Financial Conduct Authority

FINAL NOTICE To: SUNRISE BROKERS LLP Firm Reference Number: 208265 Address: 5 Churchill Place, London, E14 5RD Date 12 November 2021 1. ACTION 1.1 For the reasons given in this Final Notice, pursuant to section 206 of the Financial Services and Markets Act 2000 (“the Act”), the Financial Conduct Authority (“the Authority”) hereby imposes on Sunrise Brokers LLP (“Sunrise” or “the Firm”), a financial penalty of £642,400 of which £407,273 is disgorgement. 1.2 Sunrise agreed to resolve this matter and qualified for a 30% (stage 1) discount under the Authority’s executive settlement procedures. Were it not for this discount, the Authority would have imposed a financial penalty of £743,200 on Sunrise. 2. SUMMARY OF REASONS 2.1 Fighting financial crime is an issue of international importance, and forms part of the Authority’s operational objective of protecting and enhancing the integrity of the UK financial system. Authorised firms are at risk of being abused by those seeking to conduct financial crime, such as fraudulent trading and money laundering. It is therefore imperative that firms have in place effective systems and 1 controls to identify and mitigate the risk of their businesses being used for such purposes, and that they act with due skill, care and diligence to adhere to the systems and controls that they have put in place, in order to properly assess, monitor and manage the risk of financial crime. 2.2 Between 17 February 2015 and 4 November 2015 (the “Relevant Period”), Sunrise: a) had inadequate systems and controls to identify and mitigate the risk of being used to facilitate fraudulent trading and money laundering in relation to business introduced by four authorised entities known as the Solo Group, thereby breaching Principle 3; and b) did not exercise due skill, care and diligence in applying its AML policies and procedures and in failing to properly assess, monitor and mitigate the risk of it being used to facilitate financial crime in relation to the Solo Trading, the Elysium payment and the German trade (together “the Solo Group business”), thereby breaching Principle 2. 2.3 The Solo Clients were off-shore companies, including Malaysian incorporated entities and a number of individual US 401(k) Pension Plans, previously unknown to Sunrise. They were introduced by the Solo Group, which purported to provide clearing and settlement services as Custodian to clients within a closed network, via a custom over the counter (“OTC”) trading and settlement platform known as Brokermesh. The Solo Clients were controlled by a small number of individuals, some of whom had worked for the Solo Group, without apparent access to sufficient funds to settle the transactions. 2.4 During the Relevant Period, on behalf of the Solo Clients, Sunrise executed purported OTC equity Cum-Dividend Trades to the value of approximately £25.4 billion in Danish equities and £11.2 billion in Belgian equities, and received commission of £466,652 during the Relevant Period. 2.5 The Solo Trading was characterised by a purported circular pattern of extremely high value OTC equity trading, back-to-back securities lending arrangements and forward transactions, involving EU equities on or around the last day of cumdividend. Following the purported Cum-Dividend Trading that took place on designated days, the same trades were subsequently reversed over several days or weeks to neutralise the apparent shareholding positions (the “Unwind Trading”). 2 2.6 The purported OTC trades executed by Sunrise on Brokermesh did not have access to liquidity from public exchanges, yet the purported trades were filled within a matter of minutes, almost invariably, and represented up to 20% of the shares outstanding in companies listed on the Danish stock exchange, and up to 9.6% of the equivalent Belgian stocks. The volumes also equated to an average of 36 times and 22 times the volume of all Danish and Belgian stocks respectively, traded on European exchanges, on the relevant last cum dividend trading date. 2.7 The Authority’s investigation and conclusions in respect of the purported trading are based on a range of information including, in part, analysis of transaction reporting data, material received from Sunrise, the Solo Group, and five other Broker Firms that participated in the Solo Trading. The combined volume of the purported Cum-Dividend Trading across the six Broker Firms was between 15%- 61% of the shares outstanding in the Danish stocks traded and between 7%-30% of the shares outstanding in the Belgian stocks traded. These volumes are considered implausible, especially in circumstances where there is an obligation to publicise holders of over 5% of Danish and Belgian listed stocks. 2.8 As a broker for the equity trades, Sunrise executed the purported Cum-Dividend Trading and the purported Unwind Trading. However, the FCA believes it unlikely that Sunrise would have executed both the purported Cum-Dividend Trades and purported Unwind Trades for the same Solo Client in the same stock in the same size trades, and therefore it is likely Sunrise only saw one side of the purported trading. Additionally, the FCA considers that purported stock loans and forwards linked to the Solo Trading are likely to have been used to obfuscate and/or give apparent legitimacy to the overall scheme. Although there is evidence that Sunrise was aware of the purported stock loans and forwards, these trades were not executed by Sunrise. 2.9 The purpose of the purported trading was so the Solo Group could arrange for Dividend Credit Advice Slips (“DCAS”) to be created, which purported to show that the Solo Clients held the relevant shares on the record date for dividend. The DCAS were in some cases then used to make Withholding Tax (“WHT”) reclaims from the tax agencies in Denmark and Belgium pursuant to Double Taxation Treaties. In 2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are attributable to the Solo Group, were approximately £899.27 million and £188.00 million respectively. In 2014 and 2015, of the reclaims made, the Danish and 3 Belgian tax authorities paid approximately £845.90 million and £42.33 million respectively. 2.10 The Authority refers to the Solo Trading as ‘purported’ as it has found no evidence of ownership of the shares by the Solo Clients, nor custody of the shares or settlement of the trades by the Solo Group. This, coupled with the high volumes of shares purported to have been traded, is highly suggestive of sophisticated financial crime. 2.11 Sunrise staff had in place inadequate systems and controls to identify and mitigate the risk of being used to facilitate fraudulent trading and money laundering in relation to business introduced by the Solo Group. In addition, Sunrise staff did not exercise due skill, care and diligence in applying AML policies and procedures and in failing properly to assess, monitor and mitigate the risk of financial crime in relation to the Solo Clients and the purported trading. 2.12 Sunrise did not have policies and procedures in place to assess properly the risks of the Solo Group business, and failed to appreciate the risks involved in the Solo Trading. This resulted in inadequate CDD being conducted and a failure to adequately monitor transactions and to identify unusual transactions. This heightened the risk that the Firm could be used for the purposes of facilitating financial crime in relation to the Solo Trading. 