A record enforcement action by the Guernsey Financial Services Commission (GFSC) has sent a clear signal to financial services firms: regulators are now willing to impose significant penalties for systemic failures in financial crime controls.
The nearly £2 million fine against insurance company Utmost Worldwide Limited illustrates how long-standing weaknesses in risk assessment, client monitoring and governance can accumulate into serious regulatory breaches. At the same time, Guernsey has, over the last few years, introduced sweeping “failure to prevent” offences that increase the legal exposure of companies and their senior managers.
Taken together, these developments highlight a growing compliance risk landscape for organisations operating in the Bailiwick.
Record £1.96 million fine over systemic AML failures
In March 2026, the GFSC imposed a financial penalty of £1,960,000 on Utmost Worldwide Limited, the largest fine ever issued by the regulator. The investigation concluded that the company had serious and systemic failings spanning a significant period.
Two senior employees were also fined:
- Chief Executive Officer Leon Steyn (£35,000)
- Deputy Money Laundering Reporting Officer James Watchorn (£10,500)
Watchorn was additionally banned from holding MLRO or MLCO roles for one year and five months. The regulator’s central finding was that the company fundamentally underestimated the financial crime risks inherent in its life insurance business.
A high-risk client base treated as low risk
The company’s business model created significant exposure to money laundering risk. Historically, Utmost had distributed insurance products through brokers operating in developing markets across South and Central America, some of which had weaker financial crime controls. The company was originally incorporated in Guernsey in 1993 as Generali Worldwide Insurance Company Limited before being acquired by Utmost Group in 2019.
At its peak the company had approximately 22,500 high-risk clients. Despite this, fewer than 3.5% of those clients were subject to annual review.
Most high-risk clients were only reviewed when a “trigger event” occurred, such as a policy surrender or premium change. This meant that many clients went years without any meaningful review of their risk profile.
The regulator found examples where clients were not reassessed for over a decade. In one case a customer became a politically exposed person (PEP) in 2008, which the company did not detect until 2021.
Weak customer due diligence and monitoring
The GFSC identified widespread weaknesses in customer due diligence across the company’s operations. In a sample of 72 high-risk client files, 71 contained deficiencies relating to source of wealth or source of funds information.
Even when reviews did occur, they were often ineffective. Key information was missing or outdated, adverse media screening failed to detect relevant risks, and remediation of deficiencies was frequently postponed. As a result the company was unable to demonstrate an up-to-date understanding of the financial crime risks posed by its clients.
One of the most striking findings involved a third-party broker operating in Central and South America. In 2014 the company discovered that employees of the broker had fraudulently altered proof-of-address documents for approximately 1,900 client accounts. This created an obvious money laundering risk.
The firm initially suspended business with the broker and promised to remediate the affected client files. Yet a decade later around 200 of those accounts still had unresolved documentation issues.
The regulator concluded that the firm had failed to act with the level of prudence and professional skill required of a regulated financial services business.
Poor handling of money laundering red flags
The investigation also found repeated failures to respond appropriately to suspicious activity. Eight unsolicited payments totalling approximately $250,000 were sent to the firm within a month. When asked for source of funds documentation they refused. They then requested that the money be returned to a different bank account. These are classic money laundering indicators. Yet the concerns were dismissed internally as “poor administration by the client”.
In another case a client from a high-risk jurisdiction paid premiums of $20,000 per month despite the company being unable to verify the source of their wealth. The GFSC concluded that the company’s reporting and monitoring procedures were inadequate and that red flags were not consistently escalated.
The regulator determined that senior management failed to ensure the firm had effective AML policies and oversight.
Key governance failures included:
- inadequate oversight of brokers and intermediaries
- ineffective suspicious activity reporting procedures
- failure to comply with regulatory deadlines under the updated 2019 AML Handbook
- reliance on outdated screening systems that failed to identify PEPs and adverse media
Although the company began a remediation programme in 2023 and cooperated fully with the investigation, the GFSC concluded that the scale and duration of the failures justified the record fine.
Guernsey’s 2024 “failure to prevent” offences
Alongside a tougher enforcement environment, Guernsey has introduced a major expansion of corporate liability for financial crime through a set of new “failure to prevent” offences. These measures came fully into force on 26 April 2024, marking one of the most significant developments in the Bailiwick’s financial crime framework in recent years.
The new regime covers four areas:
- corruption
- tax evasion
- money laundering
- terrorist financing
Together they create a powerful legal tool that allows prosecutors to hold organisations criminally liable when financial crime is committed by employees, agents or other associated persons acting on their behalf.
The new bribery offence
The centrepiece of the reform is the corporate offence of failure to prevent bribery, introduced under the Prevention of Corruption (Bailiwick of Guernsey) (Amendment) Law, 2023, which entered into force on 26 April 2024.
The offence applies to any “relevant commercial organisation”, meaning a company or partnership incorporated in Guernsey, as well as overseas organisations carrying on business in the Bailiwick.
Under the legislation, a company commits an offence if a person associated with it bribes another person intending to obtain or retain business or a business advantage for the organisation. The only defence is that the organisation had adequate procedures in place to prevent bribery.
Guidance issued by the States of Guernsey Committee for Home Affairs in April 2024 makes clear that the courts will ultimately decide whether prevention procedures are adequate. Organisations therefore need to demonstrate that anti-bribery controls are genuinely implemented and effective, rather than existing only on paper.
