NAMES AT PARAGRAPH [74](a),(b), (c) AND (d) HAVE BEEN REDACTED FOR PRIVACY REASONS (SECTION 47(1), ANTI-MONEY LAUNDERING AND COUNTERING FINANCING OF TERRORISM ACT 2009) IN THE HIGH COURT OF NEW ZEALAND AUCKLAND REGISTRY CIV-2017-404-28 [2017] NZHC 2363 BETWEEN DEPARTMENT OF INTERNAL AFFAIRS Applicant AND PING AN FINANCE (GROUP) NEW ZEALAND COMPANY LIMITED Respondent AND XIAOLAN XIAO Second Respondent Hearing: 12 April 2017 Appearances: DG Johnstone and PJ Arnold for Applicant No appearance by or for the Respondents Judgment: 28 September 2017 JUDGMENT OF TOOGOOD J This judgment was delivered by me on 28 September 2017 at 3.00 pm Pursuant to Rule 11.5 High Court Rules Registrar/Deputy Registrar Department of Internal Affairs v Ping An Finance (Group) New Zealand Company Limited [2017] NZHC 2363 [28 September 2017] Table of Contents Paragraph Number Introduction and background [1] Conclusions and orders made [5] Procedural background [10] The Department’s case [14] Legislative purposes and objectives [17] Statutory purposes in s 3 [17] Legislative background [18] Overview of the Act’s requirements [21] The Act’s enforcement regime [23] First cause of action: failure to conduct customer due diligence [28] Second cause of action: failure to adequately monitor accounts and transactions [42] Third cause of action: entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity [51] Fourth cause of action: failure to keep records [53] Fifth cause of action: failure to report suspicious transactions [60] The requisite mental element for failure to report suspicious transactions [63] Whether Ping An’s conduct satisfied the requisite mental element [73] Applicable legal principles for a civil pecuniary penalty [79] The maximum penalties [81] Approach to assessing appropriate penalties [87] Quantum assessment [95] Reference to maximum penalties in setting a starting point [95] Aggravating and mitigating factors [101] The nature and extent of Ping An’s civil liability acts [104] The likelihood, nature, and extent of any damage to the integrity or reputation of New Zealand’s financial system because of the civil liability acts [107] The circumstances in which the civil liability act occurred [109] Table of Contents Starting points Paragraph Number [110] First cause of action: failure to conduct customer due diligence [113] Second cause of action: failure to adequately monitor accounts and transactions [114] Third cause of action: entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person's identity [115] Fourth cause of action: failure to keep records [116] Fifth cause of action: failure to report suspicious transactions [117] Consideration of personal aggravating or mitigating factors [119] Whether the entity has previously engaged in any similar conduct [119] The degree to which the conduct was initiated or condoned by officers or senior management within the company [120] What steps were taken by the company to ensure compliance with the Act? [121] Whether there has been full and frank disclosure and cooperation [122] Summary of the penalties imposed Whether any adjustment is required to reflect the totality of the non-compliance [126] [128] Injunction [129] Conclusions and orders [137] Costs [139] Introduction [1] The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act or the Act) seeks to deter, detect, and discipline money laundering and the financing of terrorism, as well as the financial activities which facilitate their commission. The Act introduced strict new procedures and compliance obligations upon financial institutions, the primary purpose of which is to curtail the risk of money laundering and financing of terrorism. [2] With limited exceptions, the Act imposes requirements on public and private sector businesses which carry on business as a “reporting entity” as defined in s 5.1 The first respondent, Ping An Finance (Group) New Zealand Company Limited is a reporting entity by virtue of its being a “financial institution”, as defined by s 5, that, in the ordinary course of business, carries out one or more of the specified financial activities, including transferring money or value on behalf of a customer, and money or currency changing. [3] The Department of Internal Affairs has brought an application for the imposition of pecuniary penalties for civil liability acts 2 founded on alleged multiple failures by Ping An to comply with the anti-money laundering and countering financing of terrorism (AML/CFT) requirements3 under Part 2 of the Act. The Department also seeks injunctions restraining both Ping An and its sole director and shareholder, the second respondent Mr Xiaolan Xiao, from carrying out financial activities.4 [4] Ping An is a New Zealand incorporated company that has carried on business providing money remittance and foreign currency services from offices above Auckland’s Queen Street. Mr Xiao is a New Zealand citizen born in Beijing, China. He is and has been the sole director of Ping An since its incorporation. He has also been the sole shareholder since 5 May 2015, prior to which he was a co-shareholder 1 2 3 4 Anti-Money Laundering and Countering Financing of Terrorism Act 2009, s 6. Unless otherwise indicated, statutory references are to the Act as in force during the relevant period, i.e. from 1 January 2014 to 9 January 2015. Defined in s 78. See [25] below. Section 5, “AML/CFT requirements”. Sections 79(d) and 87. with various people, including a Ms Xu. During the investigation period, the company had three frontline employees and, according to Mr Xiao, was not a complex business, obtaining new customers by word-of-mouth. Conclusions and orders made [5] For the reasons set out in this judgment, I have concluded that, between 1 January 2014 and 9 January 2015, Ping An Finance (Group) New Zealand Company Limited committed numerous civil liability acts in that it: (a) failed to carry out customer identity and verification of identity checks as part of customer due diligence; (b) failed to adequately monitor accounts and transactions; (c) entered into or continued business relationships with persons who did not produce or provide satisfactory evidence of their identity; (d) failed to keep transaction, customer due diligence, and other records; and (e) failed to report suspicious transactions in breach of relevant AML/CFT requirements in Part 2 of the Act. [6] What I regard as serious, systemic deficiencies in complying with a multiplicity of obligations under the Act resulted in widespread contraventions across several key areas which were not isolated or infrequent. The company’s sole director and shareholder, Mr Xiao, misled the Department in the course of its investigation and demonstrated a complete disregard for the Act’s requirements, if not a wilful intention to flout them. His failures as a director and manager of the business led directly to the scale and severity of Ping An’s breaches. Overall, Ping An failed to keep appropriate records for 1588 transactions totalling $105,413,026.44; the identity and verification of 362 customers; and the establishment and continuation of 122 business relationships. In all, 173 transactions presented to the Court by the Department contained several indicia of suspicious transactions, including unnecessary use of several transactions to pay or receive funds from a single customer on a single day or within a short period; the presence of very large transactions; and significant high-value cash deposits. Nevertheless, Ping An failed to submit a single suspicious transaction report in respect of any of the 1588 transactions it conducted during the relevant period. It is not difficult to infer that the company’s non-compliance amounted to a calculated and contemptuous disregard for the AML/CFT requirements, and that non-compliance was a cultural norm within the business. [7] I agree with the submission for the Department of Internal Affairs that the failure of Mr Xiao and his company to meet their obligations under the AML/CFT Act is at the higher end of non-compliance with the Act’s requirements. [8] I have determined that any pecuniary penalty imposed under the Act must be so significant as to deter and denounce non-compliance; reflect the prescribed maximum penalty; and recognise Parliament’s intention that significantly greater penalties should be awarded than in cases under the predecessor legislation, the Financial Transactions Reporting Act 1996. [9] As a consequence, I make orders requiring Ping An to pay a total of $5.29 million in pecuniary penalties, the details of which are set out at [138] below. I also grant injunctions restraining Ping An and Mr Xiao, until the further order of the Court, from carrying out any financial activities that would cause either of them to be deemed to be a financial institution as defined in s 5 of the Act. Procedural background [10] Where a civil liability act is alleged to have occurred, s 79 of the Act empowers the relevant AML/CFT supervisor to apply for a pecuniary penalty and/or seek an injunction against the reporting entity that engaged in the conduct that constituted the act.5 The Department is the relevant AML/CFT supervisor for Ping An.6 5 6 Section 90(1); ss 85 or 87. Section 130(1)(c). [11] The Department relies on two affidavits sworn by Mr RJT Milnes, the enforcement officer in charge of the investigation. The essence of the Department’s claim is that, while carrying on business as a money remitter and conducting transactions totalling $105,413,026.44 between 1 January 2014 and 9 January 2015 (the relevant period), Ping An fell seriously short of meeting its obligations in complying with Part 2 of the Act. [12] The Department initially sought leave to bring this proceeding by way of originating application, but leave was declined by Downs J on 25 October 2016.7 On 11 January 2017, the Department filed a statement of claim. On 27 January 2017, Bell AJ granted permission under s 47(1) of the Act for the Department to disclose to the Court and the respondents’ lawyers material which is usually prohibited from disclosure in judicial proceedings by s 47 of the Act. [13] No steps have been taken in the proceeding by either respondent. On 6 March 2017, Katz J directed that the matter to be set down for a formal proof hearing. I am satisfied that, just as under the Unsolicited Electronic Messages Act 2007 and the Commerce Act 1986, pecuniary penalties may be imposed by way of formal proof.8 If it were otherwise, a respondent could frustrate the purpose of the Act merely by refusing to take any steps to oppose the orders sought. The Department’s case [14] The Department’s case is that Ping An has failed abysmally to comply with its obligations under Part 2 of the Act. Between 1 January 2014 and 9 January 2015, Ping An is said to have committed a number of civil liability acts in that it: (a) failed to carry out customer identity and verification of identity checks as part of customer due diligence;9 (b) 7 8 9 10 failed to adequately monitor accounts and transactions;10 Department of Internal Affairs v Qian Duoduo Ltd [2016] NZHC 2544, (2016) 23 PRNZ 386. Chief Executive of the Department of Internal Affairs v Mansfield [2013] NZHC 2064 at [36]  [41]; Commerce Commission v Hodgson [2014] NZHC 649. Anti-Money Laundering and Countering Financing of Terrorism Act, s 78(a). Section 78(b). (c) entered into or continued business relationships with persons who did not produce or provide satisfactory evidence of their identity;11 (d) failed to keep transaction, customer due diligence, and other records;12 and (e) failed to report suspicious transactions in breach of relevant AML/CFT requirements in Part 2 of the Act.13 [15] On the basis of these five causes of action, the Department applies for pecuniary penalties against Ping An and injunctions restraining