Service notice – myRegistry and our Security Interests Register will be unavailable due to scheduled maintenance from 10:00am until 6:00pm on Saturday 29 November and 6:00pm on Tuesday 2 December until 2:00am on Wednesday 3 December.

Feedback from our examination of supervised persons’ reliance on obliged persons

Issued:18 April 2024
Feedback from our examination of supervised persons’ reliance on obliged persons

1 Executive summary

During the first quarter of 2023, we assessed the extent to which supervised persons had complied with their obligations relating to reliance on obliged persons. The purpose of this feedback paper is to publish an anonymised summary of the key findings we identified during the thematic examination and set out relevant good practice for the benefit of all supervised persons.

In strictly limited cases, supervised persons are permitted to rely on measures applied by a third party to meet some of their customer due diligence (CDD) and enhanced CDD measures obligations.

Reliance on third party measures must always be subject to six conditions set out in Article 16 of the Money Laundering (Jersey) Order 2008. Where the requirements of Article 16 are not met, supervised persons’ CDD measures may be ineffective, potentially exposing them to heightened risk of financial crime.

In addition to the requirements set out in Article 16, the Handbook includes further requirements relating to reliance in the form of AML/CFT/CPF Codes of Practice.

We selected 10 supervised persons for the examination, representing the following licence types:

banking

designated non-financial businesses and professions

fund service business

investment business

money service business

trust company business

A detailed overview of the examination findings is set out in section 6.

Supervised persons should consider the findings in this report and, where relevant, implement changes to align with good practice.

2 Summary of findings and good practice

The table below summarises the more detailed findings set out in section 6, with examples of good practice. Not all these examples of good practice were identified during the examination.

Area of findings	Findings	Good practice
Conditions	one supervised person failed to obtain appropriate assurance from an obliged person that it would keep evidence of identification measures as required by the third condition of reliance one supervised person did not appropriately record how it met the conditions of Article 16 one supervised person failed to consider whether an obliged person’s business, based outside of Jersey, constituted equivalent business the written assurance of one obliged person, based outside of Jersey, did not document record retention and provision in line with the fifth condition	supervised persons regularly review their adherence with the conditions of Article 16 through a programme of compliance monitoring testing supervised persons periodically assess which jurisdictions are considered equivalent and document their assessment, taking into consideration sources such as mutual evaluation reports supervised persons periodically obtain updated written assurances from obliged persons supervised persons perform an annual risk assessment of the obliged person to reassess the risk of that reliance arrangement
Testing of obliged persons	two supervised persons had not performed any testing of obliged persons on whom they placed reliance one supervised person had paused its testing three years ago and had not restarted one supervised person failed to review and determine whether it was appropriate to maintain a reliance arrangement where: CDD deficiencies were identified provision of documentation was outside of acceptable timeframes In several cases, supervised persons failed to demonstrate they had undertaken appropriate testing one supervised person was unable to evidence that it was consistently considering whether obliged persons may be prevented, by application of law (e.g. secrecy legislation) from providing information or evidence	delays in the obliged person providing documentation upon request are recorded transparently where evidence of identity is provided between two and five working days, the supervised person clearly records its rationale for considering why this constitutes provision without delay the supervised person requires the obliged person to complete a periodic compliance risk assessment questionnaire the supervised person performs testing in two parts - firstly a desk-based review of the obliged person’s policies and procedures, followed by onsite testing of customer files the supervised person uses a risk-based approach to determine the frequency of testing of obliged persons the supervised person uses a risk-based approach to determine the sample size of customer files selected for testing, for example testing more customer files for obliged persons considered to present a higher risk the supervised person establishes whether secrecy legislation will present a barrier to obtaining information and/or documentation before entering into a new reliance arrangement with an obliged person, not just at the time of testing
CDD	three supervised persons failed to identify beneficial owners and controllers of customers customer risk assessments were not performed by a supervised person, resulting in it not fully understanding the risks associated with its customer and consequently failing to apply a commensurate level of due diligence the supervised person used a 'blended’ risk assessment of both the obliged person and the customer, resulting in a failure to appropriately identify and assess certain higher risk attributes of the customer and the application of an inadequate risk-based approach to ongoing monitoring one supervised person failed to assess whether information from the obliged person regarding the ownership and control structure, beneficial ownership, and significant controllers of its customer was accurate or complete one supervised person was unable to demonstrate that it had adequately screened and monitored its customers where a reliance arrangement was in place one supervised person failed to obtain an appropriate level of detail in respect of source of funds and source of wealth information, simply accepting an inadequate statement provided by the obliged person in several cases, supervised persons did not consider whether the identification measures applied by an obliged person, based outside of Jersey, were sufficient for the supervised person to meet its obligations under Article 3 of the Order	policies and procedures clearly identify the aspects of the customer relationship the supervised person is responsible for and the aspects the obliged person is relied upon for the supervised person periodically test adherence to its policies and procedures through its compliance monitoring plan in addition to using Appendix C1 (or a supervised person equivalent), supervised persons took measures to independently obtain or verify information regarding source of funds and source of wealth, including performing online research, obtaining information directly from its customer or requesting additional details from the obliged person
Internal systems and controls (including policies and procedures)	one supervised person had no policies and procedures in place for reliance on an obliged person one supervised person failed to follow its obliged person arrangement policies and procedures by not escalating failed testing to its board for consideration the minutes of decision-making committees of one supervised person did not adequately document consideration, discussion and decisions relating to CDD deficiencies identified Inconsistencies were identified within three supervised persons’ policies and procedures the policies and procedures of one supervised person did not direct employees to the list of approved obliged persons and did not specify the forms to be used to ensure that reliance was being placed appropriately one supervised person could not demonstrate that appropriate ongoing monitoring was applied to customers, resulting in a failure to identify a connection to an enhanced risk state which should have prevented the use of reliance one supervised person was unable to demonstrate it gave due regard to the JFSC Sound Business Practice Policy in respect of a customer where reliance was placed on an obliged person	the supervised person undertakes enhanced testing to establish that the obliged person keeps, and is able to provide without delay, evidence of identification measures in the early stages of a reliance arrangement the supervised person establishes a subject matter expert for reliance and gives them responsibility for continuous improvement of associated systems and controls, including policies and procedures supervised persons maintain a standalone procedure, covering the end-to-end process for reliance, reducing the risk of inconsistencies developing where content is included across multiple documents supervised persons analyse failures in reliance testing with the obliged person to understand the root causes and whether actions can be taken to fix the issues, which would allow for the reliance arrangement to continue supervised persons provide employees with periodic training on the application of reliance, covering the conditions and associated obligations, and their responsibilities, and testing employee understanding

