 21 December 2022, the Financial Markets Authority (FMA) filed civil proceedings against Tiger Brokers (NZ) Ltd (Tiger) alleging four breaches of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the Act):
(a)failing to conduct customer due diligence;1
(b)failing to terminate a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity;2
(c)failing to report suspicious transactions;3 and
(d)failing to keep records.4
[2] On 22 December 2022, Tiger filed a notice of admissions admitting the facts pleaded and causes of action in the statement of claim and that the FMA is entitled to a pecuniary penalty in such sum as the Court considers just in relation to each of the causes of action and costs.
[3] The parties provided helpful submissions. They agreed that the appropriate penalty would be $900,000 but acknowledged that the amount of any pecuniary penalty is a matter for the Court.
[4]This judgment addresses the appropriate penalty.
[5] As a preliminary matter, leave is required to disclose in this proceeding any information contained in a suspicious activity report,5 relevant to the third breach. Where possible, leave should be sought at the first appearance. That is when suppression issues may also arise. In this case, I am satisfied that the disclosure of the information is necessary in the interests of justice and grant leave accordingly.
1 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 78(a).
2 Section 78(c).
3 Section 78.
4 Section 78(e).
5 Section 47(1).
Factual background
[6] The FMA is the supervisor responsible for monitoring and enforcing Tiger’s compliance with the Act.
[7] Tiger is the New Zealand based subsidiary of Tiger Fintech (Singapore) PTE Ltd. Tiger provides sharebroking services and is a reporting entity for the purposes of the Act. Tiger has been a reporting entity for the purposes of the Act since 12 November 2015.6
[8] Tiger provides its sharebroking services through an online trading platform called Tiger Trade. Orders which customers enter through Tiger Trade are executed by a clearing broker. Tiger charges its customers a commission which varies depending on the way in which the customer was introduced to Tiger and the type of transaction made.
[9] Between 30 June 2019 and 30 June 2020, Tiger had a business relationship with between 69,705 and 126,230 customers each year. During that same period, it undertook between 296,032 and 5.4 million transactions annually, to a gross annual value of between approximately $3.6 billion and $35 billion.
[10] On 9 April 2019 and 4 October 2019, the FMA conducted monitoring visits at Tiger’s offices. As a result of these monitoring visits, on 20 March 2020 the FMA issued Tiger with a formal warning. The formal warning identified suspected failures in respect of Tiger’s obligations to conduct customer due diligence, including its obligations to:
(a)undertake adequate verification of identity information;
(b)obtain sufficient information to determine whether enhanced customer due diligence should be undertaken;
6 In relevant periods until 1 June 2019, Tiger’s name was Top Capital Partners Ltd.
(c)conduct enhanced customer due diligence where required and to an adequate standard;
(d)take reasonable steps to determine whether relevant individuals are politically exposed persons; and
(e)conduct ongoing customer due diligence.
[11] The formal warning also identified suspected breaches of Tiger’s obligation to file suspicious activity reports.
[12] The formal warning required Tiger, among other things, to review the adequacy of customer due diligence information held in respect of all existing customers and obtain all relevant additional source of funds or source of wealth information required to continue its business relationship with those customers.
[13] After issuing the formal warning in March 2020, the FMA commenced an investigation into Tiger’s compliance with the Act. It did so by issuing notices under s 25 of the Financial Markets Authority Act 2011, requiring Tiger to provide specified information to the FMA.
[14] On 30 September 2020, Tiger advised the FMA that it had completed the actions required in the formal warning. Its remediation steps went beyond the strict requirements of the FMA’s formal warning.
[15] On 2 October 2020, Tiger confirmed that it was terminating the accounts of 3,748 customers (on its account, approximately three per cent of its customers) as it had inadequate or incomplete customer due diligence information relating to these customers. Enhanced customer due diligence information was required in respect of 3,614 of these customers.