2.13 The manner in which the Solo Trading was conducted, combined with its scale and volume is highly suggestive of financial crime. The Authority’s findings are also made in the context of this finding and in consideration that these matters have given rise to additional investigations by tax agencies and/or law enforcement agencies in other jurisdictions as has been publicly reported. Whilst the alleged underlying misconduct of the Solo Group has not to date resulted in any determination of fraud, investigations by tax agencies and/or law enforcement agencies are on-going in other jurisdictions. Other significant transactions and visits by the Authority 2.14 In addition to the Solo Trading, Sunrise ignored or failed to notice a series of red flags in relation to a trade in a German stock it executed on behalf of a broker client on 3 September 2015. The circumstances of the onboarding and trading relating to that broker client ought to have prompted Sunrise to consider the serious financial 4 crime risks this trade posed, particularly given it was executed at nearly twice the prevailing market value of the stock. 2.15 Sunrise also accepted a payment on 4 November 2015 from a UAE-based entity connected to the Solo Group called Elysium. This payment was provided by Elysium in respect of some outstanding debts owed to the Firm by Solo Clients. After receiving an offer for payment via the Solo Group, Sunrise accepted a payment of USD 108,000 from Elysium without having heard of the entity before and without conducting any AML checks or having any agreement in place. Sunrise accepted this payment from Elysium the same day the Authority conducted an unannounced visit alerting Sunrise to possible issues within the Solo Group. 2.16 In neither instance did Sunrise identify or escalate any potential financial crime concerns or suspicions. 2.17 The Authority had also visited Sunrise in November 2014, shortly prior to the commencement of the Solo Trading, as part of its work to raise standards in the brokerage sector. The Authority assessed the Firm’s AML, KYC and market abuse detection arrangements and put Sunrise on notice that its financial crime and AML controls were weaker than required. After the visit, the Authority notified Sunrise of a number of areas of concern and in response, Sunrise provided a work programme which included a review of its AML and KYC framework to be completed by July 2015. Sunrise failed to carry out any in-depth review of its financial crime risk controls until April 2016. The commission of this review was driven by commercial considerations as Sunrise was engaging in acquisition discussions with a potential buyer. Breaches and failings 2.18 Principle 3 requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. The Authority considers that Sunrise breached this requirement during the Relevant Period as its policies and procedures were inadequate for identifying, assessing and mitigating the risk of financial crime as Sunrise failed to: a) provide adequate guidance on obtaining and assessing adequate information when onboarding clients, with reference to the purpose and intended nature of the business relationship, the anticipated level and 5 nature of activity to be undertaken and when it would be appropriate to enquire as to the source of funds; b) provide adequate guidance on carrying out risk assessments for clients including the relevant risk factors to be taken into account in order to determine the correct level of CDD to be applied, including whether EDD was warranted; c) set out adequate processes or procedures detailing how to conduct EDD, including enhanced monitoring requirements for higher risk clients; d) provide adequate guidance on its risk-based approach for conducting CDD on new clients introduced by authorised firms, where reliance may be placed upon KYC documents provided by the authorised firms for the new clients and detailing the circumstances when it was appropriate to do so; e) set out any formal processes or procedures detailing how and/or specify the circumstances in and frequency with which Sunrise should monitor and document customer transaction activity, throughout the course of its relationship with the Firm, in order to assess financial crime and AML risks; and f) set out escalation procedures in identifying, managing and documenting financial crime and AML risks. 2.19 The Authority considers that during the Relevant Period, Sunrise failed to act with due skill, care and diligence as required by Principle 2 in applying its own (limited) AML policies and procedures and in assessing, monitoring and managing the risks of financial crime it was exposed to in respect of Solo Group business. In particular Sunrise failed to: a) act promptly in implementing a work programme to address identified deficiencies within its Compliance function following a visit from the Authority in November 2014; b) conduct adequate risk assessments or adequate due diligence when taking on the Solo Group business which meant they failed to be identified properly as high risk clients; 6 c) carry out adequate CDD when onboarding each Solo Client including the purpose and intended nature of the business relationship, the anticipated level and nature of activity to be undertaken, and the source of funds and/or trading history, in order to provide a meaningful basis for transaction monitoring; d) conduct a risk assessment for each of the Solo Clients, as required by the Compliance Documents, and consequently failed to identify that the Solo Clients presented a higher risk of financial crime and that EDD ought to have been completed; e) conduct any EDD on the Solo Clients that presented a higher risk of money laundering and subsequently failed to identify what EDD measures might have been appropriate for the ongoing monitoring of the Solo Clients; f) assess each of the Solo Clients according to categorisation criteria set out in COBS 3.5.3 and/or failed to record results of such assessments, including sufficient information to support the categorisation, contrary to COBS 3.8.2R(2)(a); g) follow its own compliance policy in that Sunrise started trading on behalf of the Solo Clients before they had been onboarded; h) conduct any ongoing transaction monitoring of the Solo Trading throughout the Relevant Period; i) recognise numerous red flags with the purported Solo Trading including that Sunrise did not consider whether it was plausible and/or realistic that sufficient liquidity was sourced within a closed network of entities for the scale and volumes of trading conducted by the Solo Clients. Likewise, failing to consider or recognise that the profiles of the Solo Clients meant that they were highly unlikely to meet the scale and volume of the trading purportedly being carried out, and/or failing to at least obtain sufficient evidence of the clients’ source of funds to satisfy itself to the contrary; j) adequately consider financial crime and money laundering risks in respect of the German trade, in circumstances which were highly suggestive of potential financial crime; 7 k) adequately consider associated financial crime and money laundering risks posed in respect of the Elysium payment whereby the Firm accepted a payment of approximately USD 108,000 from Elysium without any due diligence or agreement in place and shortly after the Authority had conducted an unannounced visit alerting Sunrise to its concerns with the Solo Group; and l) make and keep adequate, or in some cases any, written records as evidence of work it may have undertaken specifically relating to the consideration and discussion of financial crime and AML matters by Sunrise management. 