The Feedback
In addition to setting out a number of findings identified in the thematic examination, the Feedback sets out invaluable guidance on the JFSC's regulatory expectations in respect of compliance with BOC regulatory obligations, and what it considers to be best practice. In particular, the JFSC's expectations are as follows:
Corporate governance – Compliance Monitoring Plan
- the Compliance Monitoring Plan (the "CMP") should be clearly mapped to, and designed to assess compliance with, all the legal and regulatory requirements regarding BOC, which includes identifying obligations arising under the Money Laundering (Jersey) Order 2008, the anti-money laundering/countering the financing of terrorism and proliferation financing (the "AML") Codes of Practice and the Financial Services (Disclosure and Provision of Information) (Jersey) Law 2020
- where breaches of the BOC requirements are identified, a root-cause analysis should be conducted and remedial action undertaken to ensure there are no recurrences
- consideration should also be given to staff training requirements to mitigate any such risk of breach
- results of the CMP should be reported to the Board so that it is aware of the level of compliance with the BOC requirements
- periodic reviews of customers should be undertaken to revalidate BOC information
- the frequency of periodic reviews should be determined by the risk rating of the customer
Identification measures – assessment of risk
- staff understanding of key customer relationships should be regularly refreshed to ensure employees fully understand the ownership structure, historic / current / expected activities, and key risks of their customers
- the Customer Risk Assessment (the "CRA") should include consideration of whether the customer has any indirect risk exposure, e.g. to higher risk or sanctioned countries or territories
- the CRA should consider the cumulative impact of lower-level risks that together may result in an assessment of a higher risk of financial crime
- the CRA should also considers the transparency and behaviour of the customer
Identification measures – finding out identity and obtaining evidence of identity
- policies and procedures should provide examples of what information or documents could be obtained to corroborate source of wealth and source of funds, e.g. requesting copies of audited financial statements for a corporate customer
- policies and procedures should provide case studies to help explain how BOC is to be determined in different circumstances, e.g. complex structures or different types of legal person
- supervised persons should utilise the three-tier test set out in Section 4 of the JFSC's AML Handbook to identify beneficial owners and controllers for customer due diligence purposes, and should follow the Registry's guidance for BOC notification purposes
Next steps
The Feedback and the above guidance, will be of interest to all firms (and Board members) subject to AML obligations under Jersey law, and of particular interest to entities providing Trust Company Business ("TCB") services (as the JFSC's thematic examination focused on 10 entities providing these services).
Firms, in particular those firms providing TCB services, should factor this guidance into horizon scanning board updates, and regulatory and compliance planning, and consider what enhancements to their systems and controls might be required.