both the company and Mr Xiao from carrying out financial activities covered by the Act. [16] Since this is the first case brought under the Act to reach determination, it is appropriate to take more time than might usually be necessary in an uncontested proceeding to: (a) explain the legislative purpose and objectives; (b) describe the scheme of the Act, particularly the enforcement provisions; and (c) address and, where appropriate, determine applicable legal principles. Legislative purposes and objectives Statutory purposes in s 3 [17] Although the Act received the Royal Assent on 16 October 2009, it did not fully come into force until 30 June 2013. It is the principal regulatory legislation governing its field and it imposes onerous duties upon reporting entities in an effort 11 12 13 Section 78(c). Section 78(e). Sections 40 and 78. to detect and deter money laundering and the financing of terrorism. The express statutory purposes are:14 (a) to detect and deter money laundering and the financing of terrorism; (b) to maintain and enhance New Zealand’s international reputation by adopting, where appropriate in the New Zealand context, recommendations issued by the Financial Action Task Force; and (c) to contribute to public confidence in the financial system. Legislative background [18] The Financial Action Task Force is an intergovernmental body established to develop and promote national and international policies to combat money laundering and terrorist financing. It makes recommendations to governments about the most desirable framework to achieve these goals. Following an evaluation of New Zealand’s regime by the Task Force in 2003, several gaps were identified – primarily customer due diligence, record keeping, and the supervision of financial sectors. The Act provides New Zealand’s response. [19] The overarching objectives of the legislation were described in the general policy statement forming part of the Explanatory Note to the Anti-Money Laundering and Countering Financing of Terrorism Bill 2009. They are to:15 (a) improve the detection and deterrence of money laundering and the financing of terrorism; 14 15 (b) enhance New Zealand’s international reputation; (c) contribute to public confidence in the financial system; Anti-Money Laundering and Countering Financing of Terrorism Act, s 3(1). Anti-Money Laundering and Countering Financing of Terrorism Bill 2009 (46-1) (Explanatory Note). (d) realise these objectives with minimum cost by tailoring the framework to New Zealand’s broader financial system; (e) ensure that the new framework is compatible with international models; and (f) incorporate a risk-based approach to provide businesses scope for assessing and responding to the risks of their particular operating environment. [20] The Department submitted, and I accept, that the Act constitutes a significant step up in the regulatory framework governing financial institutions and transactions in New Zealand. It follows that it is incumbent on the courts to deal sternly with non-compliance by those whose activities the Act regulates, to ensure that New Zealand’s international reputation for anti-corruption and financial transparency remains in high regard. Overview of the Act’s requirements [21] Part 2 of the Act outlines the AML/CFT requirements. In brief: (a) Subpart 1 addresses customer due diligence obligations which must be observed before a reporting entity can carry out a transaction for that customer, prescribing a hierarchy of standards (simplified, standard and enhanced) depending on the nature and circumstances of the customer. (b) Subpart 2 places a statutory duty on a reporting entity to convey to the Commissioner of Police information that comes to its attention in respect of which it has reasonable grounds to suspect it may be relevant to the investigation or prosecution of money laundering, or the enforcement of the Misuse of Drugs Act 1975, the Terrorism Suppression Act 2002, the Proceeds of Crime Act 1991, or the Criminal Proceeds (Recovery) Act 2009. (c) Subpart 3 specifies that reporting entities must keep records relating to every transaction, with strict requirements of details to allow the ready reconstruction of transactions and the identification and verification of the persons involved. (d) Subpart 4 provides that every reporting entity must have a compliance programme and a compliance officer and sets minimum standards for such programmes. [22] Ping An is said to have failed to comply with provisions in subparts 1, 2, and 3, but no allegations are made regarding non-compliance with subpart 4, which is headed “Compliance with AML/CFT requirements”. The Act’s enforcement regime [23] Part 3 of the Act provides a civil and criminal enforcement regime for non- compliance with the Act’s requirements. [24] Several civil enforcement mechanisms are available to the relevant AML/CFT supervisors under subpart 2. On the application of a supervisor, the High Court may grant a performance injunction16 or a restraining injunction,17 or order that a person pay a pecuniary penalty.18 Powers available to a relevant supervisor include the ability to issue a formal warning19 or accept an enforceable written undertaking.20 [25] The Court may order a pecuniary penalty under s 90 if it is satisfied that the reporting entity has engaged in conduct that constitutes a “civil liability act” as defined in s 78: 16 17 18 19 20 Section 85(1). Section 87(1). Section 90(1). Section 80. Section 81. 78 Meaning of civil liability act In this Part, a civil liability act occurs when a reporting entity fails to comply with any of the AML/CFT requirements, including, without limitation, when the reporting entity— [26] (a) fails to conduct customer due diligence as required by subpart 1 of Part 2: (b) fails to adequately monitor accounts and transactions: (c) enters into or continues a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity: (d) enters into or continues a correspondent banking relationship with a shell bank: (e) fails to keep records in accordance with the requirements of subpart 3 of Part 2: (f) fails to establish, implement, or maintain an AML/CFT programme: (g) fails to ensure that its branches and subsidiaries comply with the relevant AML/CFT requirements.21 The maximum penalties for civil liability acts are prescribed by ss 90(2) and (3), while s 90(4) identifies the factors to which the Court must have regard. The standard of proof in proceedings for a civil penalty is that applicable in civil proceedings; namely, on the balance of probabilities.22 [27] Although the adoption of the civil standard of proof is unsurprising, it is important. Whether adequate records are kept by a reporting entity is entirely in the hands of the entity. As this case amply demonstrates, the greater the failure to comply with that core obligation, the harder it is for a relevant supervisor to reconstruct transactions and to monitor compliance with other obligations. This entitles the Court, in keeping with the purposes of the Act, to draw adverse inferences from the dearth of records and to find as a consequence in appropriate cases that there was at least probable non-compliance with AML/CFT obligations. The notion that serious non-compliance with core obligations might preclude the imposition of civil liability penalties is repugnant to the purposes of the Act. 21 22 Note the insertion, on 1 July 2017, of a new subsection (da) by the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2015. Section 72(2). First cause of action: failure to conduct customer due diligence [28] Section 11 of the Act requires a reporting entity to conduct customer due diligence (CDD) on a customer, any beneficial owner of a customer, and any person acting on behalf of a customer. Where CDD is required, the reporting entity must first identify which of the three specified standards of due diligence is to apply. The circumstances where standard, simplified and enhanced CDD apply are described in ss 14, 18, and 22 of the Act respectively. [29] The Department’s first cause of action is an allegation that, by failing to conduct any customer due diligence to the requisite standard, Ping An engaged in a civil liability act under s 78(a). [30] The evidential foundation for the Department’s first cause of action is that Ping An was required to carry out CDD in respect of 1569 of the 1588 transactions it undertook in the relevant period. Those transactions were identified by Mr Milnes through a careful review of the bank accounts used by Ping An and, so far as was possible, a reconstruction of Ping An’s activities. [31] Under s 14 of the Act, standard CDD must be applied where a reporting entity establishes a business relationship with a new customer; a customer seeks to conduct an occasional transaction through the reporting entity; or, in relation to an existing customer, and according to the level of risk involved, there has been a material change in the nature or purpose of the business relationship and the reporting entity considers that it has insufficient information about that customer.23 [32] The Department says that of these 1569 transactions, 1050 required standard CDD as they were over $1,000 but less than $50,000, while 519 required enhanced CDD by virtue of being over $50,000. The Act does not delineate these categories by the value of the transaction. Rather, enhanced CDD is to be applied on a case by 23 Note s 14(2), inserted on 11 August 2017 by section 10(2) of the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017, requiring that when a reporting entity becomes aware that an existing account is anonymous, the reporting entity must conduct standard customer due diligence in respect of that account as soon as practicable. case basis where certain specified circumstances apply.24 In this case, two of the specified circumstances apply. First, enhanced CDD may be required because of the degree of risk involved.25 In this respect, the Identification Verification Code of Practice (IVCOP) issued by the three AML/CFT supervisors – the Department, the Reserve Bank, and the Financial Markets Authority – contains compliance guidance. It states that “the Act requires enhanced due diligence in certain circumstances, however, the Act does not predetermine that customers for whom enhanced due diligence is required be assessed as high risk.”26 [33] Second, s 22(1)(c) says enhanced CDD will be required where “a customer seeks to conduct, through the reporting entity, a complex, unusually large transaction or unusual pattern of transactions that have no apparent or visible economic or lawful purpose”. The section is ambiguous. It is not clear whether the drafting purpose was to refer to two types of transaction or three. If the phrase “a complex, unusually large transaction” is interpreted conjunctively it would mean the section refers to only two types of transaction: first, transactions which are both complex and unusually large and, second, transactions forming part of an unusual pattern. It is also possible to interpret the comma between “complex” and “unusually large” as dividing the first and second types in a list of three: that is, complex transactions, unusually large transactions and transactions forming part of an unusual pattern. [34] In my view, the intention must have been to refer to three types. First, a transaction may be complex without being unusually large. A complex transaction may well have been designed to disguise money laundering or the financing of terrorism. Second, a transaction that is “unusually” large may not be complex but because of its size might reasonably attract close attention through enhanced CDD. Third, reading the section as applying to both complex and unusually large transactions fits more comfortably with the purposes of the provision, to