[16] Tiger’s inability to comply with initial deadlines for responding to the FMA’s s 25 notices was the result of several factors: Tiger did not hold all documents required to be held under subpart 3 of Part 2 of the Act in a form which would enable them to be readily accessible (as the Act requires); much of Tiger’s data was hosted in China
(including by third parties) and access to this data was difficult to obtain; even when Tiger gained access to its data, it was so voluminous and lacked organisation that it made responding to the notices time-consuming; and many of the documents requested by the FMA were in the Chinese language and required translation.
[17] Upon reviewing the records provided in response to the notices, the FMA identified varying degrees of non-compliance with the Act in respect of 30 of 33 sample customers. Consequently, the FMA commenced this proceeding.
Obligations under the Act
[18] As Mr McMullan, for the FMA, submitted, Part 2 of the Act plays an important role in New Zealand’s regulatory landscape. Its purposes are to detect and deter money laundering and the financing of terrorism; maintain and enhance New Zealand’s international reputation; and to contribute to public confidence in the financial system.7
[19] To achieve these purposes, Part 2 of the Act imposes a number of stringent, but important, obligations on reporting entities. These obligations were summarised by Toogood J in Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd,8 and adopted by Edwards J in Financial Markets Authority v CLSA Premium New Zealand Ltd,9 as follows:
(a)Subpart 1 addresses customer due diligence obligations which must be observed before a reporting entity can carry out a transaction for that customer, prescribing a hierarchy of standards (simplified, standard and enhanced) depending on the nature and circumstances of the customer.
(b)Subpart 2 places a statutory duty on a reporting entity to convey to the Commissioner of Police information that comes to its attention in respect of which it has reasonable grounds to suspect it may be relevant to the investigation or prosecution of money laundering, or the enforcement of the Misuse of Drugs Act 1975, the Terrorism Suppression Act 2002, the Proceeds of Crime Act 1991, or the Criminal Proceeds (Recovery) Act 2009.
7 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 3.
8 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [21].
9 Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325, [2021] NZCCLR 16 at [21].
(c)Subpart 3 specifies that reporting entities must keep records relating to every transaction, with strict requirements of details to allow the ready reconstruction of transactions and the identification and verification of the persons involved.
(d)Subpart 4 provides that every reporting entity must have a compliance programme and a compliance officer and sets minimum standards for such programmes.
Requirement to conduct customer due diligence
[20] A reporting entity must conduct customer due diligence if it establishes a business relationship with a customer, or if a customer seeks to conduct an “occasional transaction” through the reporting entity.10
[21] At a minimum, Tiger had to undertake standard customer due diligence. This required it to obtain verified information relating to each customer’s identity, the nature and purpose of the proposed business relationship, and sufficient information to determine whether the customer should be subject to enhanced customer due diligence.11
[22] Enhanced customer due diligence is required where, for example, a customer seeks to conduct a transaction through the reporting entity which is complex or unusually large, or is a part of an unusual pattern of transactions that have no apparent or visible economic or lawful purpose.12 It is also required whenever a suspicious activity report must be filed.13 Enhanced customer due diligence requires, in addition to the standard customer due diligence requirements, verified information relating to the source of a customer’s funds or wealth.14
Requirement to terminate business relationships
[23] The Act prohibits a reporting entity from establishing or continuing a business relationship with a customer, or carrying out an occasional transaction for a customer, where adequate customer due diligence cannot be completed.15 Where a business
10 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 14.
11 Sections 15-17.
12 Section 22(1)(c).
13 Section 22A.
14 Sections 23(1)(a) and 24(1).
15 Section 37(1).
relationship has been established, this effectively requires the reporting entity to terminate the relationship.