Area of findings

Findings

Good practice

Conditions

one supervised person failed to obtain appropriate assurance from an obliged person that it would keep evidence of identification measures as required by the third condition of reliance

one supervised person did not appropriately record how it met the conditions of Article 16

one supervised person failed to consider whether an obliged person’s business, based outside of Jersey, constituted equivalent business

the written assurance of one obliged person, based outside of Jersey, did not document record retention and provision in line with the fifth condition

supervised persons regularly review their adherence with the conditions of Article 16 through a programme of compliance monitoring testing

supervised persons periodically assess which jurisdictions are considered equivalent and document their assessment, taking into consideration sources such as mutual evaluation reports

supervised persons periodically obtain updated written assurances from obliged persons

supervised persons perform an annual risk assessment of the obliged person to reassess the risk of that reliance arrangement

Testing of obliged persons

two supervised persons had not performed any testing of obliged persons on whom they placed reliance

one supervised person had paused its testing three years ago and had not restarted

one supervised person failed to review and determine whether it was appropriate to maintain a reliance arrangement where:

CDD deficiencies were identified
provision of documentation was outside of acceptable timeframes

In several cases, supervised persons failed to demonstrate they had undertaken appropriate testing

one supervised person was unable to evidence that it was consistently considering whether obliged persons may be prevented, by application of law (e.g. secrecy legislation) from providing information or evidence

delays in the obliged person providing documentation upon request are recorded transparently

where evidence of identity is provided between two and five working days, the supervised person clearly records its rationale for considering why this constitutes provision without delay

the supervised person requires the obliged person to complete a periodic compliance risk assessment questionnaire

the supervised person performs testing in two parts - firstly a desk-based review of the obliged person’s policies and procedures, followed by onsite testing of customer files

the supervised person uses a risk-based approach to determine the frequency of testing of obliged persons

the supervised person uses a risk-based approach to determine the sample size of customer files selected for testing, for example testing more customer files for obliged persons considered to present a higher risk

the supervised person establishes whether secrecy legislation will present a barrier to obtaining information and/or documentation before entering into a new reliance arrangement with an obliged person, not just at the time of testing

