2023 designated non-financial businesses and professions' suspicious activity reporting obligations feedback

AML/CFT/CPF

Anti-money laundering, countering the financing of terrorism and countering proliferation financing

AML/CFT/CPF CoP

Anti-money laundering, countering the financing of terrorism and proliferation financing Code of Practice, as detailed in the Handbook

DNFBP

Designated non-financial businesses and professions

FIU

Financial Intelligence Unit

Handbook

Handbook for the prevention and detection of money laundering, the countering of terrorist financing, and the countering of proliferation financing.

ML/TF/PF

Money laundering, terrorist financing and proliferation financing

MLCO

Money laundering compliance officer

MLRO/deputy MLRO

Money laundering reporting officer and deputy money laundering reporting officer

iSAR/eSAR

Internal suspicious activity report/external suspicious activity report

Proceeds of Crime Supervisory Bodies Law

Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008

Supervised person

A person that is subject to supervision by the JFSC in accordance with the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008

SAR

Suspicious activity report

Board/senior management responsibilities

board/senior management minutes relating to compliance/MLRO reports contained either limited references or were “taken as read” or “noted”

board/senior management minutes did not include discussion and challenge of the management information provided by the MLRO in their reports

inadequate consideration and assessment in board/senior management minutes of low levels or absence of internal suspicious activity reports (iSARs)

inadequate consideration and assessment in board/senior management minutes of outcomes of testing, such as testing employee awareness 

lack of regular assessment of the MLRO function and fulfilment of role obligations

inadequate consideration and assessment of where the MLRO fulfils multiple roles that may impact their effectiveness or give rise to conflicts

inaccurate job descriptions and procedures relating to the role of the MLRO, with confusion between the specific responsibilities of an MLRO and those of a MLCO - the MLRO and the MLCO may be the same person, but the role responsibilities are separate and specific

board/senior management minutes evidence discussions about MLRO reports, including challenge and scrutiny of the information provided

documented consideration of the levels/quality of SARs, including any resulting action points and who is responsible, which are tracked to completion

board/senior management minutes demonstrate routine monitoring of the performance of the MLRO/DMLRO and ensure SARs are being handled in an appropriate and consistent manner

board/senior management periodically consider the MLRO reports, and the time taken between information of a matter coming to an employee’s attention and the date of the iSAR

board/senior management minutes detail routine assessment of whether the other roles the MLRO fulfils impact their effectiveness, independence, or give rise to conflicts

an accurate job description clearly setting out the role and responsibilities of the MLRO, which include receiving and considering iSARs in accordance with internal reporting procedures

the difference between the MLRO and MLCO’s responsibilities are clearly delineated, with the MLCO, and not the MLRO, responsible for monitoring compliance with the business risk assessment (BRA), ensuring the BRA is in place, monitoring updates to policies and procedures, reviewing customer due diligence / enhanced due diligence, monitoring customer activities.

iSAR/eSAR procedures

systems and controls did not include measures to ensure iSARs were not filtered by line management, thereby preventing submission to the MLRO

internal reporting procedures did not set out the importance of making an iSAR as soon as practicable

procedures did not include the identities of the MLRO (or deputy MLRO)

procedures did not include arrangements for disciplining an employee who fails to make an iSAR without a reasonable excuse and as soon as practicable

iSAR procedures did not include the requirement for the MLRO to formally acknowledge receipt of the iSAR to the member of staff who had submitted it

procedures did not remind employees making iSARs of the risk of committing a tipping off offence

the MLRO (or deputy MLRO) had not documented all enquiries made in relation to each iSAR

the MLRO (or deputy MLRO) had not documented the basis and rationale for externalising or not externalising a SAR to the FIU

the MLRO (or deputy MLRO) had not considered the requirement to update the Jersey FIU where more information is discovered following the initial submission

iSAR reporting procedures did not extend to potential business relationships and declined transactions, so the board/senior management were unaware of the number of potential clients which had been declined

supervised persons had not maintained SAR registers

supervised persons had not maintained a procedure requiring the MLRO (or Deputy MLRO) to record all iSARs and eSARs in a register

iSARs did not contain the date the information or matter came to the employee’s attention and the date of submission to the MLRO

iSARs did not contain as full a statement as possible on the information or matter giving rise to the knowledge, suspicion, or reasonable grounds for knowledge or suspicion

iSARs did not contain the identity of the individual who made the iSAR, and in what capacity

iSARs did not include full details of the customer and transaction activity that the supervised person holds on record

SAR procedures suggested that the value of the one-off transaction or business relationship would be a factor in determining whether an  iSAR/eSAR should be submitted

procedures and the iSAR form only included the requirement to report suspicion relating to "existing criminal property"

• procedures and employee handbooks emphasise that the decision to report is the personal liability of the employee and not line managers

employment contracts and employment handbooks set out that iSARs should be made to the MLRO as soon as practicable, and include the identity of the MLRO

employee handbooks clearly set out the disciplinary sanctions for failing to report knowledge, suspicion, or reasonable grounds for knowledge and suspicion, without reasonable excuse, or for failing to report as soon as practicable

the MLRO’s report includes a detailed timeline of activity from the date the internal SAR is received and acknowledged until its conclusion, and clearly articulates the reasons for any delays

tipping off provisions are covered in detail in procedures and are easy for all employees to understand

procedures include a reminder to employees of the risk of committing a tipping off offence

the MLRO provides detailed rationale for externalising or not externalising the iSAR

registers record all declined business, with a written explanation of why the business relationship or one-off transaction was declined

the declined business register, and analysis, form part of the MLRO’s board/senior management report

SARs procedures should include that iSARs are to be considered regardless of the amount involved

the iSAR form should include that any property can constitute or represent proceeds of criminal conduct

Training

board/senior management were unable to provide evidence that the effectiveness of their training had been assessed

board/senior management were unable to provide evidence that employees understood their AML/CFT/CPF requirements

training was not tailored to the supervised person and the specific employee, such as the MLRO

in some instances, sole traders had undertaken insufficient training on key aspects of Jersey legislation to prevent and detect ML/TF/PF 

supervised persons were unable to evidence that training had been delivered covering key aspects of AML/CFT/CPF legislation

supervised persons were unable to evidence that training highlighted to employees the importance of their individual contribution to the prevention and detection of ML/TF/PF

the MLRO can evidence practical training for employees, including step-by-step scenario exercises where a fictional customer proposes a new piece of business, and employees navigate the process of submitting an iSAR

training is relevant to the entity, with specific examples of ML/TF/PF case studies, red flags, examples of unusual activity, and customer profiling to identify unusual transactions

training includes case studies to highlight the obligation of employees to report, the potential consequences of failing to report, and the importance of each employee in preventing and detecting financial crime

training procedures include explanations of risk appetite, business risk assessment, and financial crime strategy, and how these are linked to procedures to mitigate risks

where a third-party training solution is used, it is assessed to ensure it accurately complies with the statutory and regulatory regime in Jersey, including a gap analysis to identify and address any deficiencies or inaccuracies

financial sanctions are included in the training plan

employees who fail to achieve a minimum pass score in financial sanctions are provided with additional training and then reassessed 

test answers are analysed to identify any areas with a lower level of understanding and used to enhance future training

training considers the guidance notes provided in Section 9 of the Handbook and references JFSC examination feedback papers