Requirement to report suspicious activities
[24] Reporting entities are required to make “suspicious activity reports” to the Commissioner of Police. This enables the Police Financial Intelligence Unit to collect information from reporting entities and then disseminate it to law enforcement and relevant regulatory agencies. A suspicious activity is, relevantly, an activity in which a person conducts or seeks to conduct a transaction through a reporting entity, and the reporting entity has reasonable grounds to suspect the transaction may be relevant to the investigation or prosecution of any person for money laundering, or for a criminal offence, or relevant to the enforcement of the statutes referred to at [19](b) above.16 The Act requires reports to be made in a specified form within three working days of forming the requisite suspicion.17
[25] As Toogood J indicated in Ping An, the test for this suspicious activity reporting obligation is an objective one, requiring a report where an objective observer would conclude that reasonable grounds for suspicion were known to the reporting entity.18
Requirement to keep records in the prescribed manner
[26] The Act prescribes in Subpart 3 of Part 2 the way in which reporting entities are required to maintain records obtained for the purpose of compliance. For every transaction that a reporting entity undertakes for a customer, the Act requires the reporting entity to “keep those records which are reasonably necessary to enable that transaction to be readily reconstructed at any time”.19 The Act also prescribes the way in which records are to be kept—“either in written form in the English language, or so as to enable the records to be readily accessible and readily convertible into written form in the English language”.20 This Court has interpreted this retention obligation
16 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 39A.
17 Section 40(3).
18 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [64].
19 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 49.
20 Section 52.
to mean to keep records in such a way as to enable them to be viewed either immediately, or upon request within a reasonable time.21
Civil liability acts
[27] Section 78 of the Act provides that a failure to comply with any of the requirements set out in Part 2 of the Act (defined as AML/CFT requirements) amounts to a “civil liability act” for the purposes of the Act’s enforcement regime. These include relevantly:
78 Meaning of civil liability act
In this Part, a civil liability act occurs when a reporting entity fails to comply with any of the AML/CFT requirements, including, without limitation, when the reporting entity—
(a)fails to conduct customer due diligence as required by subpart 1 of Part 2:
…
(c) enters into or continues a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity:
…
(e)fails to keep records in accordance with the requirements of subpart 3 of Part 2:
…
Pecuniary penalties
[28]Section 90 of the Act relevantly provides:
90 Pecuniary penalties for civil liability act
(1)On the application of the relevant AML/CFT supervisor, the High Court may order a person to pay a pecuniary penalty to the Crown, or to any other person specified by the court, if the court is satisfied that that person has engaged in conduct that constituted a civil liability act.
21 Department of Internal Affairs v OTT Trading Group Ltd [2020] NZHC 1663 at [76]-[78]; Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325, [2021] NZCCLR 16 at [71].
(2)For a civil liability act specified in section 78… (c)… the maximum amount of a pecuniary penalty under this Act is,—
…
(b) in the case of a body corporate … $1 million.
(3)For a civil liability act specified in section 78(a)… (e)… the maximum amount of a pecuniary penalty under this Act is,—
…
(b) in the case of a body corporate … $2 million.
(4)In determining an appropriate pecuniary penalty, the court must have regard to all relevant matters, including—
(a)the nature and extent of the civil liability act; and
(b)the likelihood, nature, and extent of any damage to the integrity or reputation of New Zealand’s financial system because of the civil liability act; and
(c)the circumstances in which the civil liability act occurred; and
(d)whether the person has previously been found by the court in proceedings under this Act to have engaged in any similar conduct.
Maximum penalties
[29] Under s 90, the maximum penalty for the civil liability acts of failing to conduct customer due diligence and failing to keep records is $2 million in the case of a body corporate. The maximum penalty for failing to terminate a business relationship is $1 million in the case of a body corporate.
[30] Section 90 does not provide a maximum penalty for failing to comply with the Act’s requirement to report suspicious transactions under s 40 in Subpart 2 of Part 2. However, I adopt the same approach as Toogood J in Ping An and Edwards J in CLSA, that is, I apply a notional ceiling of $2 million on the penalty for this civil liability act.22
22 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [86], and Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325, [2021] NZCCLR 16 at [25].
[31] Accordingly, the total maximum penalty available against Tiger for the four separate breaches is $7 million.