CDD

three supervised persons failed to identify beneficial owners and controllers of customers

customer risk assessments were not performed by a supervised person, resulting in it not fully understanding the risks associated with its customer and consequently failing to apply a commensurate level of due diligence

the supervised person used a 'blended’ risk assessment of both the obliged person and the customer, resulting in a failure to appropriately identify and assess certain higher risk attributes of the customer and the application of an inadequate risk-based approach to ongoing monitoring

one supervised person failed to assess whether information from the obliged person regarding the ownership and control structure, beneficial ownership, and significant controllers of its customer was accurate or complete

one supervised person was unable to demonstrate that it had adequately screened and monitored its customers where a reliance arrangement was in place

one supervised person failed to obtain an appropriate level of detail in respect of source of funds and source of wealth information, simply accepting an inadequate statement provided by the obliged person

in several cases, supervised persons did not consider whether the identification measures applied by an obliged person, based outside of Jersey, were sufficient for the supervised person to meet its obligations under Article 3 of the Order

policies and procedures clearly identify the aspects of the customer relationship the supervised person is responsible for and the aspects the obliged person is relied upon for

the supervised person periodically test adherence to its policies and procedures through its compliance monitoring plan

in addition to using Appendix C1 (or a supervised person equivalent), supervised persons took measures to independently obtain or verify information regarding source of funds and source of wealth, including performing online research, obtaining information directly from its customer or requesting additional details from the obliged person

Internal systems and controls (including policies and procedures)

one supervised person had no policies and procedures in place for reliance on an obliged person

one supervised person failed to follow its obliged person arrangement policies and procedures by not escalating failed testing to its board for consideration

the minutes of decision-making committees of one supervised person did not adequately document consideration, discussion and decisions relating to CDD deficiencies identified

Inconsistencies were identified within three supervised persons’ policies and procedures

the policies and procedures of one supervised person did not direct employees to the list of approved obliged persons and did not specify the forms to be used to ensure that reliance was being placed appropriately

one supervised person could not demonstrate that appropriate ongoing monitoring was applied to customers, resulting in a failure to identify a connection to an enhanced risk state which should have prevented the use of reliance

one supervised person was unable to demonstrate it gave due regard to the JFSC Sound Business Practice Policy in respect of a customer where reliance was placed on an obliged person

the supervised person undertakes enhanced testing to establish that the obliged person keeps, and is able to provide without delay, evidence of identification measures in the early stages of a reliance arrangement

the supervised person establishes a subject matter expert for reliance and gives them responsibility for continuous improvement of associated systems and controls, including policies and procedures

supervised persons maintain a standalone procedure, covering the end-to-end process for reliance, reducing the risk of inconsistencies developing where content is included across multiple documents

supervised persons analyse failures in reliance testing with the obliged person to understand the root causes and whether actions can be taken to fix the issues, which would allow for the reliance arrangement to continue

supervised persons provide employees with periodic training on the application of reliance, covering the conditions and associated obligations, and their responsibilities, and testing employee understanding

3 Key statistics and assessment of examination results

We identified 29 findings across seven of the 10 examinations. Some key statistics include:

more than half of the supervised persons had failings in relation to their policies and procedures

20% of supervised persons failed to perform testing of obliged persons

a further 30% failed to conduct testing appropriately

around a third of supervised persons had failings related to the conditions

During our previous 2019 examination of reliance on obliged persons, we examined 11 supervised persons and there were 54 findings. While we identified some findings of a similar nature across both thematic examinations, there were fewer instances of them during the 2023 thematic examination, for example:

more than half of the supervised persons examined during the 2019 thematic examination had a finding related to the conditions, which reduced to one third in the 2023 thematic examination

72% of supervised persons in the 2019 examination had a finding related to inadequacies in internal systems and controls, including policies and procedures, which reduced to 60% in the 2023 examination

the 2019 examination resulted in four findings in relation to customer risk assessments, whereas the 2023 examination resulted in three findings in this area

On the other hand, 46% of supervised persons in the 2019 examination had a finding related to their testing of obliged persons, which increased to 70% in the 2023 examination.