2.20 Sunrise’s failings merit the imposition of a significant financial penalty. The Authority considers the failings to be particularly serious for the following reasons: 1. Sunrise onboarded 142 Solo Clients over a short time period, some of which emanated from jurisdictions which did not have AML requirements equivalent to those in the UK; 2. Sunrise’s AML policies and procedures were not proportionate to the risks in the business that it was undertaking; 3. Sunrise failed to properly review and analyse the KYC materials that were provided by the Solo Clients or ask appropriate follow up questions to red flags in the KYC materials; 4. Even after a number of red flags appeared, Sunrise failed to conduct any ongoing monitoring, allowing the Solo Clients to purportedly trade equities totalling approximately £36.6 billion; 5. Sunrise was put on notice following the Authority’s visit in November 2014 that its financial crime and AML controls were weaker than required. However, Sunrise failed to improve and apply appropriate AML systems and controls and onboarded the Solo Clients in the same month it represented to the Authority it was compliant; 6. Sunrise executed a trade in a German equity, which was nearly twice that of the prevailing share price, while ignoring numerous red flags that were highly suggestive of financial crime risk; 8 7. Sunrise accepted a payment from Elysium after being alerted to the Authority’s concerns regarding the Solo Group by an unannounced visit by the Authority on 4 November 2015; and 8. Finally, none of these failings were identified or escalated by Sunrise during the Relevant Period. 2.21 Taken together, these failings exposed Sunrise to unacceptable financial crime risks. Accordingly, to further the Authority’s operational objective of protecting and enhancing the integrity of the UK financial system, the Authority hereby imposes on Sunrise a financial penalty of £642,400. 3. DEFINITIONS 3.1 The following definitions are used in this Notice: “401(k) Pension Plan” means an employer-sponsored retirement plan in the United States. Eligible employees may make pre-tax contributions to the plan but are taxed on withdrawals from the account. A Roth 401(k) plan is similar in nature; however, contributions are made post-tax although withdrawals are tax-free. For the 2014 tax year, the annual contribution limit was $17,500 for an employee, plus an additional $5,500 catch-up contribution for those aged 50 and over. For the tax year 2015, the contribution limits were $18,000 for an employee and the catch-up contribution was $6,000. For a more detailed analysis, please see Annex C; “2007 Regulations” or “Regulation” means the Money Laundering Regulations 2007 or a specific regulation therein; “the Act” means the Financial Services and Markets Act 2000; “AML” means Anti-Money Laundering; “AML Certificate” means an AML introduction form which is supplied by one authorised firm to another. The form confirms that a regulated firm has carried out CDD obligations in relation to a client and authorises another regulated firm to place reliance on it in accordance with Regulation 17; “Authority” or “FCA” means the Financial Conduct Authority, known prior to 1 April 2013 as the Financial Services Authority; 9 “Broker Firms” means the other broker firms who agreed with the Solo Group to carry out the Solo Trading; “Brokermesh” means the bespoke electronic platform set up by the Solo Group for the Solo Clients to submit orders to buy or sell cash equities, and for Sunrise and the Broker Firms to seek liquidity and execute the purported trading; “CDD” means customer due diligence measures, the measures a firm must take to identify each customer and verify their identity and to obtain information on the purpose and intended nature of the business relationship, as required by Regulation 5; “Clearing broker” means an intermediary with responsibility to reconcile trade orders between transacting parties. Typically, the Clearing broker validates the availability of the appropriate funds, ensures the delivery of the securities in exchange for cash as agreed at the point the trade was executed, and records the transfer; “COBS” means the Authority’s Conduct of Business Sourcebook; “Compliance Documents” means Risk-based Client Take-on Procedures for Business Units v1, dated 28 April 2015; Risk-based Client Take-On Procedures for Business Units, v2, dated 27 April 2015; Anti-money laundering policy v3, dated 22 January 2014; “Compliance Manual V2.doc” or Compliance Manual dated December 2013; Introduction Certificate form dated 28 April 2015; “Cum-Dividend” means when a buyer of a security is entitled to receive the next dividend scheduled for distribution, which has been declared but not paid. A stock trades cum-dividend up until the ex-dividend date, after which the stock trades without its dividend rights; “Cum-Dividend Trading” means the purported trading that the Solo Clients conducted where the shares are cum-dividend in order to demonstrate apparent shareholding positions that would be entitled to receive dividends, for the purposes of submitting WHT reclaims; “Custodian” means a financial institution that holds customers’ securities for safekeeping. They also offer other services such as account administration, 10 transaction settlements, the collection of dividends and interest payments, tax support and foreign exchange; “DCAS” means Dividend Credit Advice Slips. These are completed and submitted to overseas tax authorities in order to reclaim the tax paid on dividends received; “DEPP” means the Authority’s Decision Procedure and Penalties Manual; “Dividend Arbitrage” means the practice of placing shares in an alternative tax jurisdiction around dividend dates with the aim of minimising Withholding Taxes (WHT) or generating WHT reclaims. Dividend Arbitrage may include several different activities including trading and lending equities and trading derivatives, including futures and total return swaps, designed to hedge movements in the price of the securities over the dividend dates; “Double Taxation Treaty” means a treaty entered into between the country where the income is paid and the country of residence of the recipient. Double Taxation Treaties may allow for a reduction or rebate of the applicable WHT; “EDD” means enhanced due diligence, the measures a firm must take in certain situations, as outlined in Regulation 14; “Elysium” means Elysium Global (Dubai) Limited; “Elysium payment” means the c. USD 108,000 payment received by Sunrise from Elysium on 4 November 2015 in relation to debts owed by the Solo Clients to Sunrise; “Executing broker” means a broker that merely buys and sells shares on behalf of clients. The broker does not give advice to clients on when to buy or sell shares; “European exchanges” means registered execution venues, including regulated markets, multilateral trading facilities, organised trading facilities and alternative trading systems encapsulated in Bloomberg’s European Composite; “Financial Crime Guide” means the Authority’s consolidated guidance on financial crime, which is published under the name “Financial crime: a guide for firms”. In this Notice, the applicable versions for the Relevant Period were published in January 2015 (incorporating updates which came into effect on 1 June 2014) and April 2015. The Financial Crime Guide contains “general guidance” as defined in 11 section 139B FSMA. The guidance is not binding and the Authority will not presume that a firm’s departure from the guidance indicates that it has breached the Authority’s rules. But as stated in FCG 1.1.8, the Authority expect firms to be aware of the Financial Crime Guide where it applies to them, and to consider applicable guidance when establishing, implementing and maintaining their anti-financial crime systems and controls; “German trade” means the EUR 5 million ‘buy’ order executed by Sunrise on behalf of a broker client (“Client X”) of 146,397 shares in a German stock on 3 September 2015 at a specified intraday price of EUR 34.15; “Handbook” means the collection of regulatory rules, manuals and guidance issued by the Authority as in force during the Relevant Period; “JMLSG” means the Joint Money Laundering Steering Group, which is comprised of leading UK trade associations in the financial services sector; “JMLSG Guidance” means the ‘Prevention of money laundering/combating terrorist finance guidance for the UK financial sector’ issued by the JMLSG, which has been approved by a Treasury Minister in compliance with the legal requirements in the 2007 Regulations. The JMLSG Guidance sets out good practice for the UK financial services sector on the prevention