Utmost Worldwide Limited, Mr Leon Steyn and Mr James Alexander Watchorn

• Public Statements
• Insurance
• Financial Crime

The Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020 (the "Enforcement Powers Law")

The Insurance Business (Bailiwick of Guernsey) Law, 2002

The Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law 2002

The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007 (the "Regulations")

Schedule 3 to Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 ("Schedule 3")

The Disclosure (Bailiwick of Guernsey) Law, 2007

The Handbook on Countering Financial Crime and Terrorist Financing (the "Handbook")

The Principles of Conduct of Finance Business (the "Principles of Conduct")

Utmost Worldwide Limited (the "Licensee")

Mr Leon Steyn ("Mr Steyn")

Mr James Alexander Watchorn ("Mr Watchorn")

On 9 March 2026, the Guernsey Financial Services Commission ("the Commission") decided:

To impose a financial penalty of £1,960,000 on the Licensee under section 39 of the Enforcement Powers Law;

To impose a financial penalty of £35,000 on Mr Steyn under section 39 of the Enforcement Powers Law;

To impose a financial penalty of £10,500 on Mr Watchorn under section 39 of the Enforcement Powers Law;

To make an order under section 33 of the Enforcement Powers Law prohibiting Mr Watchorn from holding the roles of Money Laundering Reporting Officer and Money Laundering Compliance Officer for a period of one year and five months; and

To make this public statement under section 38 of the Enforcement Powers Law.

The Commission considered it reasonable and necessary to make these decisions having concluded that the Licensee, Mr Steyn and Mr Watchorn failed to ensure compliance with the regulatory requirements; and failed to meet the Minimum Criteria for Licensing (the "MCL"), pursuant to Schedule 7 of The Insurance Business (Bailiwick of Guernsey) Law, 2002; and Schedule 4 of The Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law, 2002.

EXECUTIVE SUMMARY

The findings in this case were serious, systemic and spanned a significant period - 2015 to 2025.

The Commission's investigation considered the fundamental issue to be that the Licensee underestimated the degree of financial crime risk related to its life insurance business.

This risk of financial crime was increased by the Licensee's historic business model - namely the use of brokers unregulated for international business, operating in developing countries often with a weak financial crime infrastructure, a client base open not just to mobile international executives but also to local people and a business stretching back over decades when financial crime requirements were less rigorous than they are today. Whilst the Licensee changed its business model to cease writing business through unregulated brokers in 2016, many of the policies written prior to this date remain in force.

Multiple controls, albeit proportionately applied, are required to mitigate these risks.

Instead, the Licensee regarded its business model as low-risk (despite nominally rating a large volume of its clients as high-risk), and made little effort to contact or monitor its clients until a pay-out was required. At that point, any potential "dirty money" was in the system and the likelihood of catching it was limited to a trigger-event review process, which was not always applied rigorously by the Licensee.

This approach to the mitigation of financial crime risks ran through the Licensee and is the cause of the several control failures identified below.

The Licensee has proactively brought about operational changes across its business to address the issues identified and is taking substantial steps to remediate.

BACKGROUND

The Licensee was incorporated in Guernsey in August 1993, under the name of Generali Worldwide Insurance Company Limited. It was licensed to conduct general and long-term insurance business, but predominantly wrote regular premium unit linked savings business.

The Licensee was acquired by Utmost Group in February 2019 and changed its name to Utmost Worldwide Limited. Utmost Group's business model is primarily focused on writing single premium policies to high net worth and ultra-high net worth individuals. As a result very little new business has been written by the Licensee since it was acquired by Utmost Group and the company has effectively been in run-off

The Licensee had a worldwide client base that declined from more than 80,000 to less than 40,000 clients during the period reviewed by the Commission; including clients in jurisdictions within South and Central America, many of which are internationally regarded as presenting a higher money laundering risk.

The Licensee had engagements with the Commission in 2016, 2019, 2021 and 2022; all of which had resulted in some specific failings being identified.

Mr Steyn was the Chief Financial Officer of the firm from September 2012 to April 2020, a Director from 28 February 2019, and the Chief Executive Officer from 21 April 2020 to-date.