Of note is that three supervised persons had no findings in the 2023 examination.

Four supervised persons were examined in both the 2019 and 2023 examinations, two of which had no findings in 2023.

The above statistics indicate a reduction in the overall number of findings from the previous examination (54 to 29). This is indicates a general improvement in overall compliance and that supervised persons have worked to enhance their systems and controls in respect of reliance during the intervening period. There remains, however, room for improvement.

Three supervised persons had no findings identified during their respective examinations. The below chart sets out where findings were identified across the other seven supervised persons.

A detailed overview of the examination findings is contained within section 6.

4 Action required

We expect board and senior management of all supervised persons who rely on obliged persons to:

consider the findings and good practice highlighted in this feedback against their own arrangements

make changes to their systems and controls if they identify any areas for development

ensure that their business is complying with all relevant statutory and regulatory requirements in relation to reliance

Supervised persons are encouraged to continue reviewing and enhancing their systems and controls in relation to:

the first, second, third, fifth and sixth conditions

ongoing governance surrounding testing of reliance arrangements

policies and procedures

Where we identify findings which indicate prior remediation has been ineffective, for example

known deficiencies exist and have not been addressed by the board and senior management

appropriate consideration and action have not been taken following feedback issued by the JFSC

then supervised persons can expect these to be deemed as aggravating factors in determining our entity level regulatory strategy.

Where we identified findings which were serious in nature, we brought these to the attention of supervised persons and escalated. In some cases, we have taken further regulatory action.

Supervised persons may also refer to the following sources of information:

4.1 Chapter 5 of the Handbook – Identification Measures – Reliance on Obliged Persons

This chapter of the AML/CFT/CPF Handbook covers statutory requirements and the AML/CFT/CPF Codes of Practice relevant to reliance on obliged persons.

It also sets out relevant guidance notes, presenting practical ways in which supervised persons may demonstrate compliance with the statutory requirements and the AML/CFT/CPF Codes of Practice.

4.2 The 2019 thematic examination feedback paper

The feedback paper from the 2019 examination on reliance can be found here: Themed examination – reliance on obliged persons.

4.3 Reliance update and webinar recording

This webinar provides an overview of why reliance is important, what supervisory data told the JFSC at the time of its release and summarises the main findings from the 2019 Thematic. The webinar can be found here: Reliance update and webinar recording - (www.jerseyfsc.org)

Where a supervised person identifies any deficiencies in its systems and controls, we expect it to:

consider the notification requirements under the AML/CFT/CPF Code of Practice set out in Section 2.3 of the Handbook, and where applicable the relevant Codes of Practice (dealing with the JFSC in an open and co-operative manner)

prepare a remediation plan and discuss this with its supervisor, as it sees appropriate

execute its remediation plan in the manner set out and agreed with its supervisor

consider what assurance activities may provide comfort to its board or senior management team that deficiencies have been addressed effectively and apply appropriate ongoing controls

consider our guidance on remediation action plans

5 Background and scope

5.1 Background

We regularly undertake thematic examinations to assess the extent to which supervised persons are complying with statutory and regulatory requirements in targeted areas. Thematic examinations are sometimes sector-specific, but they often address wider themes across multiple sectors.

Information about the examination process is available on our website.

We chose the theme to revisit supervised persons’ application of reliance following the identification of deficiencies during our 2019 examination on reliance. Findings from the 2019 examination included:

written assurance: we identified instances of obliged persons not explaining the evidence of identity they had collated, and assurance certificates did not provide enough information for supervised persons to meet their own obligations

business risk assessment: several business risk assessments we reviewed did not adequately document the risks to the supervised persons associated with placing reliance

risk assessment: there were several examples of supervised persons not properly documenting their risk assessment of the obliged persons or failing to take into consideration all the relevant factors, such as equivalence of a jurisdiction

testing: some of the testing did not adequately assess the relevant controls in place with regard to the obliged persons’ identification measures

board minutes: often the decisions, discussions and challenge that had gone on at board or senior management meetings on matters relating to reliance and associated risks had not been adequately documented

5.2 Scope

The objective of this thematic examination was to review and assess the extent to which supervised persons had complied with legislative requirements and associated AML/CFT/CPF Codes related to reliance.

The selection process was supported by our risk model and supervised persons submitted information as part of the JFSC supervisory data collection exercise. Four supervised persons selected for this thematic examination were also subject to the 2019 examination .