Approach to determining penalty
[32] The Court’s approach to determining the quantum of a pecuniary penalty under the Act is well established.23 It involves a four step approach based on modifications of the sentencing approach in criminal cases:
(a)assessing the seriousness of the civil liability act to select a starting point by reference to the mandatory considerations in s 90 and aggravating and mitigating factors of the non-compliance;
(b)considering aggravating and mitigating factors of the reporting entity to determine whether these warrant imposition of a higher or lower penalty;
(c)considering a deduction for admission of liability or co-operation with the authorities; and
(d)stepping back and undertaking a totality assessment by looking at the separate breaches to ensure there is no overlap between the penalties imposed for different types of non-compliance, and whether the total penalty imposed fairly and adequately reflects the overall extent of non-compliance.
[33] Counsel also referred to Financial Markets Authority v ANZ Bank New Zealand Ltd,24 where Muir J reviewed the pecuniary penalty decisions imposed under the Act
23 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [88]; Department of Internal Affairs v Qian Duoduo Ltd [2018] NZHC 1887 at [25]; Department of Internal Affairs v Jin Yuan Finance Ltd [2019] NZHC 2510 at [27]; Department of Internal Affairs v OTT Trading Group Ltd [2020] NZHC 1663 at [51]; and Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325, [2021] NZCCLR 16 at [27].
24 Financial Markets Authority v ANZ Bank New Zealand Ltd [2021] NZHC 399, [2021] 16 TCLR 28.
by analogy (in a case under the Financial Markets Conduct Act 2013) and provided a helpful aggregation in percentage terms:25
(a)between 50 and 70 per cent of the available maximum for conduct involving:
(i)“serious, systemic deficiencies in complying with a multiplicity of obligations under the Act” in circumstances showing a disregard of the Act’s requirements.26
(ii)long-term noncompliance with the Act, despite prior oversight and warnings from the Department of Internal Affairs and despite the company having had ample evidence that the transactions’ processed were suspicious.27
(iii)“brazen” contraventions of the enhanced due diligence requirements occurring across a significant volume of transactions.28
(b)between 25 and 33 per cent of the available maximum for conduct involving significant contraventions, but in circumstances which suggested that a defendant had made at least some attempt to comply with their obligations;29 and
(c)between 6 and 11 per cent of the available maximum for conduct involving inadvertent breaches by a company which was unaware that it was substantially noncompliant.30
[34] In CLSA, Edwards J noted that although ANZ involved a different statutory regime, the parties were agreed that Muir J’s summary of the penalty orders made was nevertheless relevant. I agree and, as counsel accepted, see Muir J’s aggregation as a helpful cross-check in relation to totality.
[35]Deterrence is the overriding objective of a pecuniary penalty.31
25 Financial Markets Authority v ANZ Bank New Zealand Ltd [2021] NZHC 399, [2021] 16 TCLR 28 at [80].
26 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [6].
27 See Department of Internal Affairs v Jin Yuan Finance Ltd [2019] NZHC 2510 at [40]-[45].
28 See Department of Internal Affairs v OTT Trading Group Ltd [2020] NZHC 1663 at [70], [105] and [108].
29 At [73].
30 See Department of Internal Affairs v Qian Duoduo Ltd [2018] NZHC 1887 at [65] and [167].
31 Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Ltd [2017] NZHC 2363, [2018] 2 NZLR 552 at [92].
Agreed penalties
[36] The quantum of any pecuniary penalty to be imposed is a matter for the Court, but the task for the Court in cases where a penalty has been agreed between the parties is not to embark on its own enquiry of what would be an appropriate figure but to consider whether the proposed penalty is within the proper range. This is because there is a significant public benefit when reporting entities acknowledge wrongdoing thereby avoiding time consuming costly investigation and/or litigation. The Court should play its part in promoting such resolutions by accepting a penalty within the proposed range.32
Starting point
Failing to conduct customer due diligence
[37] In respect of this breach, the parties propose a starting point of $550,000 (27.5 per cent of the maximum penalty).