Mr Watchorn was the Nominated Officer / Deputy Money Laundering Reporting Officer from 16 August 2018 until 2025.

The Commission's investigation commenced in April 2023.

FINDINGS

The Commission identified that the Licensee had had at one point approximately 22,500 high-risk clients, but based on its methodology would review less than 3.50% of those on an annual basis.

The Licensee placed a significant reliance on a trigger-event, risk review process for the remainder of its clients (either high-risk, standard or low); a process that proved to be ineffective due to the ad-hoc frequency of the reviews, the quality of some of the reviews when actually undertaken, and the inadequacy of the Licensee's monitoring and screening processes.

The very small number of high-risk clients that were subject to regular review, represented the Licensee's highest risk cohort of clients, including Politically Exposed Persons. The Commission identified that these reviews were also ineffective due to the lack of customer contact, and the fact that CDD deficiencies identified during these reviews were not always remediated at the time, but deferred until a future review.

The Licensee was therefore unable to demonstrate a meaningful and up-to-date understanding of the financial crime risks of its clients, in particular, its high-risk clients. This led to widespread failings and systemic breaches of the regulatory requirements of the Bailiwick in relation to risk assessments, monitoring, and the source of wealth and source of funds of its high-risk client base.

The Licensee also became aware in 2014, that one of its third-party brokers operating in South and Central America had identified that some of its employees had been fraudulently altering client due diligence documents for approximately 1,900 of the Licensee's clients. The Licensee recognised the potential money laundering risks posed by this fraud.

However, the Licensee failed to remediate this serious matter expeditiously, choosing instead to rely on its trigger-event risk review process to rectify deficiencies. This meant that 10 years after having identified the fraudulent behaviour, the Licensee had still been unable to remediate approximately 200 clients.

Mr Watchorn demonstrated views in relation to money laundering risks that did not accord with the standards the Commission believed appropriate for the specific nature of his role, particularly given the Licensee's large volume of high-risk clients.

The Disclosure (Bailiwick of Guernsey) Law, 2007, makes it clear at Section 1(2)(b) that a suspicion of money laundering is not solely confined to the identification of criminal proceeds, but also to whether a "person is engaged in money laundering."

The Commission's investigation identified that Mr Watchorn often downplayed money laundering red flags (including adverse media) identified by employees of the Licensee.

The Licensee was required by the transitional provisions of the new Handbook, introduced in 2019, to review all its business relationships by 31 December 2021; but failed to comply with this statutory requirement.

In more detail, the Commission found:

The Licensee failed to properly conduct relationship risk assessments, taking into account relevant high-risk factors and to regularly review relationship risk assessments.

Schedule 3 and the related rules in the Handbook require that in order for a financial service business to consider the extent of its potential exposure to the risk of money laundering and terrorist financing it must assess the risk of any proposed business relationship, and regularly review such a risk assessment so as to keep it up-to-date.

The Licensee operated a process in relation to risk assessments whereby it categorised its high-risk clients into two-tiers of high risk. The first category involved those clients who had been rated high-risk only due to the jurisdiction risk of their residence or nationality.

This first category (equating to approximately 96% of the Licensee's high-risk clients), would not be subject to annual reviews, but would be reviewed on a trigger-event basis adopted by the Licensee. These trigger-events included such things as full or partial policy surrenders, or single / regular premium increases.

The ad-hoc nature of trigger-events meant that clients categorised as high-risk could often go for long periods without review, with the Licensee therefore unable to demonstrate an ongoing understanding of any changes to the client's risk assessment.

The Commission's investigation reviewed a sample of trigger-event reviews and noted the following: (i) not all reviews contained updated information on such things as source of funds or source of wealth; (ii) adverse media had not always been identified by the Licensee's screening system; and (iii) deficiencies identified during review were not always remediated, but were detailed to be remediated at the next trigger-event.