of money laundering and combating terrorist financing. In this Notice, applicable provisions from the version dated on 19 November 2014 have been referred to; The Authority will have regard to whether firms have followed the relevant provisions of the JMLSG Guidance when deciding whether a breach of its rules on systems and controls against money laundering has occurred, and in considering whether to take action for a financial penalty or censure in respect of a breach of those rules (SYSC 3.2.6E and DEPP 6.2.3G); “KYC” means Know Your Customer, which refers to CDD and EDD obligations; “KYC pack” means the bundle of client identity information received, which usually included incorporation documents, certified copies of identity documents, utility bills and CVs; “MLRO” means Money Laundering Reporting Officer; 12 “OTC” means over the counter trading which does not take place on a regulated exchange; “Principles” means the Authority’s Principles for Businesses as set out in the Handbook; “Relevant Period” means the period from 17 February 2015 to 4 November 2015; “SCP” means Solo Capital Partners LLP; “Solo Clients” means the entities introduced by the Solo Group to Sunrise and the other brokers, and on whose behalf Sunrise executed purported equity trades for some of the clients during the Relevant Period; “Solo Group” or “Solo” means the four authorised firms owned by Sanjay Shah, a British national residing in Dubai, details of which are set out in paragraph 4.19; “Solo Group business” means the Solo Trading, the German trade and the Elysium payment; “Solo Trading” means the purported Cum-Dividend Trading and the purported Unwind Trading executed for Solo Clients during the Relevant Period; “Sunrise” means Sunrise Brokers LLP; “Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); “UBO” means ultimate beneficial owner with “beneficial owner” being defined in Regulation 6; “Unwind Trading” means purported trading that took place over several days or weeks to reverse the purported Cum-Dividend Trading to neutralise the apparent shareholding positions; “Withholding Tax” or “WHT” means a levy deducted at source from income and passed to the government by the entity paying it. Many securities pay periodic income in the form of dividends or interest, and local tax regulations often impose a WHT on such income; and “Withholding Tax Reclaims” means in certain cases where WHT is levied on payments to a foreign entity, the WHT may be reclaimed if there is a Double 13 Taxation Treaty between the country in which the income is paid and the country of residence of the recipient. Double Taxation Treaties may allow for a reduction or rebate of the applicable WHT. 4. FACTS AND MATTERS Background Sunrise 4.1 Sunrise is an interdealer broker and during the Relevant Period, primarily facilitated trades between counterparties for listed and OTC derivative products, typically for well-established listed companies, international investment banks, hedge funds and asset managers. 4.2 Sunrise offered brokerage services in equity, exotic equity, credit, hybrid and commodity derivatives across multiple asset classes; bonds and execution services in cash equities. Sunrise did not have permissions to take positions, to trade on its own account nor to hold any client money. Sunrise was authorised to trade for and advise eligible counterparty and professional clients in a range of investment types but not to trade for nor advise retail clients. During the Relevant Period, Sunrise employed approximately 100 staff in its London office. Sunrise’s Negligence 4.3 Sunrise staff had in place inadequate systems and controls to identify and mitigate the risk of being used to facilitate fraudulent trading and money laundering in relation to business introduced by four authorised entities known as the Solo Group. In addition, Sunrise staff did not exercise due skill, care and diligence in applying AML policies and procedures and in failing to properly assess, monitor and mitigate the risk of financial crime in relation to the Solo Group business. Statutory and Regulatory Provisions 4.4 The statutory and regulatory provisions relevant to this Warning Notice are set out in Annex B. 4.5 Principle 3 requires firms to take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems. The 2007 Regulations and rules in the Authority’s Handbook further require firms to 14 create and implement policies and procedures to prevent and detect money laundering, and to counter the risk of being used to facilitate financial crime. These include systems and controls to identify, assess and monitor money laundering risk, as well as conducting CDD and ongoing monitoring of business relationships and transactions. 4.6 Principle 2 requires firms to conduct their businesses with due skill, care and diligence. A firm merely having systems and controls as required by Principle 3 is not sufficient to avoid the ever-present financial crime risk. A firm must also operate those systems and controls with due skill, care and diligence as required by Principle 2 to protect itself, and properly assess, monitor and manage the risk of financial crime. 4.7 Money laundering is not a victimless crime. It is used to fund terrorists, drug dealers and people traffickers as well as numerous other crimes. If firms fail to apply money laundering systems and controls thoughtfully and diligently, they risk facilitating these crimes. 4.8 As a result, money laundering risk must be taken into account by firms as part of their day-to-day operations, including in relation to the development of new products, the taking on of new clients and changes in its business profile. In doing so, firms should take account of their customer, product and activity profiles and the complexity and volume of their transactions. 4.9 The Joint Money Laundering Steering Group (“JMLSG”) has published detailed guidance with the aim of promoting good practice, and giving practical assistance in interpreting the 2007 Regulations and evolving practice within the financial services industry. When considering whether a breach of its rules on systems and controls against money laundering has occurred, the Authority will have regard to whether a firm has followed the relevant provisions in the JMLSG Guidance. 4.10 Substantial guidance for firms has also been published by the Authority regarding the importance of AML controls, in the form of its Financial Crime Guide, which cites examples of good and bad practice, publications of AML thematic reviews and regulatory notices. 15 Authority visit to Sunrise in November 2014 4.11 The Authority visited Sunrise on 25 November 2014. The Authority “identified areas that require the firm’s attention” regarding the effectiveness of Sunrise’s AML/KYC arrangements, and market abuse controls. These areas were set out in a follow-up letter to Sunrise dated 23 December 2014. This was before Sunrise had been approached by Solo to take on the Solo Clients or changed their business to incorporate the Brokermesh activity. 4.12 The key issues the Authority identified regarding the effectiveness of Sunrise’s AML/KYC arrangements included that: 1) “the apparent lack of Compliance resource appeared to have impinged on the Firm’s ability to properly implement controls” concerning money laundering; 2) “there appears to be a need to formalise the whole AML and KYC process. For example, the risk scoring methodology does not appear to be clearly documented, and it was unclear whether clients had been assigned a specific risk rating”; 3) It “did not appear that higher risk clients were subject to transaction monitoring checks”; 4) the Authority was “unable to establish the firm’s formal stance on the key AML risks”; 5) “formal AML/KYC information is not regularly reported to the Board”; and 6) Sunrise’s Compliance Officer “is the source of a lot of information regarding process and decision making, which … represents an increasing key-man risk”. 