The industry sectors [1] represented in our examination were as follows:

The examination assessed supervised persons’ compliance with Article 16 of the Order, including particular focus on the conditions:

the first condition (Article 16(2)(a)) is that the obliged person consents to being relied upon

the second condition (Article 16(4)) is that the identification measures have been applied by the obliged person in the course of an established business relationship/one-off transaction with the customer

the third condition (Article 16(4)(a), (b), (c) and (d)) is that the relevant person obtains adequate assurance in writing that the obliged person:

has applied reliance identification measures

has not itself relied upon another party to have applied any such measures

has not applied measures that are less than equivalent to the reliance identification measures

is required to keep, and does keep, evidence of identification relating to each of its customers

the fourth condition (Article 16(2)(b)) is that the information in relation to the identification of the customer must be immediately obtained by the relevant person

the fifth condition (Article 16(5)) is that the relevant person obtains adequate assurance in writing that the obliged person will keep the evidence of identity until provided to the relevant person or until the obliged person is notified that it is no longer required to provide it to the relevant person on its request and without delay

the sixth condition (Article 16(3)) is that relevant persons must assess the risk of placing reliance on an obliged person

The examination also considered how supervised persons complied with Article 16(8), which requires periodic testing of a reliance arrangement to establish whether the obliged person:

maintains appropriate and consistent policies and procedures to apply reliance identification measures

keeps the evidence obtained during the application of reliance identification measures and provides that evidence without delay when requested

is prevented, by application of a law, from providing the required information or evidence

We also considered whether supervised persons took necessary actions where they were not satisfied with the results of testing performed.

The examination did not consider group reliance, the requirements for which are set out at Article 16A of the Order.

Our assessment was based on the statutory and regulatory requirements in force during the review period.

6 Key findings

The key findings summarised in this section are taken from the examinations of seven supervised persons where findings were identified. They identify a range of deficiencies in systems and controls which could expose those supervised persons to a heightened risk of failing to prevent or detect financial crime.

If a supervised person does not have sufficient controls in place regarding its use of reliance, it’s AML/CFT/CPF framework may be fundamentally compromised, exposing the supervised person, and Jersey, to unacceptable levels of financial crime risk.

6.1 Conditions

The conditions are set out in section 5.2 of this feedback paper. Three supervised persons received findings in this area.

one supervised person’s policies and procedures did not adequately cover the six conditions for reliance, resulting in:

roughly half of its customers not having an approved written assurance in place confirming the obligations under both Article 16(4) and Article 16(5) of the Order

six written assurance letters being incomplete and two others being missing

an insufficient level of customer information being obtained from the obliged person

the written assurance of one obliged person, based outside of Jersey, did not document record retention and provision in line with the fifth condition

one supervised person had not obtained adequate assurance from an obliged person at the outset of the relationship that it would keep evidence of identification measures as required by the third condition of reliance

one supervised person failed to consider whether an obliged person’s business, based outside of Jersey, constituted equivalent business, which is a prerequisite to establishing a reliance arrangement and must form part of the supervised person’s assessment of the obliged person

6.2 Testing of obliged persons

After appropriately establishing a relationship with an obliged person, Article 16(8) of the Order sets out the obligations with respect to testing. Where results of that testing are unsatisfactory, Article 16(9) of the Order requires the relevant person to immediately apply reliance identification measures.

Five supervised persons received findings in this area including:

two supervised persons failed to perform any testing of obliged persons

the board of one supervised person decided to pause testing of reliance arrangements to focus its resource towards reducing its use of reliance, but at the time of the examination, had not performed any testing for a three-year period

one supervised person failed to review and determine whether it was appropriate to maintain a reliance arrangement where:

CDD deficiencies were identified

provision of documentation was outside of acceptable timeframes

The supervised person did not escalate these results to its board and failed to take immediate action despite identifying CDD deficiencies and the provision of documents being outside of acceptable timeframes.

two supervised persons were unable to evidence that they had conducted adequate testing of obliged persons in relation to:

the content of the obliged person’s written assurance, in particular that it included confirmation that evidence of identification measures would be held until the supervised person notified the obliged person the evidence was no longer required.

whether obliged persons had appropriate and consistent policies and procedures in place to apply reliance identification measures - in one case, the obliged person was the subject of a JFSC public statement, but the supervised person was unable to demonstrate how it had considered the information and satisfied itself that it was appropriate to continue the reliance arrangement

one supervised person had multiple instances where it was unable to evidence that it had considered whether obliged persons may be prevented, by application of law (e.g. secrecy legislation), from providing information or evidence

6.3 CDD

While it is permissible to place reliance on an obliged person to find out the identity of customer and parties related to the customer, it is not possible to place reliance on an obliged person to obtain information on the purpose and intended nature of a business relationship or one-off transaction, nor to apply ongoing monitoring during a business relationship.