provide a trigger for enhanced CDD. Fourth, it aligns with the minimum AML/CFT programme requirements set out in s 57(1)(g)(i) which require a reporting entity to have a programme which includes adequate and effective procedures, policies, and 24 25 26 Section 22. Section 22(1)(d). Identity Verification Code of Practice 2011 – Explanatory Note at 3; Amended Identity Verification Code of Practice 2013 – Explanatory Note at 3. controls for examining, and keeping written findings relating to, among other things, “complex or unusually large transactions” (emphasis added). [35] Mr Milnes says that, in his experience, reporting entities that provide money remittance services to student and migrant customers typically utilised a threshold for enhanced CDD ranging from $10,000 to $50,000. The Department submits that transactions over that amount should have raised concerns about the level or risk involved. I am satisfied that transactions of $50,000 or more are unusually large for money remitters of Ping An’s type and should have given Ping An cause for concern relating to the level of risk. They are unusually large in the context of Mr Xiao’s description of Ping An’s business (as recorded by Compliance Officer Balmer’s first on-site inspection job sheet) that Ping An only conducts relatively low value currency exchange transactions with some remittance, and that customers are principally Chinese migrants and students. In the face of this evidence, given that the respondents have provided no evidence to suggest the contrary, it is reasonable to infer that by virtue of the amounts, frequency, and timing of these transactions Ping An should have recognised they were either complex or unusually large transactions or that they presented an unusual pattern, without an apparent lawful or economic purpose. In any event, the transactions were of the requisite level of risk in terms of s 22(1)(d). The company should have conducted enhanced CDD. [36] The standard CDD requirements for identity information are found in ss 15 and 16. Section 15 requires the reporting entity to obtain the identity information (full name, date of birth, address and some other specified information) and s 16 requires the reporting entity to take reasonable steps to verify that information according to the level of risk. [37] Section 23 of the Act contains the requirements for enhanced CDD, specifically requiring the reporting entity to obtain the following additional information: (a) information relating to the source of the funds or the wealth of the customer; and (b) [38] any additional information prescribed by regulations. Section 24 provides that, in addition to the verification in s 16 being carried out, enhanced CDD requires the reporting entity to take reasonable steps to verify information relating to the source of the funds or the wealth of the customer according to the level of risk. [39] I summarise the evidence that Ping An did not carry out the CDD required of it under the Act: (a) On 8 July 2015, during its investigation into Ping An (which included reviewing other parties’ bank accounts), the Department issued a notice under s 132(2)(a) of the Act identifying 77 specific transactions carried out by Ping An. The notice required Ping An to provide a full list of the names, dates of birth, transaction dates, and transaction amounts for the customers to whom those related. This information was not provided to the Department. (b) Mr Xiao’s response was that, because Ping An had stopped their financial services since 1 April 2015 and closed their bank account, the transaction details could not be located. (c) Mr Xiao subsequently stated on 4 August 2015 that has Ping An does not have any financial activities now so there are no records kept. (d) During an interview with the Department on 12 August 2015, Mr Xiao said the office staff had reformatted the computer due to viruses and the cleaner had cleaned out all physical records. (e) Ping An was unable to provide any adequate transaction or identity and verification records relating to any of the 1588 transactions. [40] Ping An’s purported justifications are implausible and are not supported by any evidence. On the first on-site inspection on 15 December 2014, Compliance Officer Balmer inspected a sample of 44 customer identification records and indicated CDD on only eight customers complied with the IVCOP requirements, yet Compliance Officer Avery’s First On-Site Inspection Report detailing the results of that inspection concluded that there was a “near total lack of CDD; and that which is conducted, is incomplete” or inadequate. The Department has not suggested any explanation for this disparity. Nevertheless, while the Balmer job sheet indicates that eight of the on-site samples may have complied, the names of the eight individuals are not on the list of the 362 customers identified in the relevant period. This demonstrates the systemic nature of the failure to conduct CDD. In the absence of any available records, I conclude on the balance of probabilities that Ping An did not conduct adequate customer due diligence for at least 362 customers during the relevant period. [41] I am compelled to conclude that there was a widespread failure by Ping An to conduct customer due diligence as required by subpart 1 of Part 2 of the Act. Accordingly, I am satisfied that Ping An committed a civil liability act pursuant to s 78(a) of the Act. Second cause of action: failure to adequately monitor accounts and transactions [42] Where there is a business relationship between a reporting entity and a customer, s 31(2) of the Act provides that reporting entities must conduct ongoing CDD and undertake account monitoring in order to:27 (a) ensure that the business relationship and the transactions relating to that business relationship are consistent with the reporting entity’s knowledge about the customer and the customer’s business and risk profile; and (b) identify any grounds for reporting a suspicious transaction under section 40(1)(b). 27 Section 31(2). [43] A “business relationship” is defined in s 5 of the Act: business relationship means a business, professional, or commercial relationship between a reporting entity and a customer that has an element of duration or that is expected by the reporting entity, at the time when contact is established, to have an element of duration [44] I agree with Mr Johnstone’s submission for the Department that the existence or expectation of “an element of duration” gives the term “business relationship” a broad definition, intending to capture situations where a reporting entity has, or expects to have, a relationship with a customer involving more than one interaction or the carrying out of multiple transactions. It is likely that the determination of whether a business relationship exists in any case will turn on the particular facts and that the courts will improve the understanding of the scope of the term over time. [45] The definition of business relationship is informed by reference to the nature of the obligations imposed on reporting entities. The minimum obligations are set out in s 31(4): When conducting ongoing customer due diligence and undertaking account monitoring, a reporting entity must do at least the following: [46] (a) regularly review the customer’s account activity and transaction behaviour; and (b) regularly review any customer information obtained under sections 15, 17, 19, 21, 23, 25, 26, 27, 29, and 30, or, in relation to an existing customer, any customer information the reporting entity holds about the customer …. The reference to regular reviews reflects the element of an ongoing relationship in which it may reasonably be anticipated that the reporting entity will have some knowledge of the customer’s business. Moreover, the Act draws a distinction between circumstances where a reporting entity establishes a “business relationship” with a customer and where it conducts only an “occasional transaction”.28 Section 5 provides: occasional transaction— (a) 28 means a cash transaction that occurs outside of a business relationship and is equal to or above the applicable threshold value See for example ss 14, 16(2), 18, 20(2), 22, 24, 30, 32, and 33. (whether the transaction is carried out in a single operation or several operations that appear to be linked) …. [47] The use of the word “occasional”, rather than “single”, indicates that the definition contemplates instances where a customer has engaged in a previous transaction with the reporting entity but where there is no established relationship in which the carrying out of regular reviews by the reporting entity would be possible. There may be circumstances in which multiple transactions are so intermittent or infrequent that no business relationship is established. [48] The investigation into Ping An identified 122 customers with whom Ping An carried out three or more transactions. The absence of any records relevant to the establishment of business relationships creates some difficulty in assessing whether a business relationship existed in each case, but the Department submits that all 122 of these customers were in business relationships with Ping An. I accept this submission. Bearing in mind that multiple transactions occurred within a period of only one year, it is open to infer, in the absence of contrary evidence, that Ping An knew that its relationship with each of these customers had, or was expected to have, an “element of duration”. [49] The paucity of records makes it apparent that Ping An never reviewed the account activity, transaction behaviour, or customer information for these 122 customers. I agree with Mr Johnstone that the failure is all the more serious because it precluded Ping An from identifying any transactions that were suspicious and reporting them to the Police Financial Intelligence Unit (the FIU) in accordance with its obligations under subpart 2 of Part 2 of the Act. [50] I am satisfied to the required standard that Ping An committed a civil liability act pursuant to s 78(b) by failing to adequately monitor the accounts and transactions of the 122 customers with whom it had business relationships during the relevant period. Third cause of action: entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity [51] Section 37 provides that if an entity is unable to carry out CDD in respect of a customer, that entity must not establish a business relationship with that customer, nor carry out an occasional transaction for that customer, and must terminate any existing business relationship with the customer. [52] I have determined that, during the relevant period, Ping An entered into or continued business relationships with 122 customers, and that it failed by a significant margin to conduct sufficient CDD. Drawing the inference from the absence of sufficient records that the required information was never produced or provided to Ping An, I am satisfied that the company has accordingly breached the prohibition in s 37, and committed a civil liability act under s 78(c), by entering into or continuing 122 business relationships with customers who did not produce or provide satisfactory evidence of their identity. Fourth cause of action: failure to keep records [53] Subpart 3 of Part 2 of the Act establishes the record keeping requirements for reporting entities. Section 49(1) provides that: In relation to every transaction that is conducted through a reporting entity, the reporting entity must keep those records that are reasonably necessary to enable that transaction to be readily reconstructed at any time. [54] This is a cornerstone provision. Without records, the ability of the Department and other AML/CFT supervisors to detect money laundering and financing of terrorism is significantly impeded. The