4.13 The key issues regarding the effectiveness of Sunrise’s market abuse controls included that: 1) “it appeared there [was] no current timetable for market abuse training in operation”; and 16 2) The FCA staff “were informed that the firm utilises an automated monitoring system that screens all transactions. However it is not clear to us the parameters of [this] system are fully understood by the firm. For example, it was known whether the system covers all products brokered, identifies unusual trading patterns … the degree to which it has been implemented and targeted based on key risks remains unclear”. 4.14 In its follow-up letter, the Authority informed Sunrise that it expected Sunrise to set out a work programme to set out the issues addressed which was to cover (among other things): 1) formalising and documenting its AML/KYC approach, setting out clearly its risk-based approach to client take-on/review and transaction monitoring and presenting a formal MLRO report to senior management; 2) assessing and addressing gaps in the market abuse training programme; and 3) reviewing “pertinent risks that are inherent in the business model” and ensuring “appropriate transaction monitoring systems and controls are in place to comply with the STR regime”. 4.15 On 30 March 2015, after onboarding of the Solo Clients had begun and in response to the Authority’s visit, Sunrise sent the FCA a work schedule, stating (among other things) that: 1) additional resource had been added to the Compliance department and further additional resources would be added as required; and 2) its work programmes around the effectiveness of: a. AML/KYC arrangements would be completed by end of July 2015; and b. market abuse controls would be completed by end of May 2015. 4.16 Sunrise considered that its Compliance function required some administrative support, but other than that it was adequate. Sunrise said the key area for improvement they identified from the Authority’s visit was that it needed to hire 17 extra resource for the Compliance function, mainly to provide additional administrative support and improve Compliance’s approach to documentation. Sunrise did not interpret from the Authority’s visit that its approach to client onboarding (including risk assessments and KYC) was deficient. Sunrise did not consider from their conversations with the Authority that there was any particular urgency to address the matters raised but did treat the recruitment of someone to assist with the administration aspects of compliance as something that they should action promptly. 4.17 Sunrise stated that it was “at the end of 2015” (i.e. after the Authority’s unannounced visit) that the Firm realised not everything in the Authority’s letter had been addressed nor had the work schedule been carried out in a timely manner. This coincided with Sunrise’s discussions about a potential takeover of their company by another firm. 4.18 In April 2016, Sunrise instructed an external compliance consultant to carry out an independent review of its Compliance documentation. The prospect of the takeover was the main driver for seeking external compliance support and not the Authority’s visit and follow-up letter (although this letter was used to inform how Sunrise approached the independent review). The Solo Group 4.19 The four authorised firms referred to by the Authority as the Solo Group were owned by Sanjay Shah, a British national currently based in Dubai:  Solo Capital Partners LLP (“SCP”) was first authorised in March 2012 and was a broker.  West Point Derivatives Ltd was first authorised in July 2005 and was a broker in the derivatives market.  Old Park Lane Capital Ltd was first authorised in April 2008 and was an agency stockbroker and corporate broker.  Telesto Markets LLP was first authorised on 27 August 2014 and was a wholesale custody bank and fund administrator. 4.20 During the Relevant Period, SCP and others in the Solo Group at various stages, held regulatory permissions to provide custody and clearing services. The Solo 18 Group has not been permitted to carry out any activities regulated by the Authority since December 2015 and Solo Capital Partners formally entered Special Administration insolvency proceedings in September 2016. The other three entities are in administration proceedings. Background of Dividend Arbitrage and the Purported Solo Trading Dividend Arbitrage Trading 4.21 The aim of Dividend Arbitrage is to place shares in certain tax jurisdictions around dividend dates, with the aim of minimising Withholding Taxes (WHT) or to generate WHT reclaims. WHT is a levy deducted at source from dividend payments made to shareholders. 4.22 If the beneficial owner is based outside of the country of issue of the shares, they may be entitled to reclaim that tax if the country of issue has a relevant treaty (a “Double Taxation Treaty”) with the country of residence of the beneficial owner. Accordingly, Dividend Arbitrage aims at transferring the beneficial ownership of shares temporarily overseas, in sync with the dates upon which dividends become payable, in order that the criteria for making a Withholding Tax reclaim are fulfilled. 4.23 As the strategy is one of temporary transfer only, it is often executed using ‘stock lending’ transactions. While such transactions are structured economically as loans, the entitlement to a tax rebate depends on actual transfer of title. The legal structure of the ‘loan’ is therefore a sale of the shares, on condition that the borrower is obliged to supply equivalent shares to the lender at a specified future date. 4.24 Dividend Arbitrage may give rise to significant market risk for either party as the shares may rise or fall in value during the life cycle of the loan. In order to mitigate this, the strategy will often include a series of derivative transactions, which hedge this market exposure. 4.25 A key role of the share Custodian in connection with Dividend Arbitrage strategies is to issue a voucher to the beneficial owner which certifies such ownership on the date on which the entitlement to a dividend arose. The voucher will also specify the amount of the dividend and the sum withheld at source. This is sometimes known as a ‘Dividend Credit Advice Slip’ or ‘Credit Advice Note’. The purpose of the voucher is for the beneficial owner to produce it to the relevant tax authority to reclaim the 19 Withholding Tax (assuming the existence of a relevant Double Taxation Treaty). The voucher generally certifies that (i) the shareholder was the beneficial owner of the share at the relevant time, (ii) the shareholder had received the dividend, (iii) the amount of the dividend, and (iv) the amount of tax withheld from the dividend. 4.26 Given the nature of Dividend Arbitrage trading, the costs of executing the strategy will usually be commercially justifiable only if large quantities of shares are traded. The Purported Solo Trading 4.27 The Authority’s investigation and understanding of the purported trading in this case is based, in part, on analysis of transaction reporting data and material received from Sunrise, the Solo Group, and five other Broker Firms that participated in the Solo Trading. The Solo Trading was characterised by a circular pattern of extremely large-scale purported OTC equity trading, back-to-back securities lending arrangements and forward transactions. 4.28 The Solo Trading can be broken into two phases: (i) purported trading conducted when shares were cum-dividend in order to demonstrate apparent shareholding positions that would be entitled to receive dividends, for the purposes of submitting WHT reclaims (“Cum-Dividend Trading”); and (ii) the purported trading conducted when shares were ex-dividend, in relation to the scheduled dividend distribution event which followed the Cum-Dividend Trading, in order to reverse the apparent shareholding positions taken by the Solo Group clients during Cum-Dividend Trading (“Unwind Trading”). 