Jersey Financial Services Commission feedback on compliance by individuals with respect to beneficial ownership and control in 2022

• Ensure the CMP covers all BOC regulations, report compliance to the board, analyse breaches and conduct periodic reviews based on customer risk
  
  
• Regularly update staff on customer relationships, include indirect risks in assessments, consider cumulative lower-level risks and evaluate customer transparency
  
  
• Provide clear policies and case studies for verifying source of wealth

The Feedback

In addition to setting out a number of findings identified in the thematic examination, the Feedback sets out invaluable guidance on the JFSC's regulatory expectations in respect of compliance with BOC regulatory obligations, and what it considers to be best practice. In particular, the JFSC's expectations are as follows:

Corporate governance – Compliance Monitoring Plan

• the Compliance Monitoring Plan (the "CMP") should be clearly mapped to, and designed to assess compliance with, all the legal and regulatory requirements regarding BOC, which includes identifying obligations arising under the Money Laundering (Jersey) Order 2008, the anti-money laundering/countering the financing of terrorism and proliferation financing (the "AML") Codes of Practice and the Financial Services (Disclosure and Provision of Information) (Jersey) Law 2020
• where breaches of the BOC requirements are identified, a root-cause analysis should be conducted and remedial action undertaken to ensure there are no recurrences
• consideration should also be given to staff training requirements to mitigate any such risk of breach
• results of the CMP should be reported to the Board so that it is aware of the level of compliance with the BOC requirements
• periodic reviews of customers should be undertaken to revalidate BOC information
• the frequency of periodic reviews should be determined by the risk rating of the customer

Identification measures – assessment of risk

• staff understanding of key customer relationships should be regularly refreshed to ensure employees fully understand the ownership structure, historic / current / expected activities, and key risks of their customers
• the Customer Risk Assessment (the "CRA") should include consideration of whether the customer has any indirect risk exposure, e.g. to higher risk or sanctioned countries or territories
• the CRA should consider the cumulative impact of lower-level risks that together may result in an assessment of a higher risk of financial crime
• the CRA should also considers the transparency and behaviour of the customer

Identification measures – finding out identity and obtaining evidence of identity

• policies and procedures should provide examples of what information or documents could be obtained to corroborate source of wealth and source of funds, e.g. requesting copies of audited financial statements for a corporate customer
• policies and procedures should provide case studies to help explain how BOC is to be determined in different circumstances, e.g. complex structures or different types of legal person
• supervised persons should utilise the three-tier test set out in Section 4 of the JFSC's AML Handbook to identify beneficial owners and controllers for customer due diligence purposes, and should follow the Registry's guidance for BOC notification purposes

Next steps

The Feedback and the above guidance, will be of interest to all firms (and Board members) subject to AML obligations under Jersey law, and of particular interest to entities providing Trust Company Business ("TCB") services (as the JFSC's thematic examination focused on 10 entities providing these services). 

Firms, in particular those firms providing TCB services, should factor this guidance into horizon scanning board updates, and regulatory and compliance planning, and consider what enhancements to their systems and controls might be required.