lack of records also increases the considerable time and expense involved in enforcement, the cost of which is ultimately borne by the taxpayer. [55] The Act requires reporting entities to keep detailed transaction, identity and verification records for the customers with whom they have business relationships.29 29 Sections 49 and 50. Reporting entities are also obligated to keep records relating to the establishment of business relationships, assessing risk, and the nature and purpose of, and activities relating to, those business relationships.30 The records must be written and kept in the English language, or be readily convertible into such.31 [56] In essence, the requirement of the record keeping provisions is that sufficient records must be kept to enable the relevant AML/CFT supervisor to readily ascertain: (a) how many transactions the reporting entity has carried out; and (b) the nature of those transactions, including their size; and (c) the identity of the parties to those transactions, including the documents used to verify the identity of those persons. [57] As discussed above at [40], the first on-site inspection of Ping An’s record keeping occurred on 15 December 2014. This initial review of 44 sets of CDD records showed that only eight met the IVCOP 2013 requirements. Mr Milnes’s evidence is that substantial and systemic CDD compliance failures were found. In respect of 16 sample sets of transaction records reviewed during the first on-site inspection, the Department recorded that a potentially significant number of customers had no related CDD identify verification documentation. [58] Despite some records being available during the first on-site inspection,32 Mr Xiao later made it clear that Ping An had no other records that could be made available to the Department.33 Mr Milnes’s evidence establishes that Ping An did not keep adequate CDD records or transaction records about any of the 1588 transactions in the relevant period. The breach of the record-keeping obligation was so gross that Mr Milnes was unable to recreate the transactions from Ping An’s records, defeating the essential purpose of the provisions. 30 31 32 33 Section 51. Section 52. See above at [40]. See above at [39]. He was required to manually reconstruct Ping An’s transactions from banking activities in order to identify that 1588 transactions had taken place. This difficulty was exacerbated by the fact that Ping An appears to have continued trading through the personal accounts of its employees after 12 September 2014. [59] Overall, Ping An failed to keep appropriate records for 1588 transactions totalling $105,413,026.44; the identity and verification of 362 customers; and the establishment and continuation of 122 business relationships. I find that Ping An engaged in conduct that constituted a civil liability act under s 78(e) by failing to keep records in accordance with the requirements of subpart 3 of Part 2 of the Act. Fifth cause of action: failure to report suspicious transactions [60] Subpart 2 of Part 2 of the Act contains the obligations on reporting entities in relation to suspicious transactions. Subpart 2 (ss 40 to 48) which was in force during the relevant period was replaced by a new subpart 2, comprising ss 39A to 48, as from 11 August 2017.34 A notable change is the widening of the scope of the obligations of reporting entities to cover “suspicious activities” rather than “suspicious transactions”. For the purposes of the discussion below of the meaning and application of the operative provisions regarding suspicious transactions, however, there are no material differences between the former provisions and the current law. [61] Under the Act, reporting entities are obliged to report any transaction that the reporting entity has “reasonable grounds to suspect” may be relevant to the investigation, enforcement or prosecution of certain specified offences.35 [62] 34 35 36 So far as is relevant, s 4036 formerly read: 40 Reporting entities to report suspicious transactions (1) Despite any other enactment or any rule of law, but subject to section 42 of this Act and to section 44(4) of the Terrorism Suppression Act 2002, this section applies if— Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017, s 25. Section 40 in the former subpart 2; ss 39A and 40 in the new subpart 2. The equivalent of which is now s 39A. (2) (a) a person conducts or seeks to conduct a transaction through a reporting entity; and (b) the reporting entity has reasonable grounds to suspect that the transaction or proposed transaction is or may be— (i) relevant to the investigation or prosecution of any person for a money laundering offence; or (ii) relevant to the enforcement of the Misuse of Drugs Act 1975; or (iii) relevant to the enforcement of the Terrorism Suppression Act 2002; or (iv) relevant to the enforcement of the Proceeds of Crime Act 1991 or the Criminal Proceeds (Recovery) Act 2009; or (v) relevant to the investigation or prosecution of an offence within the meaning of s 243(1) of the Crimes Act 1961. If this section applies, the reporting entity must, as soon as practicable but no later than 3 working days after forming its suspicion, report the transaction, or proposed transaction, to the Commissioner in accordance with section 41. The requisite mental element for failure to report suspicious transactions [63] The Act does not address expressly the question of whether a reporting entity was required under s 40 to file a suspicious transaction report in respect of any objectively suspicious transaction, or only in respect of any transaction which it subjectively considers to be suspicious. [64] It is arguable that the reference in subsection (2) to the reporting obligation requiring compliance within three working days of the reporting entity “forming its suspicion” indicates a subjective test. I accept, however, that the statutory purpose in s 3(1)(a) of detecting and deterring money laundering and the financing of terrorism is promoted by an objective test requiring reporting entities to report any transaction that is objectively suspicious. Where an objective observer would conclude that reasonable grounds for suspicion were known to the reporting entity, it is no defence that the reporting entity did not actually consider the transaction to be suspicious. That interpretation is more consistent with the use of the expression “has reasonable grounds to suspect” in s 40(1)(b), where the emphasis is placed on the entity having reasonable grounds, rather than having a suspicion. This may be contrasted with the expression “suspects on reasonable grounds”, used in the equivalent provision of the comparable Australian legislation where the emphasis falls on the suspicion.37 [65] It is also consistent with the approach to s 15 of the Financial Transactions Reporting Act 1996 (FTRA). In Police v Devereux, Heath J said that under s 15(1)(b) of the FTRA the mandatory reporting of a suspicious transaction applies to a transaction which is objectively suspicious.38 Section 15 is broadly comparable to the former s 40 of the AML/CFT Act, as both 15(1)(b) and s 40(1)(b) use the phrase “has reasonable grounds to suspect”. In essence, the effect of the provision is that if a reporting entity becomes aware of circumstances that a reasonable person would consider to provide grounds to suspect that a transaction or a proposed transaction is or may be relevant to one of the activities listed in s 40(1)(b)(i) – (v), a suspicious transaction report must be submitted to the Commissioner. [66] Section 40(2) is open to two possible interpretations as to when the mandatory period for reporting begins. Either: (a) the period “not later than 3 working days after forming its suspicion” does not begin until the reporting entity actually forms a suspicion about the transaction; or (b) the period for reporting begins when a reporting entity becomes aware of reasonable grounds objectively justifying a suspicion of a reportable transaction. [67] Consistently with the imposition of an objective rather than a subjective test for the nature of the obligation under s 40, the latter interpretation must be adopted. A subjective test would seriously undermine the purpose of s 40, which is to ensure 37 38 Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), s 41. Police v Devereux HC Auckland A03/02, 27 June 2006 at [49]. the prompt reporting of suspicious transactions when there are reasonable grounds to suspect there is potential criminal activity. A reporting entity might argue that, although it may have been aware of grounds a reasonable, objective observer would consider sufficient to warrant suspicion, the entity did not in fact reach that conclusion and so the period for reporting never began. It follows that the obligation to report must be held to arise when the reporting entity either becomes aware of the facts constituting the reasonable grounds for suspicion, or by reasonable diligence would have become aware of them. [68] With customary objectivity, Mr Johnstone suggested in the course of his oral submissions that a reporting entity might argue that it had so completely failed to comply with its record-keeping obligations that it was not possible to have reasonable grounds to form a suspicion, because so little information about the customers was held. I accept that it is possible that such a state of affairs could occur, making the breach of the record-keeping obligations all the more serious. This is the type of argument that I adverted to at [27] as being addressed by the civil standard of proof and the drawing of appropriate adverse inferences. The present case demonstrates also that reasonable grounds for suspicion may be proved to exist inferentially, by reference to external indicia. Drawing on the FIU Guideline,39 the following external indicators might reasonably lead to an objective conclusion that transactions are suspicious: (a) Cash deposits or withdrawals that fall consistently just below “occasional transaction” thresholds. (b) Several transactions conducted on the same day. (c) High value cash deposits. (d) Transactions that appear unnecessarily complex. (e) The use of multiple bank accounts or foreign currency accounts without any apparent legitimate reason. 