4.29 The combined volume of the purported Cum-Dividend Trading across the six Broker Firms were between 15% and 61% of the shares outstanding in the Danish stocks traded, and between 7% and 30% of the shares outstanding in the Belgian stocks traded. 4.30 As a broker for the Solo Trading, Sunrise executed the purported Cum-Dividend Trading and the purported Unwind Trading. However, the FCA believes it unlikely that Sunrise would have executed both the purported Cum-Dividend Trade and purported Unwind Trades for the same client in the same stock in the same size trades and therefore it is likely Sunrise only saw one side of the Solo Trading. 20 Additionally, the FCA considers that purported stock loans and forwards linked to the Solo Trading are likely to have been used to obfuscate and/or give apparent legitimacy to the overall scheme. Although there is evidence that Sunrise was aware of the purported stock loans and forwards, these trades were not executed by Sunrise. 4.31 The purpose of the purported Solo Trading was to enable the Solo Group to arrange for DCAS to be created, which purported to show that the Solo Clients held the relevant shares on the record date for dividend. The DCAS were in some cases then used to make WHT reclaims from the tax agencies in Denmark and Belgium, pursuant to Double Taxation Treaties. In 2014 and 2015, the value of Danish and Belgian WHT reclaims made, which are attributable to the Solo Group, was approximately £899.27 million and £188.00 million respectively. In 2014 and 2015, of the WHT reclaims made, the Danish and Belgian tax authorities paid approximately £845.90 million and £42.33 million respectively. 4.32 The Authority refers to the trading as ‘purported’ as it has found no evidence of ownership of the shares by the Solo Clients, or custody of the shares and settlement of the trades by the Solo Group. Sunrise’s introduction of the Solo Group Business 4.33 In October 2014, the Solo Group approached Sunrise with a business proposal to join a bespoke trading platform called Brokermesh, whereby Sunrise would be executing equity trades for “several hundred fund customers” and the Solo Group would provide custody and clearing services for all trades on the platform. This proposal was particularly attractive to Sunrise as it had not been able to find an entity to provide clearing services and additionally would bring in some work to an area of the Firm which was not bringing in any revenue. According to a staff member at Sunrise, Solo’s proposal “offered us, you know, a solution in terms of bringing some revenue in instead of … us sitting there earning nothing, I mean, literally absolutely nothing and doing nothing every single day”. 4.34 In short, the relevant area of business was largely (if not wholly) reliant on the business from the Solo Group. As a consequence, there was considerable commercial pressure to bring in revenue to the relevant desk. In these circumstances, Sunrise should have been cognisant of the conflict of interests arising from the absence of revenue in particular areas against the need to ensure 21 that potential business introduced was appropriate for the Firm and in line with the Firm’s regulatory obligations and relevant policies. 4.35 Sunrise and the Solo Group representatives met to discuss the proposal on two occasions (30 October 2014 and 16 December 2014). Prior to this introduction, Sunrise did not have an established business relationship with the Solo Group, although they had undertaken a couple of trades for Solo Capital. Sunrise did not document any minutes nor notes of these initial meetings. In the initial email discussions, Solo told Sunrise that “Solo’s relationship to the brokers is principally one of a software provider where we happen to have mutual clients. Solo has a contract with the brokers governing this service”. 4.36 Sunrise estimated that the projected revenue from the Solo Group proposal of between £500,000 and £1 million per year, which was based on charging the Solo Clients a quarter basis point of the notional value of each trade. To reach the projected revenue, Sunrise would have been able to calculate that they would need to execute trades for the Solo Clients to the value of between £20 billion to £40 billion annually. 4.37 Sunrise did not carry out a formal or documented risk assessment when taking on the Solo Group business although “commercial discussions and due diligence” took place ahead of Sunrise making the decision to sign services agreements with the Solo Group. Sunrise explained “that it took considerable comfort” from the fact that the Solo Group entities were regulated by the Authority and that other authorised firms “which it regarded as reputable and assumed would also have undertaken due diligence” had already signed up to the Brokermesh platform. However, Sunrise did not have any specific conversations with the other Broker Firms involved to discuss compliance issues or queries, or to confirm the assumptions on which it made itself comfortable about the arrangements into which it was entering. 4.38 Sunrise queried the Solo Group’s structure with regard to Brokermesh on a telephone call with Solo on 6 February 2015. Sunrise could not see the reason why four Solo Group entities were involved. Solo did not identify a particular reason other than this was Sanjay Shah’s preference and that it would split the revenue stream between the four Broker Firms. On another call between the Solo Group and Sunrise on 9 February 2015, Sunrise queried the rationale behind the structure and the nature of the arrangements stating “... need to understand … what is being done is legal … that we’re not participating in anything that hasn’t already gone 22 through a proper due diligence process”. There is no record of if and how this query was answered. 4.39 On 17 February 2015, Sunrise signed an agreement with the Solo Group whereby the Solo Group would provide clearing and settlement services in relation to the Solo Clients (“the Services Agreement”) and on 24 February 2015 Sunrise signed the terms of the Brokermesh licence. Sunrise understood that it would not be liable for any settlement failures if a trade did not go ahead and that all trades would be subject to the Solo Group’s approval. 4.40 The Solo Group informed Sunrise before the Services Agreement was signed that the trading would involve pan-European equities. Within Sunrise it was assumed that the trading would involve Dividend Arbitrage. Sunrise did not however seek any further information from the Solo Group about the intended nature and purpose of the Solo Trading. Onboarding of the Solo Clients Introduction to Onboarding requirements 4.41 The 2007 Regulations required authorised firms to use their onboarding process to obtain and review information about a potential customer to satisfy their KYC obligations. 4.42 As set out in Regulation 7 of the 2007 Regulations, a firm must conduct CDD when it establishes a business relationship or carries out an occasional transaction. 4.43 As part of the CDD process, a firm must first identify the customer and verify their identity. Second, a firm must identify the beneficial owner, if relevant, and verify their identity. Finally, a firm must obtain information on the purpose and intended nature of the business relationship. 