[38] It is common ground that the vast majority of Tiger’s customer due diligence failures relate to its obligation to perform enhanced customer due diligence. In respect of 33 sample customers, Tiger failed to conduct compliant customer due diligence in respect of 21 customers. In all but one of these cases, it was required to conduct enhanced customer due diligence. Further, in respect of 18 of these sample customers, Tiger was required to take reasonable steps to determine whether these customers, or their beneficial owners, were politically exposed persons but failed to do so. In one further case, Tiger was required to obtain approval from senior management to continue its relationship with the customer, but failed to do so.
[39] The total value of these transactions in which Tiger failed to conduct enhanced customer due diligence was approximately $56.6 million.
32 Commerce Commission v Alstom Holdings SA [2009] NZCCLR 22 (HC) at [18]. See also Commerce Commission v Kuehne + Nagel International AG [2014] NZHC 705 at [21]; and Financial Markets Authority v ANZ Bank New Zealand Ltd [2021] NZHC 399, [2021] 16 TCLR 28 at [30]-[32].
[40] Tiger acknowledged that its customer due diligence failures extended beyond the sample customers to 3,748 customers, approximately three percent of its customer base. The scope of the transaction activity of these 3,748 customers was not determined and Tiger does not accept that the sample customers are representative. Even so, Tiger’s overall failure to fulfil its customer due diligence obligations was significant.
[41] Several of the transactions involved particularly serious breaches of Tiger’s obligation to conduct enhanced customer due diligence in that they involved customers receiving sums that were disproportionate to their net annual income and net assets. In two cases, the receipts amounted to US$5 million or more.
[42] Tiger’s policies did not comply with the Act as its algorithm used to determine a customer’s risk was flawed and the method for determining whether a person was a politically exposed person was inadequate. The FMA’s sector guidance applicable at the time of the transactions assessed brokers and custodians, such as Tiger, as presenting a “medium-high” risk.
[43] I agree that Tiger’s conduct relevant to this breach is less serious than that in Ping An, Jin Yuan and OTT but more serious than that in QDD. Tiger’s conduct is most comparable to that in CLSA where a starting point of $400,000 was adopted. This case involves a greater number and value of non-compliant transactions and non-compliant policies but without the aggravating feature of executive directors inappropriately involving themselves in compliance matters or evidence that the breach resulted from an attempt to maximise profit at the expense of compliance. There is no allegation that Tiger’s breaches were deliberate. Also, Tiger’s formal warning concerned substantially the same conduct as that involved in this proceeding.
[44] I accept the starting point of $550,000 for Tiger’s failure to conduct customer due diligence.
Failure to terminate existing business relationships
[45] For this breach, the parties propose a starting point of $100,000 (10 per cent of the maximum penalty).
[46] As indicated, Tiger’s failure extended beyond the sample customers to 3,748 customers. Tiger also failed to terminate its relationship with five customers in circumstances where it failed to obtain adequate identification information to determine whether they were politically exposed persons.
[47] The parties agree that this breach and the failure to conduct customer due diligence arise, in part, from the same conduct and that care needs to be taken to avoid double counting. A person may not be required to pay more than one civil penalty in respect of the same or substantially the same conduct.33 However, the nature of each obligation is different, as Edwards J said in CLSA.34 A failure to terminate when required can mean that further transactions are undertaken. Whether the conduct is substantially the same so as to engage the one penalty rule will depend on the specific facts. In CLSA a separate penalty for the failure to terminate was justified but reduced by two-thirds given the interrelationship with the failure to conduct customer due diligence (from $150,000 to $50,000).35
[48] Here, Tiger’s failure to terminate business relationships meant that 10 significant transactions were able to take place. All were suspicious. On this basis, I agree that a separate starting point of $100,000 is appropriate for failing to terminate business relationships. A higher starting point in the region of $300,000 would have been appropriate if this had been a standalone breach.
Failing to report suspicious transactions
[49] For this breach, the parties propose a starting point of $250,000 (12.5 per cent of the notional ceiling).