39 Financial Intelligence Unit Suspicious Transaction Guideline 2013 (version 1.0, New Zealand Police, 2013) at 13 – 15. (f) Frequent and/or unscheduled cash deposits to loan accounts. (g) The account receives a large number of small cash deposits and a small number of large cash withdrawals. [69] An objective test for both the nature and the timing of the obligation also facilitates enforcement. AML/CFT supervisors may prove non-compliance with the reporting obligation more effectively if all that is required is proof that the reporting entity was aware, or ought to have been aware, of the grounds upon which a reasonable suspicion could be based. Such a strict requirement serves to encourage reporting entities to have in place systems to monitor and assess what reasonable grounds for suspicion might exist and when. [70] In the course of the Department’s submissions, I was referred to the FIU Guideline relating to the reporting of suspicious transactions issued by the Commissioner of Police in accordance with s 145 of the Act, following consultation conducted under s 146. On the issue of when the obligation to report suspicious transactions arises, the Guideline states:40 3.4 WHEN TO REPORT Once a suspicion is formed, a reporting entity must as soon as practicable, but no later than three working days after forming a suspicion, report the transaction to the FIU. In practice, where account monitoring processes identify a transaction, the three day requirement does not commence until a suspicion based on reasonable grounds is formed. Reasonable grounds may not exist until a member of your staff has had time to consider the transaction in light of the surrounding circumstances. Once the requisite suspicion is formed, the three day requirement commences. [Emphasis added] [71] In my view, the Guideline does not accurately reflect the law. It overlooks the significance of the wording of s 40(1) which casts the obligation in terms of a reporting entity having “reasonable grounds to suspect”, rather than “suspecting on reasonable grounds”. It may be correct to say that reasonable grounds may not exist 40 Financial Intelligence Unit Suspicious Transaction Guideline 2013 (version 1.0, New Zealand Police, 2013) at 11. until an entity has had time to consider the transaction in light of the surrounding circumstances but, as I have said, the obligation to report is to be judged by an objective test. [72] Accordingly, when the relevant supervisor identifies a transaction which it considers suspicious and asserts that a reporting entity has not complied with its obligation to report the transaction, three elements must be proved to establish conduct that constituted a civil liability act. The Court must be satisfied on a balance of probabilities: (a) that the conducted transaction was objectively suspicious, in the sense that reasonable grounds existed to suspect that the transaction was relevant to one of the activities in s 40(1)(b)(i) – (v); (b) of the date the reporting entity was aware or ought to have been aware of the grounds; and (c) that the reporting entity did not file a suspicious transaction report in respect of the transaction within three working days of the date on which the obligation crystallised. Whether Ping An’s conduct satisfied the requisite mental element [73] The Department says that 173 transactions carried out by Ping An during the relevant period were objectively suspicious and required the filing of a suspicious transaction report. [74] To ascertain which transactions carried out by Ping An were in that category, Mr Milnes obtained from the FIU a Compliance Report dated 6 July 2016. This report detailed a significant number of suspicious transaction reports received by the FIU from reporting entities other than Ping An in relation to Ping An’s transactions. I refer to several examples: (a) On 19 May 2014, four transfers from ......................to Ping An, totalling $170,000; (b) On 11 June 2014, a $50,000 cash deposit by Mr Xiao to a customer, ................... ; (c) On 9 July 2014 a $200,000 transfer from a customer, ..................., ................... to Ping An, followed by a $600,000 transfer from the same person to Ping An on 10 July 2014; (d) On 24 July 2014, a $444,444 wire transfer from Ping An to a customer, .............. ....., followed by three separate payments from Ping An to that customer on 28 July of $150,000, $250,000 and $300,000. [75] Moreover, within the relevant period the investigation identified that Mr Xiao deposited $941,000 in cash to third parties across 11 transactions, while Ms Xu deposited $911,000 in cash to third parties across 12 transactions. Some 98 payments into the bank accounts of Ping An and Ping An’s employees totalling $13,786,925.35 were reported to the FIU in suspicious transaction reports. Likewise, 75 transactions involving funds paid to beneficiaries from bank accounts of Ping An and Ping An’s employees totalling $16,259,807.28 were reported to the FIU in suspicious transaction reports. [76] Overall, the 173 transactions presented to the Court by the Department contained several indicia of suspicious transactions, including unnecessary use of several transactions to pay or receive funds from a single customer on a single day or within a short period; the presence of very large transactions; and significant highvalue cash deposits. [77] In the absence of any evidence that documentation was provided to Ping An to explain the legitimate purpose of the 173 transactions, I infer that it is probable that Ping An was aware of the external indicia of suspicious transactions referred to above at [68]. Even if Ping An was not actually aware of the circumstances suggesting the transaction were suspicious, there can be no doubt that reasonable diligence would have revealed them to the company. I am satisfied on the balance of probabilities, therefore, that Ping An was aware, or ought to have been aware, of reasonable grounds to suspect that the transactions were or may be relevant to one of the activities in s 40(1)(b). Ping An’s failure to submit a single suspicious transaction report in respect of any of the 1588 transactions it conducted during the relevant period indicates Ping An’s wholesale disregard for its obligations. [78] Accordingly, I am satisfied that, by failing to report at least 173 suspicious transactions in the relevant period, Ping An failed to comply with the AML/CFT requirements in ss 40 and 41 in Part 2 of the Act. That amounts to conduct that constituted a civil liability act as defined in s 78. The omission of the act from the list specified in paragraphs (a) to (g) of the section has consequences in terms of penalty, as is discussed below at [81] to [86]. Applicable legal principles for imposition of a civil pecuniary penalty [79] Section 90(1) confers upon the Court the power to order the imposition of a pecuniary penalty upon application for the relevant AML/CFT supervisor where a person has engaged in conduct that constituted a civil liability act. [80] In respect of each of the five civil liability acts I have held to be proved, the Department seeks an order against Ping An requiring it to pay a pecuniary penalty in such sum as this Court considers just. The maximum penalties [81] The maximum penalties for the civil liability acts specified in ss 78(a), (b), (c) and (e) which I have found to be proved in this case are set out in ss 90(2) and (3). For civil liability acts committed by a body corporate, the maxima are either $1 million or $2 million. No maximum penalty is provided in s 90 for a civil liability act that occurs when a reporting entity fails to comply with any of the AML/CFT requirements that are not specified in paragraphs (a) to (g) of s 78, such as a failure to report a suspicious transaction. [82] There can be no doubt that Parliament intended by s 90(1) that the Court should have the power to impose a pecuniary penalty for a civil liability act occurring when a reporting entity fails to comply with an unspecified AML/CFT requirement.41 What is highly unlikely, however, is that Parliament intended that the Court’s power should be unlimited, and it is difficult to see how the purposes of the Act would be served by reading the section in that way. The usual legislative approach where particular types of offending are included in a general offence provision is to provide maximum penalties for specified offences and a maximum to apply “in any other case”.42 The omission of a similar approach here is surprising. It is made all the more curious by the recent insertion of s 78(da) 43 which adds to the list of specified civil liability acts the failure to report transactions in accordance with subpart 2A of Part 2 (dealing with the reporting of prescribed transactions as defined in s 5). By virtue of s 90(3)44, that civil liability act carries a maximum penalty of $2 million. [83] It may be, as Mr Johnstone suggests, that the omission is merely an oversight by the framers of the Act but, whatever the reason, the Court must adopt a principled approach to addressing it. Although the circumstances are different from those which confronted the Court of Appeal in the Northland Milk case, I consider on the basis of what that Court did there that this Court is required to take a practical approach which accords best with the legislative intention so far as it may be ascertained from the stated statutory purposes and from relevant provisions of the Act.45 [84] Where the penalty for a civil liability act does not have a specified maximum, the Court should consider the extent to which the particular compliance failure undermines the statutory purposes and what would be an appropriate response. In the present case, the purposes of detecting and deterring money laundering and the financing of terrorism, and contributing to public confidence in the financial 41 42 43 44 45 Section 78 provides that a civil liability act occurs when a reporting entity fails to comply with any of the AML/CFT requirements. See, for example, the Wildlife Act 1953, ss 56(5) and 65(3); the Fisheries Act 1996, s 186B(8); and the Crimes Act 1961, ss 310 and 311. Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017, s 11. As amended by the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017, s 12. Northland Milk Vendors Association Inc v Northern Milk Ltd [1988] 1 NZLR 530 (CA) at 537538. system,46 call for stern penalties for failures to comply with a fundamentally important requirement such as reporting suspicious transactions. That indicates that, if Parliament had enacted a maximum penalty, it would have been equivalent to the highest maxima provided by the Act. [85] I consider that a principled approach is to consider the nature and importance of an unspecified civil liability act in comparison to the nature and importance of the specified acts. Applying that approach to the failure of Ping An to comply with its obligation to report suspicious transactions, the higher maximum penalties provided in s 90(3) are the most appropriate guide. First, a failure to report suspicious transactions is as serious a failure to comply with the AML/CFT requirements as failing to conduct customer due diligence, failing to keep records, and failing to establish, implement or maintain an AML/CFT programme for each of which the prescribed maximum penalty is $2 million. Second, it is clear that Parliament shares that view: s 92 of the Act provides that it is an offence to fail to report a suspicious transaction, the penalty for which, in the case of a body corporate, is a fine of up to $5 million. [86] Those considerations lead to the conclusion that it is appropriate to adopt as a practical guideline, but not as a court-legislated maximum, a notional ceiling on the penalty for the unspecified act which reflects the maximum penalties provided by Parliament for the specified acts. I propose, therefore, to determine the appropriate penalty for the failure to report suspicious transactions by adopting a notional ceiling of $2 million in the case of a body corporate. Approach to assessing appropriate penalties [87] While this proceeding is the first in which pecuniary penalties have been sought under the Act, the approach to determining the quantum of a pecuniary penalty is well-established in relation to the Commerce Act 1986 and the Unsolicited Electronic Messages Act 2007. Maintaining consistency with these established principles will promote greater certainty for the regulatory authorities and reporting entities, increasing the effective deterrence posed by pecuniary penalties. 46 Anti-Money Laundering and Countering Financing of Terrorism Act, ss 3(1)(a) and (b). Nevertheless, as there are substantially different maximum penalties in the three legislative regimes, the Court need not have regard to the actual penalties imposed under other legislation. [88] Drawing on the decisions under the Commerce Act and the specific statutory framework of the Act, I accept the Department’s view that the appropriate methodology to determine quantum is to adopt a four-step approach based on modifications of the sentencing approach in criminal cases. 