4.44 To confirm the appropriate level of CDD that a firm must apply, a firm must perform a risk assessment, taking into account the type of customer, business relationship, product and/or transaction. The firm should also document their risk assessments and keep their risk assessments up to date. 4.45 If the firm determines through its risk assessment that the customer poses a higher risk of money laundering or terrorist financing then they must apply EDD. This may 23 mean that the firm should obtain additional information regarding the customer, the beneficial owner to the extent there is one, and the purpose and intended nature of the business relationship. Additional information gathered during EDD should then be used to inform the firm’s risk assessment process, in order to manage its money laundering/terrorist financing risks effectively. The information firms are required to obtain about the circumstances and business of their customers is necessary to provide a basis for monitoring customer activity and transactions, so firms can effectively detect the use of their products for money laundering and/or terrorist financing. Chronology of the onboarding 4.46 On 17 February 2015, the onboarding process commenced for the Solo Clients when the Solo Group started supplying KYC documents to Sunrise. This was the first time that Sunrise had received information about the names of the Solo Clients and the jurisdictions in which the Solo Clients were based. The 142 Solo Clients were onboarded between 10 March 2015 and 6 May 2015 as follows: Date Number of Clients Onboarded 10 March 2015 12 11 March 2015 69 20 March 2015 28 23 March 2015 6 1 April 2015 24 6 May 2015 3 4.47 The Solo Clients included a total of 81 clients recorded as onboarded over two working days on 10 and 11 March 2015 and the remaining clients over four nonconsecutive working days on 20 and 23 March 2015, 1 April 2015 and 6 May 2015. 4.48 The Solo Trading commenced on 25 February 2015, which was almost two weeks before any of the Solo Clients were recorded as onboarded and eight days after the 24 onboarding commenced. Sunrise therefore started trading in respect of some of the Solo Clients before it had fulfilled its obligations under the 2007 Regulations, particularly Regulation 7 and in direct contravention of the Compliance Documents. Sunrise should at this stage have been prepared and willing to refuse to onboard clients if they presented unacceptable risks. 4.49 Sunrise onboarded the 142 clients introduced by the Solo Group in under two months. This compared to 48 clients unrelated to the Solo Group that Sunrise onboarded during the entire Relevant Period. The rate of onboarding also differed, with the 48 unrelated clients being onboarded over 41 days, whereas the Solo Clients were onboarded over 6 days. Of the clients unrelated to the Solo Group onboarded during the Relevant Period, no more than two were ever onboarded on the same day. 4.50 Sunrise acknowledged that onboarding all the Solo Clients “effectively in one go” was not a “usual” thing to do and was “a bit rushed”. However, Sunrise was under pressure from Solo to complete the onboarding of the Solo Clients and Sunrise was keen to ensure that it did not lose the business being offered to it. Sunrise indicated concerns that they “risked being dropped from the project” if onboarding was not done to Solo’s timeline. 4.51 Not only was the large number of clients onboarded unusual for Sunrise, the Solo Clients also deviated from Sunrise’s normal type of client. Sunrise’s top 20 clients during the Relevant Period were large investment banks or large institutional funds. By contrast, the Solo Clients consisted of approximately 118 401(k) Pension Plans and almost all pension plans and entities had been set up in 2014, which was in itself a red flag. Whereas during the Relevant Period, Sunrise did not execute any equity trades in Danish stocks for its top 20 clients, Sunrise purportedly executed high volume Cum-Dividend Trades to the value of approximately £25.4 billion in Danish equities for the Solo Clients in the knowledge that a large majority of these clients were recently established individual pension plans. 4.52 The Solo Clients were all based in the US or Malaysia. Although Sunrise did not have any Malaysian based clients prior to onboarding the Solo Clients, 24 of the Solo Clients were registered in Labuan (Malaysia). Sunrise did not give any additional considerations to the onboarding despite the fact that the Solo Clients were not UK based. 25 4.53 The KYC material provided to Sunrise showed that almost all the Solo Clients’ entities had only one UBO, with many of those UBOs owning several of those entities each. A number of the UBOs were connected to the Solo Group. Sunrise did not recognise or consider that this was unusual at the time. CDD 4.54 CDD is an essential part of the onboarding process, that must be conducted when onboarding a new client. Firms must obtain and hold sufficient information about their clients to inform the risk assessment process and manage the money laundering risks effectively. 4.55 As part of the CDD process first, under Regulation 5 of the 2007 Regulations, a firm must identify the customer and verify their identity. Second, a firm must identify the beneficial owner, if relevant, and verify their identity. Finally, a firm must obtain information on the purpose and intended nature of the business relationship. A. Customer Identification and Verification 4.56 Regulation 20 of the 2007 Regulations requires that firms establish and maintain appropriate and risk-sensitive policies and procedures related to customer due diligence. SYSC 6.3.1R requires that the policies must be comprehensive and proportionate to the nature, scale and complexity of its activities. 4.57 Sunrise stated that it onboarded prospective clients during the Relevant Period using a “risk-based approach” in accordance with its client take-on policy and the JMLSG Guidance. Paragraph 8.1 of Sunrise’s Anti-Money Laundering Policy stated that the firm needed “to be reasonably satisfied that their clients are who they say they are” in order to make it “more difficult for the financial services industry to be used for the purpose of money laundering or for handling the proceeds of crime” directing employees to Sunrise’s Client Take-on Policy. No further guidance on what “reasonably” meant was provided in the policy itself. 4.58 Sunrise’s Compliance Manual stated that the Firm had established a client take-on procedure to satisfy its client identification requirements which were the same regardless of the business area. The Anti-Money Laundering Policy stated that the identification process exists to, in part, “help the firm to identify, during the course of a continuing relationship, what may be unusual” and indicate if a client may be involved in money laundering, fraud or handling of criminal or terrorist property. 26 4.59 Sunrise’s Client Take-on Procedures purported to contain information which Sunrise employees were “to attempt to obtain in all circumstances”. The steps (to be followed in numerical order) included: (i) Determine who the client is and who needs to be identified; (ii) Determine the overall risk of the proposed client relationship; (iii) Record the products and services the client is requesting; (iv) Determine if information provided by another firm can be relied upon instead of collecting information directly from the client, and if so collect the appropriate certificate; (v) If another firm cannot be relied on, determine the information required and collect documents; and (vi) Complete the summary client take-on form. 4.60 Sunrise, however, acknowledged that there may have been discrepancies and/or contradictions in the Compliance Documents. This was due to the fact that they had been sourced, in part, from a member of staff at the Firm who had drafted parts of them for another firm. As a result, the Compliance Documents had not been updated, tailored or amended adequately to reflect Sunrise’s business. Key parts of the Compliance Documents such as checklists appeared to be missing. Reliance on Solo for due diligence 4.61 Further, the Client Take-on Procedures stated that “in many circumstances, you will find that due to the low risk nature of the relationship, Sunrise Brokers is able to rely upon another party for some or all of the client identification”. The Client Take-on Procedures did not give further details of when Sunrise would rely on another party for some or all of the client identification, what factors needed to be taken into account or what particular measures put in place. 