For example:

Client 1

A high-risk client taken on in 2007 was not reviewed until a trigger-event in 2021. During this review it was identified that adverse media had linked the client to tax evasion offences in 2012, an event the Licensee was unaware of until 2021. Whilst the client was subsequently cleared of these offences, the Licensee nevertheless failed to demonstrate it had maintained an up to-date understanding of its client.

Client 2

A high-risk client taken on in 2007, became a PEP in 2008. This was not identified by the Licensee until a trigger-event review in 2021, some 13 years after the client became a PEP.

The Commission's investigation identified that in relation to its first category of high-risk clients, the Licensee effectively treated them no differently to its standard and low-risk clients.

The Licensee's reliance on its trigger-event process was flawed, as it rarely resulted in a contemporaneous understanding of the financial crime risks of its clients.

The second category of high-risk clients consisted of those identified as either PEPs, CEPs (commercially exposed persons), or subject to adverse media. This equated, at most times, to only approximately 4% of its high-risk clients.

This second category of high-risk clients were reviewed on an annual basis.

The Commission's investigation identified that despite the relatively small number of reviews in this second category, the Licensee failed to consistently update source of wealth or source of funds information, or confirm its continuing relevance, or always rectify deficiencies when identified, with little effort made to establish whether the client had moved location or changed occupation.

In conclusion, the Licensee on numerous occasions failed to conduct effective and adequate risk assessments of its high-risk clients, thus exposing itself and the Bailiwick to an unacceptable level of risk of money laundering and terrorist financing.

For example:

Client 3

A high-risk client was taken on in 2014 and classified as a PEP by the Licensee. During a review in 2023, the client's source of funds information was not updated, with reliance instead being placed on information collected some nine years previously.

Client 4

A high-risk client taken on in 2001 and classified as a PEP. During a review in 2023, it was noted by the reviewer that the ID for the PEP was a very poor-quality scan and out of date. The remediation section on the review form simply noted "CDD to be refreshed at next trigger."

In addition, the Commission identified that the Licensee did not have a current address for the client and seemed to be unaware of this.

The Licensee failed to ensure it conducted its business with prudence and professional skill in relation to one of its third-party brokers.

The Licensee became aware in 2014, that some of the employees of one of its third-party brokers, operating in high-risk jurisdictions throughout South and Central America, had provided fraudulent client due diligence documents (verification of address) to the Licensee for certain Central American clients.

The Licensee recognised the seriousness of the situation, referring to it as "a significant money laundering risk."

After an initial investigation by the Licensee, it identified that c.1,900 deficient files were affected and required remediation.

The Licensee immediately suspended any new business with the specific broker and stated its intention to have all client due diligence from the affected broker refreshed and independently notarised.

The suspension of new business was lifted after the broker conducted an investigation and removed staff involved in the fraudulent activities. In any event, no new clients were accepted from the broker after 2016.

However, the Commission noted that in 2024 (ten years after the serious issue was identified), the Licensee still had approximately 200 clients, whose proof of address was suspected to have been potentially fraudulently altered and who had not responded to repeated attempts at remediation.

The Licensee therefore failed to act with: (i) prudence; (ii) with the professional skill appropriate to the nature and scale of its activities; and (iii) in a manner which would not damage the reputation of the Bailiwick as an international financial centre.

The Licensee failed to ensure it established and maintained effective procedures and controls to forestall, prevent and detect money laundering and terrorist financing; as necessary to report suspicion.

Schedule 3 and the Regulations stipulate that licensees must ensure compliance with the requirements to make disclosures under Part 1 of the Disclosure (Bailiwick of Guernsey) Law, 2007; and sections 15 and 15A of the Terrorism and Crime (Bailiwick of Guernsey) Law, 2002.

One of the people responsible for making disclosures during the relevant periods of the Commission's investigation was Mr Watchorn.

The Commission's investigation identified that the Licensees money laundering controls failed on a number of occasions, and the significance of money laundering red flags were not always adequately appreciated by Mr Watchorn, leading on a number of occasions, to the Licensee's responsibilities not being properly discharged.

For example:

Client 5

Two high-risk clients were onboarded in 2012, and operated a manufacturing business in Asia.