47 Tailored for the scheme of the AML/CFT Act, this will involve: (a) Assessing the seriousness of the offending to select a starting point based on the seriousness of the non-compliance and the aggravating and mitigating factors relating to it. (b) Next, considering aggravating and mitigating factors relating to the circumstances of the reporting entity, to determine whether these warrant imposition of a higher or lower penalty. (c) Next, deducting from the starting point to reflect any admission of liability and/or co-operation with the authorities, especially in relation to others who have breached the Act. (d) Finally, taking into account totality considerations by looking at the number of separate breaches, ensuring there is no overlap between the penalties imposed for difference types of non-compliance, and considering whether the total penalty imposed fairly and adequately reflects the overall extent of non-compliance. [89] In this case, the civil liability acts requiring the imposition of a penalty fall into several different categories, and there are a large number of separate compliance failures within each category. The proof of non-compliance under several separate causes of action necessitates the imposition of separate penalties for each category, 47 R v Clifford [2011] NZCA 360, [2012] 1 NZLR 23 at [60]; R v Taueki [2005] 3 NZLR 372 (CA); Hessell v R [2010] NZSC 135, [2011] 1 NZLR 607; and Commerce Commission v Alstom Holdings SA [2009] NZCCLR 22 (HC) at [14]. reflecting the nature of the breaches within that category. That approach also provides comparability with other cases in which non-compliance may be established in only one category or in a different combination of categories. In the absence of decisions in other cases to provide guidance about what is reasonable, the maximum penalties for each category assume some importance. [90] It is important to recognise also that, while providing a broad framework, the analogy with the criminal sentencing process has its limitations. The application of a totality principle in determining appropriate pecuniary penalties for a number of different types of civil liability act cannot easily adopt the approach used in sentencing for criminal cases where an offender is sentenced to imprisonment for multiple offending. There the approach is to take the most serious of the offences and set an appropriate starting point based on the nature and circumstances of that offending. To that sentence, an uplift is applied to recognise the scale of the other offending and to reflect the seriousness of the offending overall. When it comes to imposing individual sentences for the each of the offences for which convictions have been entered, the sentence for the lead offence will usually be imprisonment for the term which has been determined to reflect the overall offending and the sentences for the other offences will be concurrent terms of imprisonment reflective of the seriousness of that particular offending. [91] An approach using concurrent terms of imprisonment is not readily adaptable to the assessment of pecuniary penalties where the financial penalties imposed for each civil liability act are necessarily cumulative. That suggests that the need to moderate the imposition of penalties on a basis which fairly and reasonably recognises the totality of the compliance failures may require a preliminary assessment of individual penalties, followed by an appropriate adjustment to each once the cumulative result of the preliminary determinations is known. [92] Another factor requiring caution in applying criminal sentencing principles is that the overriding objective of a pecuniary penalty is deterrence, including of other persons who might be tempted to breach the Act.48 Deterrence is only one of the 48 Chief Executive of the Department of Internal Affairs v Mansfield [2013] NZHC 2064 at [65]; Commerce Commission v EGL Inc HC Auckland CIV-2010-404-5474, 16 December 2010 at relevant principles and purposes of sentencing, and not necessarily the primary consideration. Deterrence is achievable only if the penalties address the financial gain or incentive that was, or could reasonably have been, obtained from the breach of the Act. While AML/CFT supervisory investigations can unearth contraventions committed by both corporations and individuals, the costs associated with such efforts consume public resources which could be directed to achieve other ends. With that in mind, pecuniary penalties must “deter the unscrupulous from taking a calculated business risk” and their significance must be such that, “having regard to particular gains which might be involved, it is in effect commercial suicide to seek those gains via contraventions”.49 [93] Pecuniary penalties are also intended to denounce misconduct. As the Law Commission said in its 2014 Report on Pecuniary Penalties:50 Pecuniary penalties are primarily concerned with deterring illegal conduct. In general, it can be said that they differ from many criminal offences in this respect because, while the criminal law aims to deter, its greatest emphasis is generally on denunciation. However, this does not mean that pecuniary penalties have no denunciatory impact or purpose. Pecuniary penalties deter by the threat of punishment. They single out a person or entity as having breached the law and inflict a negative consequence. Their purpose is also therefore both deterrent and denunciatory. [94] For these reasons, the potential penalties under the Act are severe. Quantum assessment Reference to maximum penalties in setting a starting point [95] The maximum penalties prescribed by the Act invite comparison between the worst possible case and the case before the Court, providing a benchmark by which the other relevant factors can be considered and weighed.51 49 50 51 By analogy with [13]; New Zealand Bus Ltd v Commerce Commission [2007] NZCA 502, [2008] 3 NZLR 433 at [197]. Australian Communications and Media Authority v Mobilegate Ltd A Company Incorporated in Hong Kong (No 4) [2009] FCA 1225, (2009) 180 FCR at [32]. Law Commission Pecuniary Penalties: Guidance for Legislative Design (NZLC R133, 2014) at [4.17]. Usefully summarised by in Markarian v R [2005] HCA 25, (2005) 215 ALR 213 at [30] – [31]. criminal sentencing principles, it is appropriate to set the starting point for the assessment of a pecuniary penalty that: (a) takes into account the seriousness of the type of non-compliance in comparison with other types of non-compliance, as indicated by the maximum penalties prescribed for the civil liability acts;52 (b) imposes the maximum penalty prescribed for the particular civil liability act if the non-compliance is within the most serious of cases for which that penalty is prescribed, unless circumstances relating to the reporting entity make that inappropriate;53 and (c) results in a penalty near to the maximum prescribed for the particular civil liability act if the non-compliance is near to the most serious of cases for which that penalty is prescribed, unless circumstances relating to the reporting entity make that inappropriate.54 [96] It is appropriate also to consider any legislated increase in maximum penalties, which may be seen as an indication by Parliament of a stronger signal “that the deterrence objective will only be served if [non-compliant] behaviour is profitless.”55 The comparator for penalties under the AML/CFT Act is the predecessor legislation, the Financial Transactions Reporting Act 1996 (the FTRA). Compared to the fines for offences under the FTRA, the penalties for noncompliance with record-keeping and identity verification/CDD obligations under the AML/CFT Act increased from $100,000 to $2 million for a body corporate.56 Under the FTRA, the failure to report suspicious transactions also incurred a fine of $100,000 for a body corporate.57 [97] The maximum penalties for the five causes of action in which I have found civil liability acts were committed are: 52 53 54 55 56 57 Compare Sentencing Act 2002, s 8(b). Compare Sentencing Act, s 8(c). Compare Sentencing Act, s 8(d). Telecom Corporation of New Zealand Ltd v Commerce Commission [2012] NZCA 344 at [53]. Financial Transactions Reporting Act 1996, ss 13(2) and 36(2). Financial Transactions Reporting Act, s 22. (a) For failing to carry out customer identity and verification of identity checks as part of customer due diligence, $2 million.58 (b) For failing to adequately monitor accounts and transactions, $1 million.59 (c) For entering into or continuing business relationships with customers who did not produce or provide satisfactory evidence of their identity, $1 million.60 (d) For failing to keep records in accordance with the requirements of subpart 3 of Part 2 of the Act, $2 million.61 (e) [98] Failing to report suspicious transactions, $2 million.62 Overall this means that, ignoring the prospect of imposing a separate penalty for every individual customer or transaction, the total maximum penalty for all five causes of action (including the notional ceiling of $2 million I have indicated for failing to report suspicious transactions) is now $8 million, compared to $500,000.00 under the FTRA. [99] For corporations that fail to comply with the more serious obligations under the AML/CFT Act, the maximum penalties are 20 times greater than the fines for the equivalent breaches under the FTRA. The increase represents recognition by Parliament, informed by the global research and frameworks laid down by working groups and then implemented by sovereign states, that the massive monetary resources available to modern financial institutions necessitate significantly larger penalties than were formerly available, in order to effectively achieve the Act’s objectives. That indicates that Parliament intended the Court to impose stern penalties under the Act. 58 59 60 61 62 Sections 78(a) and 90(3)(b). Sections 78(b) and 90(2)(b). Sections 78(c) and 90(2)(b). Sections 78(e) and 90(3)(b). Section 78; notional ceiling identified at [81]  [86]. [100] In summary, any penalty imposed under the Act must be so significant as to deter and denounce non-compliance; reflect the prescribed maximum penalty prescribed; and recognise Parliament’s intention that significantly greater penalties should be awarded than in cases under the FTRA. Aggravating and mitigating factors in setting the starting point [101] Section 90(4) of the Act outlines the considerations to which the Court must have regard in determining the appropriate pecuniary penalty: (4) In determining an appropriate pecuniary penalty, the court must have regard to all relevant matters, including— (a) the nature and extent of the civil liability act; and (b) the likelihood, nature, and extent of any damage to the integrity or reputation of New Zealand’s financial system because of the civil liability act; and (c) the circumstances in which the civil liability act occurred; and (d) whether the person has previously been found by the court in proceedings under this Act to have engaged in any similar conduct. [102] I agree with the submission for the Department that, in addition to the four considerations specified, other relevant matters for consideration in the present case are:63 (a) the degree to which the conduct was initiated or condoned by officers or senior management within the company; (b) what steps were taken by the company to ensure compliance with the Act, including formal policies and steps taken to educate its officers and employees; and 63 These were some of the relevant considerations taken into account by Logan J in the Federal Court of Australia in Australian Communications and Media Authority v Mobilegate Ltd A Company Incorporated in Hong Kong (No 4) [2009] FCA 1225, (2009) 180 FCR at [27] – [28], used in New Zealand in the pecuniary penalty context in Carter Holt Harvey Building Products Group Ltd v Commerce Commission (2001) 10 TCLR 247 (CA) at [46], and reflected in Telecom Corporation of New Zealand Ltd v Commerce Commission [2012] NZCA 344 at [13]. (c) whether there has been full and frank disclosure and cooperation with the Department. [103] The statutory and additional considerations encompass the potentially aggravating and mitigating factors pertinent to the non-compliance, as well as those personal to the reporting entity. I assess each in turn. The nature and extent of Ping An’s civil liability acts [104] I agree with the Department’s characterisation of Ping An’s breaches as at the higher end of non-compliance with the Act’s requirements. [105] The extent of the civil liability acts is significant. Ping An was seriously deficient in complying with a multiplicity of obligations under the Act, resulting in widespread contraventions across several key areas which were not isolated or infrequent. The breaches represent a systemic failure to carry out customer due diligence in respect of 1569 transactions out of 1588 transactions totalling $105.4 million. This meant at least 362 customers were not subject to adequate CDD, with 519 transactions being undertaken without the required enhanced CDD. At least 122 business relationships were established by Ping An without being monitored. No adequate records were kept for those transactions or the persons conducting them. No suspicious transaction were identified or reported. [106] In July 2014, Ping An prepared documents concerning the AML/CFT programme and their risk assessment, in particular outlining the Act’s requirements regarding CDD, reviewing transactions, and record keeping. That indicates Ping An was aware of its obligations. I infer that its non-compliance amounted to a calculated and contemptuous disregard for the AML/CFT requirements. That is a seriously aggravating feature of the non-compliance. The likelihood, nature, and extent of any damage to the integrity or reputation of New Zealand’s financial system because of the civil liability acts [107] Ping An’s wholesale disregard for complying with the Act’s requirements demonstrates the extent to which these civil liability acts undermine the proper function of New Zealand’s AML/CFT regime. The company’s conduct has done this in three ways: (a) Customer due diligence helps reporting entities to understand customers and the associated risk. Without CDD, a reporting entity is vulnerable to being exploited and offering a safe harbour for money laundering or financing terrorism. As the AML/CFT regime is heavily reliant on reporting entities providing information relating to customer identity to the police, the entire efficacy of the system is undermined by non-compliance. (b) Record keeping is the primary means by which the Department can supervise a reporting entity’s compliance with the Act. Not keeping records makes it difficult, sometimes impossible, to reconstruct transactions. This disrupts the ability to discern problematic patterns of transactions. (c) Suspicious transaction reporting is the essential mechanism by which the authorities receive intelligence and are alerted to potential criminal activity. This emphasis on early detection is to facilitate prompt investigation. None of the transactions during the relevant period which were suspicious was reported, thereby avoiding scrutiny when the participants may have been involved in criminal or terrorist activities. [108] Ping An’s conduct has risked damaging the integrity of New Zealand’s AML/CFT system by assisting transactions to occur anonymously, depriving the Department of its ability to monitor and detect activity of possible concern, and denying the Financial Intelligence Unit access to information related to suspicious transactions. The sanction imposed should reflect this. The circumstances in which the civil liability act occurred [109] There do not appear to be any specific circumstances in which the civil liability acts occurred, not addressed under other headings, which might mitigate or aggravate Ping An’s conduct. Starting points [110] Bearing in mind these considerations, I turn to assess the appropriate preliminary starting points to reflect the seriousness of the various instances of noncompliance in the five civil liability acts I found to be proved, before adjustment for factors personal to Ping An and totality. In coming to these views, I have taken into account that I do not have the benefit of guidance from the appellate courts. I have adopted, therefore, what might be seen to be a more conservative approach than would otherwise have been warranted for non-compliance of such scale. I have also recognised that there is a degree of overlap between some of the categories of noncompliance and have endeavoured, on that account, to avoid penalising the reporting entity twice for what is essentially one type of default. [111] In coming to the view that separate penalties should be imposed for separate civil liability acts, notwithstanding that the types of non-compliance involve a degree of overlap, I have considered but rejected the possible argument that the “one penalty only” rule in s 74 may preclude the imposition of five separate pecuniary penalties in this proceeding. Section 74 reads: 74 One penalty only rule (1) If civil penalty or criminal proceedings under this Part are brought against a person in relation to particular conduct, a court may not impose a penalty (whether civil or criminal) on the person if a court has already imposed a penalty under this Part in proceedings relating to the same or substantially the same conduct. (2) If a person is or may be liable to more than 1 civil penalty under this Part in respect of the same or substantially the same conduct, civil penalty proceedings may be brought against the person for more than 1 civil penalty, but the person may not be required to pay more than 1 civil penalty in respect of the same or substantially the same conduct. [112] While acknowledging that there is a degree of overlap in non-compliance between, for example, Ping An’s failure to carry out customer due diligence, entering into business relationships without satisfactory evidence of identity and its failure to keep records, I am satisfied that the particular conduct relied upon by the Department to found each claim is discrete.64 First cause of action: failure to conduct customer due diligence [113] I have held that it was reasonable to infer that Ping An engaged in over 1,588 transactions, involving a total of $105.4 million, by or on behalf of customers who had not been identified or who had not had their identity verified, and that this was a widespread failure by Ping An to conduct customer due diligence as required by the Act.65 Assessed against a benchmark of a maximum penalty of $2 million, I consider that a pecuniary penalty of at least $1.3 million (65 per cent) is necessary to mark the extent of the breach of a fundamentally important AML/CFT requirement and to act as a deterrent. That may be conservative, given the systemic nature of the failure to comply and the number of individual breaches. I am satisfied that it leaves sufficient headroom to accommodate even more serious cases. Second cause of action: failure to adequately monitor accounts and transactions [114] I have agreed66 that the absence of records makes it apparent that Ping An never satisfactorily reviewed the account activity, transaction behaviour, or customer information for 122 customers with whom it had a business relationship. Ping An was precluded from identifying suspicious transactions and reporting them to the Financial Intelligence Unit. The failure to monitor, however, overlaps with the reporting failure considered in the fifth cause of action and, in those circumstances, a starting point of $500,000 (50 per cent of the maximum) is appropriate. 64 65 66 Above at [28] – [41]; [51] – [52]; [53] – [59]. Above at [40] – [41]. Above at [50]. Third cause of action: entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person's identity [115] As I have observed, the obligation to obtain customer identity information overlaps with the customer due diligence obligation and with the failure to keep records. The non-compliance here, however, was in relation to Ping An’s separate failure to comply with its particular obligations arising in the context of its business relationships. Those obligations are of a different kind and calibre under the Act, and have a different purpose, from the CDD and record-keeping obligations. Against a maximum penalty of $1 million, a pecuniary penalty of $500,000 represents an appropriate starting point. Fourth cause of action: failure to keep records [116] Although it is closely associated with the failure to carry out customer due diligence, I have observed that the failure to keep records significantly impedes the ability of an AML/CFT supervisor to detect money laundering and financing of terrorism. It also imposes a significant burden on supervisors in their enforcement of the AML/CFT regime. Although a failure to comply with this obligation is regarded as one of the more serious, having a maximum penalty of $2 million, I consider that a starting point of $1 million gives appropriate recognition to the degree of overlap with other obligations. Fifth cause of action: failure to report suspicious transactions [117] I have determined that a notional ceiling of $2 million is appropriate for this category of non-compliance, regarding it as serious as the failure to carry out customer due diligence and to keep records. There is no evidence that Ping An reported any suspicious transactions during the one-year period covered by the investigation, notwithstanding that there were 173 transactions in that period in which external indicia of suspicious transactions were present. Moreover, as the discussion above at [74]-[75] demonstrates, Mr Xiao and Ms Xu were directly involved in the activities giving rise to suspicion, leading to an inference that they may well have been parties to wilful money laundering. In my view, a starting point of not less than $1.3 million is appropriate to reflect the serious nature of this aspect of non-compliance. [118] I consider next whether there are any relevant aggravating or mitigating factors personal to the reporting entity which might justify either discounting or uplifting the penalties from the starting points. Consideration of personal aggravating or mitigating factors Whether the entity has previously engaged in any similar conduct [119] Ping An has not previously been found by the Court to have engaged in similar conduct. Whether an entity previously engaged in any similar conduct is a consideration which may either aggravate or mitigate the seriousness of the index non-compliance. It might be appropriate to uplift the penalty from the starting point for those persons who have engaged in such conduct previously, having regard to an increased need for deterrence. Conversely, a breach by a reporting entity that otherwise has a history of compliance may be recognised by a discount from the initial starting point in appropriate cases. In this case, however, Ping An’s significant and serious failures to comply with the Act’s requirements over a lengthy period mean I attribute no weight to this being the first time it has been found in breach. The degree to which the conduct was initiated or condoned by officers or senior management within the company [120] This consideration requires an assessment of whether non-compliance with the AML/CFT requirements can be demonstrated to be part of the culture of the business, as instilled by the officers and senior managers. In this case, the widespread and wholesale failure of Ping An to meet its obligations must have occurred with the knowledge and support of Mr Xiao as an active director and shareholder fully engaged in the day to day operation of the business. It is not difficult to infer