A supervised person is always responsible for undertaking the overall CDD including risk assessment, transaction/activity monitoring and keeping documents and information up to date.

Identification measures

We identified instances of inappropriate use of reliance relating to identification measures.

Article 3(2)(c)(ii) of the Order sets out that, in respect of a customer that is not an individual, a relevant person must understand:

ownership and control of that customer

the provisions under which the customer can enter into contracts or other similar legally binding arrangements with third parties

Three supervised persons failed to identify customers. Of these, two were unable to demonstrate they had identified the beneficial owners and controllers where reliance was placed on an obliged person, instead, relying on the measures performed by the obliged person without reasonable assessment or challenge.

The other supervised person was unable to evidence that it had considered its customer’s exposure to money laundering. The supervised person had relied upon the risk assessment performed by the obliged person and was unable to demonstrate that it understood the risk associated with the ownership and control structure, beneficial ownership, and significant controllers of four of its customer files selected for the sample.

Article 3(5) of the Order requires that identification measures must include the assessment by the relevant person of the risk that any business relationship or one-off transaction will involve money laundering, including obtaining appropriate information for assessing that risk.

The AML/CFT/CPF Code of Practice set out at paragraph 3.3 (29) of the Handbook requires a supervised person to apply a risk-based approach in determining the extent and nature of measures to be taken during the identification process. Three supervised persons had findings in this area:

one supervised person was unable to evidence that it performed customer risk assessments where reliance was placed on an obliged person, resulting in the supervised person not fully understanding the risks associated with its customer and consequently failing to apply a commensurate level of due diligence

one supervised person used a 'blended’ risk assessment that considered risk characteristics of both the obliged person and the customer, resulting in a failure to appropriately identify and assess certain higher risk attributes of the customer (for example country risk) and the application of an inadequate risk-based approach to ongoing monitoring

one supervised person received information from the obliged person regarding its customer’s ownership and control structure, beneficial ownership, and significant controllers, however it failed to assess whether it was accurate or complete, which led to a failure to consider the extent of its financial crime exposure

In several cases, supervised persons did not consider whether the identification measures applied by an obliged person, based outside of Jersey, were sufficient for the supervised person to meet its obligations under Article 3 of the Order.

Ongoing monitoring

We identified instances where reliance was being used inappropriately. In all instances, the supervised person failed to comply with Article 13(1) of the Order, which requires a relevant person to apply CDD measures, including ongoing monitoring. Two supervised persons had findings in this area:

one supervised person was unable to demonstrate that it was adequately screening and monitoring its customers where a reliance arrangement was in place, resulting in a failure to identify a politically exposed person

one supervised person failed to obtain an appropriate level of detail in respect of its customer’s source of funds and source of wealth, simply accepting an inadequate statement provided by the obliged person

6.4 Internal systems and controls

Article 11(3) requires a supervised person to maintain appropriate and consistent policies and procedures for placing reliance on obliged persons. Six supervised persons had failings in this area, our findings included:

one supervised person had no policies and procedures in place for reliance on an obliged person

one supervised person failed to follow its policies and procedures by not escalating failed testing to its board for consideration

another supervised person was unable to demonstrate from the minutes of decision-making committees that it had considered, discussed and recorded decisions relating to CDD deficiencies where a reliance arrangement was used

three supervised persons had inconsistencies within their policies and procedures, including:

document retrieval periods and associated internal approval requirements

actual practices did not follow what was required by the procedures

an undocumented, alternative process was used where CDD deficiencies were identified

one supervised person’s policies and procedures did not:

direct staff to the list of approved obliged persons

specify the forms to be used to ensure that reliance is being placed appropriately

one supervised person was unable to demonstrate that it gave due regard to our Sound Business Practice Policy in relation to its ongoing monitoring of a customer’s potential involvement, directly or indirectly, in mining, drilling, or quarrying for natural resource

one supervised person could not demonstrate it had applied appropriate ongoing monitoring to customers, where reliance was placed on an obliged person, resulting in a failure to identify a connection to an enhanced risk state - under Article 16(11) of the Order, a relevant person is not permitted to place reliance on an obliged person where there is a connection to an enhanced risk state