During the client relationship, the Licensee had various addresses for the clients in Asia, Holland and Spain; as well as a number of variations for the spelling of the client's surname. None of these inconsistencies were adequately investigated by the Licensee.

The insurance product purchased by the clients required a monthly premium of approximately USD1,500.

In 2021, the clients made eight unsolicited payments in just over one month, totalling approximately USD250,000. Whilst these payments were never applied to the policy, it took the Licensee nearly a year before it began to investigate the circumstances surrounding the payments.

The Licensee requested the clients complete an updated source of funds questionnaire to help explain the dramatic rise in payments - a request that was never complied with.

However, the client did request the return of the unsolicited payments, but to a different bank account from which they originated. This unusual request raised concerns with an employee of the Licensee.

Mr Watchorn dismissed these concerns without any evidence of any form of investigation, simply opining that it was a case of "poor admin by the client and poor communication between the clients and their brokers."

The Commission believes that Mr Watchorn failed to consider sufficiently the three potential money laundering red flags in this scenario: (i) the large and unsolicited inward payments; (ii) a refusal by the clients to provide evidence of the source of funds for these payments; and (iii) the client's request for their funds to be returned to a different bank account.

Client 6

A high-risk client onboarded in 2014, located in a jurisdiction with a heightened risk for money laundering; a risk driven by significant levels of organised crime, drug trafficking and corruption in the jurisdiction.

The premiums paid by this client rose from an initial USD10,000 per month, to USD20,000 per month in 2018.

The Commission's investigation identified that the Licensee had been unable to corroborate the income of the client, as no online presence for the client's company could be identified. The client claimed that the lack of an online presence was due to concerns regarding the security situation in the client's jurisdiction.

An employee of the Licensee raised concerns regarding the lack of online presence, and the lack of corroboration as to how the client had amassed sufficient wealth to fund annual premiums of USD240,000.

These concerns were not adequately followed up.

In the following eighteen months, employees again raised concerns regarding the fact that the client had made five partial surrenders of their policy - totalling approximately USD1,000,000. It was noted that the client had claimed to also have a number of other insurance products with different providers.

These concerns were put to Mr Watchorn, who dismissed them based on the fact that the client was continuing to pay his premium and that checks had not revealed anything adverse.

The Commission believes that the Licensee and in part, Mr Watchorn, failed to consider sufficiently the four potential money laundering red flags in this scenario: (i) a client from a high-risk jurisdiction, notable for its levels of organised crime, making USD20,000 monthly payments, with no suitably corroborated source of funds; (ii) the indication that the client may have further insurance products, which would again call into question the source of funds needed to service further products; (iii) the fact that the product held with the Licensee had been set up as a twenty-five year long term savings plan, but which the client had made five substantial partial surrenders from in less than eighteen months; and (iv) the fact that the client's purported company had no online presence and the Licensee could not corroborate the client's source of funds.

The Licensee failed to take reasonable measures to establish the Source of Wealth (SOW) and Source of Funds (SOF) of its high-risk business relationships.

The Commission sampled 72 high-risk client files, and identified that 71 of the files were deficient in some respects with regards to source of wealth and source of funds.

This sample was identified by the Commission to be indicative of systemic issues with the Licensee's application of the reasonable measures needed to establish both source of wealth and source of funds.

These failings originated from the point of onboarding (where not all source of funds information was corroborated despite a number of higher risk factors present within a relationship indicating that more substantive enquiries should be made), and throughout the life cycle of a client; with source of funds information not always being refreshed or re-confirmed, either during periodic reviews, or at trigger-events.

This meant that the Licensee was often not aware as to whether the provenance of the funds being received by the Licensee for premium payments had changed.

The Handbook requires licensees to regularly review their clients, and during these reviews, in particular regarding high-risk clients, a review should be conducted of the source of funds being used to make, in the Licensee's case, premium payments. This is an essential anti-money laundering measure, as a licensee must ensure that it does not receive any funds which may represent the proceeds of crime.

The Licensee failed to perform ongoing and effective monitoring of its business relationships.