that non-compliance was a cultural norm within the business. Since I have taken that culture of non-compliance into account in setting the starting points, however, I do not consider it appropriate to impose any further uplift. What steps were taken by the company to ensure compliance with the Act? [121] This factor relates to the extent to which those ultimately responsible for the reporting entity’s compliance with the Act endeavoured to meet their responsibilities through the introduction of systems, training and supervision of staff carrying out the company’s operations. I have noted already that Ping An had prepared documents concerning the AML/CFT programme and their risk assessment, in particular outlining the Act’s requirements regarding CDD, reviewing transactions, and record keeping. But that was a minimum requirement and, in light of the widespread failure to comply with the continuing obligations under the Act, no discount is warranted on that account. There is no evidence of any steps having been taken by the company to ensure compliance with the Act, including no apparent efforts to educate and supervise employees. The starting points reflect these failures. Whether there has been full and frank disclosure and cooperation [122] Prompt co-operation with the relevant supervisor and early admission of liability can mitigate the penalty, in the way a guilty plea and cooperation with the authorities usually warrants a discount in sentencing in the criminal context. This is not the case here; Ping An has never taken responsibility for its manifold breaches of obligation, nor offered co-operation in rectifying them. The absence of any acknowledgment of the compliance failures, lack of contrition and failure to cooperate are best considered as the absence of mitigating factors, rather than aggravating factors.67 [123] Ping An and Mr Xiao, however, did not simply fail to co-operate; they provided misleading information to the Department. During the Department’s investigation of the activities of Ping An and Mr Xiao, Mr Xiao advised the Department on at least six occasions that Ping An would cease financial activities and said that it had done so had by 1 April 2015, seemingly in an effort to prevent further investigation into Ping An’s business. The Department’s enquires indicate that Ping An, and probably Mr Xiao personally, continued to carry out money remittance activities after the end of March 2015. The evidence includes: 67 See, by analogy in the context of considering absence of remorse in sentencing for criminal offending, Te Awa v R [2014] NZCA 615 at [41]. (a) Bank account activity in Ping An’s two BNZ bank accounts reflecting payments for salary, rent, utilities, ACC and Inland Revenue continued well past 31 March 2015. (b) Various immigration applications for people sought to be employed by Ping An which Mr Xiao described as a young business seeking to expand. (c) Transactions in Mr Xiao’s personal bank accounts that were inconsistent with personal usage and indicate money remittance activity. (d) Mr Xiao’s disclosure to the Ministry of Social Development that he continued to receive a salary from Ping An. (e) In particular, suspicious transaction reports continued to be filed by various reporting entities in respect of transactions carried out by Ping An, Mr Xiao, and Ms Xu well beyond 31 March 2015. [124] The attempts by Mr Xiao to mislead the Department in its investigation accentuate Ping An’s non-compliance and further heighten the seriousness of the contraventions. Such efforts to frustrate the AML/CFT supervisors in their enforcement role must be met with a stern rebuke from the Court. [125] Mr Xiao and Ping An are not charged with misleading the Department as the AML/CFT supervisor, which is a separate offence under s 103 of the Act, but the misleading behaviour warrants an uplift of 15 per cent from the starting point in each category of non-compliance. As indicated below at [135], the efforts to mislead are also relevant to the application for an injunction restraining them from participating in the industry. Summary of the penalties imposed [126] Taking into account the 15 per cent uplift, the pecuniary penalties I propose to order in respect of the causes of action are: (a) Failing to conduct customer due diligence  $1,495,000.00. (b) Failing to adequately monitor accounts and transactions  $575,000.00. (c) Entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity  $575,000.00. (d) Failing to keep records  $1,150,000.00. (e) Failing to report suspicious transactions  $1,495,000.00. [127] The total of the penalties, therefore, will be $5,290,000.00. Whether any adjustment is required to reflect the totality of the non-compliance [128] Standing back from the individual penalties imposed for each category of non-compliance, I have considered whether the total of the individual penalties fairly reflects the nature of the non-compliance overall. I am satisfied that it does. I have explained my reasons for determining that there was a culture of non-compliance in the business in which the sole director and shareholder played an active role in what the Department properly regarded as 173 suspicious transactions conducted over a period of one year. The penalties represent only five per cent of the value of the transactions so far as they could be ascertained by the Department. Any reduction in the penalties on a totality basis would fail to give adequate recognition to the need for deterrence and the denunciation of serious, systemic non-compliance.68 Injunction [129] The Department seeks an injunction restraining both Ping An and Mr Xiao from carrying out any financial activities that would cause either of them to be deemed to be a financial institution as defined in s 5 of the Act. 68 See above at [79] – [94]. [130] Sections 87 and 88 provide the Court’s jurisdiction to grant a restraining injunction and define the circumstances in which an order may be made: 87 Restraining injunctions (1) The High Court may, on the application of the relevant AML/CFT supervisor, grant an injunction restraining a person from engaging in conduct that constitutes or would constitute a contravention of a provision of this Act. (2) The court may rescind or vary an injunction granted under this section. 88 When High Court may grant restraining injunctions and interim injunctions (1) The High Court may grant an injunction restraining a person from engaging in conduct of a particular kind if— (a) it is satisfied that the person has engaged in conduct of that kind; or (b) it appears to the court that, if an injunction is not granted, it is likely that the person will engage in conduct of that kind. (2) The court may grant an interim injunction restraining a person from engaging in conduct of a particular kind if, in its opinion, it is desirable to do so. (3) Subsections (1)(a) and (2) apply whether or not it appears to the court that the person intends to engage again, or to continue to engage, in conduct of that kind. (4) Subsections (1)(b) and (2) apply— (a) whether or not the person has previously engaged in conduct of that kind; or (b) where there is an imminent danger of substantial damage to any other person if that person engages in conduct of that kind. [Emphasis added] [131] The Department acknowledges that, in principle, Ping An and Mr Xiao are entitled to carry on business in the financial sector, but it submits that a narrow interpretation of the statutory wording of s 87 would do no more than permit the Court to issue an injunction restraining a person from breaching the Act. I am invited, therefore, to give s 87 a broader interpretation that provides the Court with jurisdiction to grant the injunction in the terms sought. [132] I agree that an interpretation of s 87 confining the Court merely to requiring a person to comply with the law would render its purpose nugatory. Moreover, a narrow reading deprives the phrase “or would constitute a contravention” of real meaning. When the text is read in light of its purpose,69 the more appropriate interpretation is that the Court is empowered to restrain a person from undertaking activity capable of giving rise to contraventions of the Act. That seems to be the purpose of the references in s 88(1) to engagement “in conduct of a particular kind”. [133] Restraining a person having a history of non-compliance from participating in activities caught by the AML/CFT Act will maintain and enhance New Zealand’s international reputation in this area of financial activity, and is likely to contribute to public confidence in New Zealand’s financial sector. The threat of exclusion will also deter non-compliance by others. [134] Given that Ping An has engaged in repeated contraventions of the Act, the first limb of s 88(1) is made out. Moreover, I am satisfied that, if an injunction was not granted, Ping An is likely to engage in similar financial activity in such a way to contravene the Act. The second limb also is made out. [135] Mr Xiao has also demonstrated a complete disregard for the Act’s requirements, if not a wilful intention to flout them. His failures as a director and manager of the business led directly to the scale and severity of Ping An’s breaches. Moreover, his misleading behaviour during the course of the Department’s investigation indicates a strong probability that if he is not restrained from engaging in financial activities, Mr Xiao will continue to ignore obligations under the Act to which any other entity in which he is involved, in any capacity, may be subject. Both limbs of s 88(1) are met with regard to Mr Xiao also. [136] Since I am satisfied that the statutory regime for making injunctive orders under the Act provides sufficient jurisdiction to act in this case, I do not need to consider Mr Johnstone’s alternative argument based on the Court’s inherent jurisdiction. 69 Interpretation Act 1999, s 5. Conclusions and orders [137] I am satisfied on the balance of probabilities that Ping An has committed five civil liability acts under the Act, each justifying the imposition of pecuniary penalties payable to the Crown. I am also satisfied that an injunction should issue in the terms sought by the Department. [138] I make the following orders: (a) Ping An Finance (Group) New Zealand Company Limited shall pay to the Crown the following pecuniary penalties: (i) First cause of action (failing to conduct customer due diligence)  $1,495,000.00. (ii) Second cause of action (failing to adequately monitor accounts and transactions)  $575,000.00. (iii) Third cause of action (entering into or continuing a business relationship with a person who does not produce or provide satisfactory evidence of the person’s identity)  $575,000.00. (iv) Fourth cause of action (failing to keep records)  $1,150,000.00. (v) Fifth cause of action (failing to report suspicious transactions)  $1,495,000.00. (b) Ping An Finance (Group) New Zealand Company Limited and Xiaolan Xiao are restrained, until the further order of the Court, from carrying out any financial activities that would cause either of them to be deemed to be a financial institution as defined in s 5 of the Act. (c) I reserve leave to Ping An Finance (Group) New Zealand Company Limited and Xiaolan Xiao to apply to the Court, on not less than 28 days’ notice to the Chief Executive of the Department of Internal Affairs, for cancellation or variation of the order made in paragraph (b). Costs [139] I agree with Mr Johnstone that the presentation of the Department’s case has required preparation far in excess of what might be expected in a case of average complexity. The respondents shall pay the Department scale costs calculated on a category 2C basis across all steps in the proceeding, and disbursements. ............................................ Toogood J