Corporate liability for tax evasion
Guernsey has also introduced corporate offences for failure to prevent the facilitation of tax evasion through the Criminal Justice (Miscellaneous Amendments – Preventative Offences) (Bailiwick of Guernsey) Ordinance, 2023, also effective from 26 April 2024.
These provisions mirror the UK model created by the Criminal Finances Act 2017. The legislation creates two separate offences:
- failure to prevent the facilitation of Guernsey tax evasion
- failure to prevent the facilitation of foreign tax evasion
A company can be liable where an employee, agent or service provider facilitates tax evasion while acting for the organisation. As with the bribery offence, the defence is that the company had reasonable prevention procedures in place, or that it was reasonable in the circumstances not to have such procedures.
Failure to prevent money laundering and terrorist financing
The reforms also introduced corporate offences for failing to prevent money laundering and terrorist financing. These offences were inserted into existing legislation:
- section 48MA of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999
- section 74A of the Terrorism and Crime (Bailiwick of Guernsey) Law, 2002
Unlike the bribery and tax evasion provisions, these offences apply primarily to regulated financial services and other Schedule 3 businesses. If an associated person commits money laundering or terrorist financing while acting for the organisation, the company may be liable unless it can show that appropriate prevention procedures were in place.
To support the new offences, the Guernsey Financial Services Commission (GFSC) updated its Handbook on Countering Financial Crime and Terrorist Financing on 25 April 2024, setting out how regulated firms should design and implement prevention procedures.
Moving beyond the “directing mind and will”
A key purpose of the new framework is to overcome the limitations of the traditional corporate liability test known as the “identification doctrine.”
Under this doctrine, prosecutors historically had to prove that the individual who committed the offence represented the “directing mind and will” of the organisation. In practice this often made corporate prosecutions difficult, particularly in large or decentralised businesses.
The new failure-to-prevent model removes that barrier. Instead of focusing on which individual committed the offence, the legal question becomes whether the organisation had adequate prevention procedures in place.
This approach mirrors the structure of the UK Bribery Act 2010 and the UK Criminal Finances Act 2017, which introduced similar corporate offences for bribery and tax evasion.
Personal liability for senior managers
The legislation also carries a clear warning for company leadership. If a failure-to-prevent offence is committed by an organisation and it is shown to have occurred with the consent, connivance or neglect of a senior officer, that individual can also be prosecuted.
The law specifically references directors, managers, secretaries, partners and similar officers as potentially liable where their oversight failures contributed to the offence.
What could the Utmost case have looked like under Guernsey’s new legal framework?
The Utmost case was not pursued under Guernsey’s new failure to prevent offences, which only came into force on 26 April 2024. The GFSC instead relied on its existing regulatory enforcement powers under the Financial Services Business (Enforcement Powers) (Bailiwick of Guernsey) Law, 2020, alongside breaches of the Bailiwick’s AML and financial crime framework. Had the same conduct been assessed under the newer regime, the legal exposure might have looked very different.
Failure to prevent offences are criminal in nature and allow prosecutors to pursue corporate liability where an associated person commits bribery, tax evasion facilitation, money laundering or terrorist financing while acting for the organisation, unless the company can demonstrate adequate prevention procedures.
Given the GFSC’s findings of systemic weaknesses in client monitoring, source-of-funds checks and the handling of money laundering red flags, the case could theoretically have opened the door to criminal proceedings against the company itself, rather than a regulatory penalty alone. The framework also allows for personal liability for senior officers where an offence occurs with their consent, connivance or neglect. In a scenario where investigators concluded that the compliance failures enabled money laundering to occur, senior figures responsible for oversight, such as the CEO or the nominated officer responsible for suspicious activity reporting, might have faced potential criminal prosecution alongside regulatory sanctions. While that did not happen in this case, the introduction of failure-to-prevent offences means future enforcement actions in Guernsey could carry significantly more serious consequences.
Key takeaways for Guernsey firms
The Utmost enforcement action and the introduction of failure-to-prevent offences together underline a tightening compliance environment for firms operating in Guernsey’s financial services sector.
Regulators are willing to impose major penalties.
The £1.96 million fine issued by the GFSC is the largest in its history and reflects a willingness to pursue systemic AML failures over long periods.
High-risk clients require genuine monitoring.
Classifying clients as high risk is not sufficient on its own. Regulators expect meaningful periodic reviews, updated source-of-wealth checks and active monitoring throughout the client lifecycle.
Third-party brokers and intermediaries remain a major risk.
The Utmost case showed how poorly supervised intermediaries can introduce large volumes of defective or fraudulent documentation.
Red flags must be investigated and escalated.
Unusual payments, inconsistent client information or missing source-of-funds documentation are classic money laundering indicators. Failing to follow up on them can lead directly to regulatory action.
Corporate criminal liability for financial crime has expanded.
Guernsey’s new failure-to-prevent offences mean companies can face criminal liability if employees, agents or service providers commit bribery, tax evasion facilitation, money laundering or terrorist financing.
Senior managers face personal exposure.
Directors and senior officers may be personally liable if compliance failures occur with their consent, connivance or neglect.
Compliance programmes must be demonstrably effective.
Under the new regime, the key defence is proving that adequate prevention procedures were in place. Firms will need clear risk assessments, strong due diligence processes, regular monitoring and effective training to demonstrate this.