4.62 The JMLSG Guidance states that firms should take a risk-based approach when deciding whether to accept confirmation from a third party that appropriate CDD measures have been carried out on a customer and this “cannot be based on a single factor”. They also state that if reliance is placed on a third party, the firm still needs to know the identity of the beneficial owner whose identity is being verified; the level of CDD carried out; and have confirmation of the third party’s understanding of his obligation to make available on request copies of the verification data, documents or other information. 4.63 Sunrise’s Client Take-on Procedures also stated that with “all customers, it is essential” that Sunrise “understand the entity type and all parties associated with 27 it”. They also stated that introduction certificates should be obtained by Sunrise when an equivalent regulated entity confirms that identification and verification has been undertaken on a specific client. Sunrise has provided no evidence that these were obtained for the Solo Clients. 4.64 The Client Take-on Procedures also stated that general assurances may be given by “an undertaking provided by a regulated firm to another regulated firm that for all current and future customers introduced, sufficient identification has been or will be obtained and retained by the original owner”. However, these were only permitted for introductions where there was a one-off transaction for low risk customers, between clearing and executing brokers in certain limited (but unspecified) circumstances or where the client was an unregulated fund where relevant investors may need to be identified (so long as the client is low or medium risk in nature). 4.65 Sunrise’s approach to onboarding Solo Clients placed unreasonable reliance on the fact that these Solo Clients were introduced by another regulated firm. The fact that the introducer was regulated appears to be the only factor Sunrise considered when deciding on the level of due diligence to apply. Essentially, as the Solo Clients were introduced by a regulated entity, Sunrise did not treat them as previously unknown clients and failed to apply the level of due diligence to the Solo Clients as it would do for other clients. Sunrise admitted that this approach was “in retrospect … something that we would not do now”. B. Beneficial Owner and Beneficial Owner Verification 4.66 As stated in paragraph 4.55 above, under Regulation 5 of the 2007 Regulations, a firm must identify a client’s beneficial owner, if relevant, and verify their identity. Sunrise’s Client Take-on Procedures stated that: “Identifying and verifying such owners back to either a source individual, or to a stage where ownership is by a lower risk entity or range of entities, is of crucial importance in protecting the firm from money laundering risk”. 4.67 Sunrise represented that “every client documentation was reviewed to find the beneficial owner, and who the people were authorised to trade on behalf of that. The documents were reviewed through to understand that they were certified and notarised and being provided to us, they did include passports and utility bills. … 28 So making sure that, at least on that, the documents we held for the underlying clients were correct, or I believed them to be correct at the time”. 4.68 During the due diligence process, KYC documents received in relation to the Solo Trading indicated that the UBO of a Solo Client was a former Solo Group employee but this did not “really raise any questions … on the suitability of the person” with Sunrise because the individual in question was considered “a market professional”. 4.69 Nor did Sunrise have concerns when KYC documents showed that the sole beneficiary of a Solo Client was an 18-year old college student who shared the same home address as the fund manager. The 18-year old college student was also the UBO of four other 401(k) Pension Plans that Sunrise onboarded. Sunrise said it would not have raised any concerns that an 18-year old would be making significant sized trades on the basis that “the fund had a manager” who would be trading on the college student’s behalf although said it was “unusual” that the student shared the home address as the fund manager. C. Purpose and Intended Nature of a Business Relationship 4.70 As part of CDD, Regulation 5(c) of the 2007 Regulations requires firms to obtain information on the purpose and intended nature of the business relationship. Firms should use this information to assess whether a customer’s financial behaviour over time is in line with their expectations, whether or not the client is likely to be engaged in criminal activity, and to provide it with a meaningful basis for ongoing monitoring of the relationship. 4.71 Regulation 20 of the 2007 Regulations requires that firms establish and maintain appropriate and risk-sensitive policies and procedures related to customer due diligence, and SYSC 6.3.1R requires that the policies must be comprehensive and proportionate to the nature, scale and complexity of its activities. 4.72 Sunrise’s Compliance Manual stated that it was important for the Firm “to understand the client’s business in order to assess the consistency of their transactions and activities undertaken so as to determine what may or may not seem suspicious or unusual”. 4.73 Sunrise’s Client Take-on Procedures stated that the Firm must obtain and document “The client’s reason for seeking Sunrise Brokers’ products and/or services. This will ensure that Sunrise Brokers fully understands the entity, and structure and 29 ownership”. The Compliance Documents however did not set out any framework or guidance for staff to follow to understand the purpose and intended nature of the business relationship with each client. 4.74 Sunrise first received KYC documentation for the Solo Clients from the Solo Group on 17 February 2015. There was no composite written checklist to assist with the review of KYC documents during the onboarding process although the Compliance Documents did provide examples of some of the information that Sunrise ought to obtain when conducting due diligence. 4.75 The CDD Sunrise undertook for the Solo Clients was limited to checking the documentation received and to carrying out identification checks for the Solo Clients and for the UBOs of each of the entities being onboarded. Sunrise stated it had no concerns arising from its review of the KYC documents. It is the Authority’s view that Sunrise’s review of the KYC documents was rushed, given the commercial pressure Solo had placed on Sunrise and therefore lacked an adequate level of scrutiny. 4.76 Sunrise failed to identify numerous red flags which should have been evident from scrutinising the KYC documents. Sunrise did not question why Solo Clients were using 401(k) Pension Plans to conduct highly speculative, short term Dividend Arbitrage as such plans were largely for holding individual savings. Nor did Sunrise question how plausible it was that individual Solo Clients were conducting trading that required the Solo Clients to hold such a high level of funds, particularly when Sunrise did not know the limits on 401(k) Pension Plan contributions or otherwise check the source of these funds. Had it done so, Sunrise would have identified that the value of the Solo Trading was many times in excess of the maximum funds that could have contributed to US 401(k) Pension Plans set up only the year before. 4.77 In not applying this basic level of scrutiny, Sunrise failed to complete the CDD steps required under Regulation 5 of the 2007 Regulations. Risk Assessment 4.78 As part of the onboarding and due diligence process, firms need to undertake and document risk assessments for every client. Such assessments should be based on information