The Licensee failed to perform ongoing and effective monitoring of its business relationships, as required by Schedule 3, paragraph 11(1) and 5(3)(a)(iv) in relation to high-risk clients, for an extended period of time.

Concerns were raised by the Commission in 2016, 2019, 2021 and 2022 following Commission onsite engagements, which identified failings in the Licensee's screening systems used to monitor its clients.

These failures were in respect of PEP identification, adverse media and sanctions screening.

For example:

Client 7

A client onboarded in August 2011, became a PEP in 2018. The Licensee's screening systems failed to identify this important change in the client's profile at the time, and this change went undetected by the Licensee until 2023, when the Commission conducted its own screening check.

Client 2

As noted above a client onboarded in December 2007 became a PEP in 2008 but was not identified as such by the Licensee's screening systems until a trigger-event review in 2021.

These type of failings were exacerbated by the fact that despite concerns being raised with the Licensee by the Commission regarding the suitability of its screening systems, the Licensee admitted in 2021 that: (i) the client database against which the screening systems cross-referenced, had not been checked for two years; and (ii) there was no annual compliance monitoring test in place to check the screening systems.

The Commission's investigation identified that whilst the Licensee was not conducting regular periodic reviews of its clients in line with their assigned risk ratings, the Licensee relied heavily on its screening systems to identify key changes in client relationships.

The Commission identified repeat failings and long-standing issues in relation to the Licensee's monitoring of its clients, which were exacerbated by the Licensee inadequate screening processes.

The Licensee failed to fully comply with The Transitional Provisions, as detailed in the 2019 new Handbook

In 2019, the Bailiwick of Guernsey made significant amendments to the Criminal Justice (Proceeds of Crime) Law, 1999, in order to align it with international standards for combating money laundering and terrorist financing, particularly those set by the Financial Action Task Force (FATF) and address recommendations made by MONEYVAL in its 2015 evaluation.

As part of this update, the Commission released, as detailed in Chapter 17, the Transitional Provisions.

These transitional provisions required, inter alia, Licensees to review all its business relationships by 31 December 2021.

The Licensee acknowledged that it failed to comply with this recommendation in the Handbook.

Mr Leon Steyn

The Commission investigation identified that Mr Steyn failed to consistently act with competence, soundness of judgement and diligence by (for his part as CEO):

• Failing to ensure that the Licensee had appropriate and effective policies and procedures in relation to its risk assessment of clients, leading to less than 4% of high-risk clients being reviewed on an annual basis;
• Failing to ensure that the Licensee had the appropriate oversight necessary for effective SAR procedures and controls;
• Failing to ensure that the Licensee had appropriate oversight and control over one of its largest brokers, which had supplied approximately 1,900 forged proof of address documents; and
• Failing to ensure full compliance with the transitional provisions detailed in the 2019 Handbook.

Mr James Watchorn

The Commission investigation identified that Mr Watchorn failed to consistently act with competence, soundness of judgement and diligence by:

• Failing to, at all times, consider the implications of money laundering red flags and act in accordance with the competence and diligence expected of a Nominated Officer / Deputy Money Laundering Reporting Officer.

Aggravating Factors

The regulatory failings in this case were serious and systemic, spanning a minimum of ten years. This reflected poorly on the effectiveness of the Licensee's corporate governance.

The Licensee failed to put in place measures to fully understand the risks posed by its clients, either at the start, during, or end of the client lifecycle. This was of particular concern due to the large volume of high-risk clients.

Mitigating Factors

The Commission notes that in late 2023, the Licensee (led by Mr Steyn) embarked on a substantial remediation programme which includes implementation of a new risk assessment methodology and a significant change in the way it conducts regular reviews of its client risk assessments. The Licensee has re-rated all its clients and will now review them on a 1,3 and 5 year cycle according to the allocated risk rating (high, standard and low respectively).

The Commission anticipates that the level of remediation required by the Licensee may take a considerable period of time to complete.

The Licensee, Mr Steyn and Mr Watchorn assisted the Commission fully during the investigation and settled at the earliest opportunity.

End