[50] There were 19 instances of Tiger either making suspicious activity reports out of time or, in relation to 14 of the 19 instances, not making them at all. These failures concerned 18 customers. Of the five suspicious activity reports made, one was 131
33 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 74. See also
Department of Internal Affairs v Jin Yuan Finance Ltd [2019] NZHC 2510 at [40]-[41].
34 Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325, [2021] NZCCLR 16 at [57]-[58].
35 At [59]-[60].
days late, while the remainder were 41, 46, 61 and 73 days late respectively. The total value of the transactions in issue was approximately $60.8 million.
[51] Tiger’s failures were numerous and involved substantial delays albeit there is no allegation that the failures were deliberate or resulted in substantive money laundering or financing of terrorism. As Mr McMullan submitted, however, the reference in s 90(4)(b) to damage to the integrity or reputation of New Zealand’s financial system extends beyond actual money laundering or financing of terrorism.
[52] Again, Tiger’s breach is most comparable to, but more serious than, that in CLSA where a starting point of $200,000 was adopted. That case involved nine failures, three made out of time – two over 100 days late – and six not made at all. However, one failure involved an aggravating factor where an executive director attempted to prevent a report being made.
[53] I accept the starting point of $250,000 for Tiger’s failure to report suspicious transactions.
Failing to keep records
[54] For this breach, the parties propose a starting point of $300,000 (15 per cent of the maximum penalty).
[55] Tiger kept records but was unable to comply with the FMA’s initial deadlines for responding to notices, taking six weeks and nine weeks respectively to provide any records and delivering the responsive documents across multiple tranches. Tiger advised the FMA that vast amounts of its records were stored on servers located overseas and in voluminous logs on either the DingTalk or WeChat platforms. Tiger had to physically courier its data to New Zealand and the subsequent identification and extraction of relevant data was hampered by the way in which Tiger’s data was stored – seemingly with little or no organisation. This is despite the fact that on 30 September 2020, some six months prior to the FMA’s second notice, Tiger had advised the FMA that it had reviewed its record-keeping processes in response to actions required of it in the formal warning. Such review appears to have been ineffective.
[56] As Mr McMullan submitted, reporting entities cannot discharge their record keeping obligations by simply relying on third parties who may host or store their data. In CLSA, Edwards J observed that reporting entities must ensure arrangements with third parties allow them to meet their obligations under the Act.36
[57] Tiger failed to ensure that its records were readily accessible and convertible into written form in English. The FMA acknowledged that part of Tiger’s delay in responding to the notices was attributable to the need to translate documents into English from the Chinese language but submitted, and I agree, that the extent of the delay was not explicable by reference to translation alone. The FMA also acknowledged that some of the delay in responding to the notices may be attributed to requests for material beyond that required to be kept under the Act but submitted the primary reason for Tiger’s delays was that it did not keep the records the Act required it to keep in the manner in which the Act required it to keep them.
[58] Tiger accepted that the way in which it kept its records in respect of the sample customers was representative of the way in which it kept its records in respect of all of its customers before 20 March 2021. Tiger’s customer base grew from 69,705 as at 30 June 2019, to 126,230 as at 30 June 2020 and then to 425,000 as at 30 June 2021. Over the same period, the total number of transactions Tiger processed grew from 296,032 to 5,411,455 to over 17 million. The volume of transactions handled by Tiger reinforces the importance of compliant record keeping.
[59] In CLSA a starting point of $350,000 was adopted where the reporting entity kept some, but not all, records required to be kept under the Act. A lower starting point is appropriate here.
[60] I accept the starting point of $300,000 for Tiger’s failure to keep records in the manner required.
36 Financial Markets Authority v CLSA Premium New Zealand Ltd [2021] NZHC 2325 [2021] NZCCLR 16 at [75].
Aggravating and mitigating factors relevant to Tiger
[61] The parties agree and I accept that there are no aggravating factors applicable to Tiger. The FMA accepts that its formal warning is not a finding by a court that Tiger has engaged in similar conduct. In addition, the formal warning relates to much the same conduct.