7 Next steps

We have given direct feedback to all the supervised persons we examined. Where findings were identified, the supervised persons were required to submit a formal remediation plan setting out actions to be taken and timescales for completion. On 6 April 2023, we issued a comprehensive guidance note titled which supervised persons used when designing their remediation plan. Read it here: Remediation action plans guidance note.

Where serious breaches are identified, we consider the appropriate level of response on a case-by-case basis with the supervised person. In some cases, this may result in a referral to our Heightened Risk Response team and, in other cases, formal enforcement action may follow.

When conducting remediation activity, issues should not be reviewed in isolation. Supervised persons should instead consider the wider implications of the findings detailed in the examination reports. Our supervisors work closely with supervised persons to ensure that the steps they have taken to address findings are appropriate to the scale of risks identified.

A key component of regulatory effectiveness is ensuring that supervised persons complete remediation activity in a way that is not only effective but also sustainable, so they can demonstrate compliance with the statutory and regulatory requirements on an ongoing basis.

We may, in certain cases, mandate remediation effectiveness testing following confirmation of completion from supervised persons.

In future engagements with us, supervised persons may be asked to evidence steps taken to address identified deficiencies in their control environment.

Where this action is not considered to be adequate, or where deficiencies of a similar nature are identified to those highlighted in previous JFSC feedback, we will consider our future supervisory strategy and, where appropriate, regulatory action.

We may undertake a reliance thematic examination again in the future, to assess whether industry has taken on board the guidance set out in this feedback and whether the compliance rates have improved.

Please direct any questions or clarifications regarding the examination to [email protected]

Glossary

AML	Anti-money laundering
AML/CFT/CPF Code of Practice	The AML/CFT/CPF Codes of Practice contained within the Handbook
Appendix C1	The AML/CFT/CPF Handbook written assurance template relating to Article 16 of the Money Laundering (Jersey) Order 2008
Article 16 of the Order	Article 16 of the Money Laundering (Jersey) Order 2008 relating to reliance on relevant person or person carrying on equivalent business
Board or senior management team	The board of directors or the board function described in Section 2.1 of the Handbook
CDD	Customer due diligence
CFT	Countering the financing of terrorism
CPF	Countering proliferation financing
DNFBPs	Designated non-financial businesses and professions
FCEU	The Financial Crime Examination Unit of the JFSC
Financial crime	Money laundering, the financing of terrorism, proliferation financing, and non-implementation/breaching/circumvention/evasion of targeted financial sanctions
FSB	Fund services business
The Handbook	Handbook for the prevention and detection of money laundering, the countering of terrorist financing, and the countering of proliferation financing
IB	Investment business
JFSC	Jersey Financial Services Commission
ML/TF/PF	Money laundering, terrorist financing, and proliferation financing
MSB	Money service business
Obliged person	Obliged person as defined in the Article 16 and 16A of the Order
The Order	Money Laundering (Jersey) Order 2008
Policies and procedures	The way in which a business’ systems and controls are implemented into the day-to-day operation of the business
PEP	Politically exposed person. An individual who is any of the following (within the meaning of Article 15A of the Money laundering Order: (a) a domestic politically exposed person (b) a foreign politically exposed person (c) a prominent person
Relevant person	As defined in Article 1 of the Order
Reliance identification measures	As defined in Article 16(1) of the Order
Review period	The period of 1 February 2022 – 31 January 2023 which the JFSC used as a time period for file testing
SEU	The Supervision Examination Unit of the JFSC
Supervised person	As defined in Article 1 of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008. Includes persons regulated by the JFSC under one of the regulatory laws and designated non-financial services businesses and professions (DNFBPs)
TCB	Trust company business

Where any term used within this feedback paper is not defined in the glossary above it means the same as in the AML/CFT/CPF Handbook Glossary.

[1] Where a supervised person held multiple licences they are included on the basis of their principle licence type.