[62] In terms of mitigating factors, Tiger does not seek a discrete discount for its lack of a record of non-compliance (akin to previous good character in the criminal sentencing context). However, Mr Irving, for Tiger, did not accept that the approaches taken in Ping An, QDD and OTT preclude such a discount at least in less serious cases and now that there have been a series of cases under the Act over several years. It is unnecessary to decide whether such a discount should be available in other cases. It is common ground that in the circumstances of this case no discrete discount is appropriate. I consider that is correct given that Tiger’s policies did not comply with the Act, which ultimately resulted in the breaches in issue over a substantial period.
[63] In relation to Tiger’s admissions and co-operation, the FMA acknowledged that there should be a discount. The parties agree that a 25 per cent discount is appropriate. Given the 23 per cent and 25 per cent discounts in CLSA and TSB respectively, and Tiger’s co-operation in relation to the quantum of penalty as well as admission of breaches, I agree that a 25 per cent discount is appropriate.
[64] Tiger does not seek a further discount for the steps it has taken since the formal warning. As Mr McMullan submitted, those steps are commendable but simply reflect the Act’s requirements of compliant reporting entities and do not entitle the reporting entity to a reduction. I acknowledge Mr Dilly’s evidence in respect of his 2021 audit, subsequent to the breaches, that Tiger’s AML/CFT documentation was among the best he had reviewed, but I agree that such compliance does not entitle Tiger to a further discount.
Totality
[65]The parties’ proposed aggregate starting point for Tiger’s four breaches is
$1.2 million.
[66] The parties submitted that Tiger’s breaches fall between the second and third categories of conduct referred to in ANZ,37 involving respectively a combination of significant contraventions but in circumstances where Tiger made some attempt to comply, and inadvertent breaches with an unawareness of substantial non-compliance.
$1.2 million is approximately 17 per cent of the maximum $7 million, which (before and after discount for admissions) falls between the second and third categories of conduct referred to in ANZ.38
[67] The parties agree that no further reduction in starting point is needed for totality. The aggregate starting point already accounts for overlap in Tiger’s breaches and ensures there is no double counting. I agree that a starting point of $1.2 million is appropriate having regard to the other cases, particularly the starting point of
$1 million in CLSA, the fact that Tiger has already been publicly censored by the formal warning for much the same conduct, and the importance of deterring non- compliance with the Act’s AML/CFT requirements.
[68]A 25 per cent discount reduces the aggregate starting point of $1.2 million to
$900,000. I am satisfied that this recommended penalty is in the appropriate range.
Confidentiality
[69] I made interim orders suppressing details relating to Tiger’s customers and restricting access to the Court file without leave on 16 March 2023. Tiger seeks, and the FMA does not oppose, permanent orders to that effect. I am satisfied that such orders are appropriate. The customers are not parties or witnesses in the proceeding. There has been no need to identify them in this judgment. While the principle of open justice applies with force to Tiger, it has much less application to the customers. The balance favours suppression. Tiger owes confidentiality obligations to the customers who would likely be adversely affected if their details were disclosed. Further, ss 46 and 47 of the Act are engaged in relation to suspicious activity reports and there is no legitimate public interest in their public disclosure beyond the terms of this judgment.
37 Financial Markets Authority v ANZ Bank New Zealand Ltd [2021] NZHC 399, [2021] 16 TCLR 28 at [80](b) and (c), see above at [33].
38 After discount, the percentage is just below 13 per cent.
Result
[70] I enter judgment against Tiger on the FMA’s four causes of action pleaded, by consent, and order Tiger to pay a pecuniary penalty of $900,000.
[71]The FMA is entitled to costs on a 2B basis.
[72]I make permanent orders:
(a)suppressing the names of the customers of Tiger referred to in the statement of claim dated 21 December 2022, the name(s) of any person associated with a customer, and any other information that relates to specific customers or might identify the customers (or persons associated with them), including (but not limited to) their occupation(s), the nature of their business(es) and their transactional activity; and
(b)that the Court file is not to be searched, inspected or copied without leave of this Court.
Gault J
5
7
1