Feedback from 2021 E-ID questionnaire

1   Introduction

In March 2021, we asked 25 businesses about whether they were using applications, smartphones, tablets and other technologies for their customer due diligence processes, to collect information about an individual or evidence a customer’s identity electronically (E-ID). We also asked what systems and controls including policies and procedures, were in place to manage the risks.

Each of the 25 businesses was a relevant person as set out in the Money Laundering (Jersey) Order 2008 (the Order). For the purposes of this feedback, a relevant person is: 

›registered with, or holding a permit issued by, the JFSC under one of the four regulatory laws and is referred to as a regulated business; or

›carrying on a business described in Part B of Schedule 2 to the Proceeds of Crime (Jersey) Law 1999 and is referred to as a Schedule 2 business.

All relevant persons are required to ensure that systems and controls including policies and procedures, are established to ensure that they are complying with the statutory obligations set out in the Order relating to CDD measures. In addition, the relevant Handbooks for the Prevention and Detection of Money Laundering and Countering the Financing of Terrorism (the Handbooks) set out the statutory and regulatory requirements for relevant persons in relation to CDD measures and provide further guidance concerning the use of E-ID in Part 4 Section 4.2.

2   Questionnaire findings

The 25 relevant persons that received the questionnaire included regulated businesses from the following Industry sectors: fund services business (FSB), investment business (IB) and trust company business (TCB). It also included the following Schedule 2 businesses: lawyers, accountancy firms and lenders.

The majority of relevant persons surveyed (92%) were not using E-ID solutions. In those businesses, the main reason for not using E-ID was that it was not suited to their current business model, or needs. Some businesses also advised that E-ID was not suitable for their customer due diligence needs, or that they did not presently have adequate systems in place.

Two (8%) of the 25 relevant persons, both of which were TCBs, are currently using E-ID solutions. Their survey responses indicated that they use these solutions consistently with statutory requirements as well as the guidance provided in Part 4 of the Handbooks.

Both TCBs confirmed the use of a third party product, to collect information from individuals and from reliable and independent data sources and to carry out screening. In one of the two cases, the product was used to validate identity documentation through the submission of scanned or imaged documents to the product provider.

The use of E-ID in the two regulated businesses differed slightly in that one used E-ID in a way that could apply to all of its customers, whilst the other used E-ID on a targeted basis for certain customer segments.

Both businesses indicated that they had appropriate and adequate systems and controls in place including policies and procedures, which were reviewed on an annual or quarterly basis with the involvement of its compliance function, board and senior management.

The questionnaire responses also indicated that the two regulated businesses had implemented risk management arrangements that were consistent with the guidance described in Part 4 Section 4.2 of the Handbooks. For example:

• The services were tested by both businesses before going live
• Due diligence on the service used and arrangements established for the use of E-ID were reviewed and approved by the boards of both businesses
• Both businesses had updated their Business Risk Assessments to reflect the risks of using E-ID and the controls that had been implemented to manage those risks.

3   Conclusion and next steps

While the questionnaire identified that only a small percentage of the businesses surveyed were using E-ID solutions, we were encouraged by the survey results. The results indicated that the businesses had implemented systems and controls (including policies and procedures) that were consistent with Part 4 Section 4.2 of the relevant Handbooks. The survey results also aligned with our expectation of systems and controls that need to be established if businesses wished to make use of E-ID or other technology to apply customer due diligence measures. Our expectations for systems and controls were outlined in the following webinars:

• Covid-19 implications for customer due diligence
• Follow-up session on customer due diligence

We are committed to working with Industry in the adoption of technology solutions and recognise that E-ID usage is gaining momentum in its use globally. In 2020, we published a paper on the options for developing a shared KYC utility for the Jersey financial services sector. We are also currently speaking with representatives from Industry and will be publishing more guidance on the use of E-ID. This guidance is due to be published in Q3 2021.

Glossary

Board	Board of Directors, the Board function described in Section 2.1 of the Handbook
BRA	Business Risk Assessment
CDD	Customer Due Diligence
CDD Measures	Measures set out in Article 3 of the Order
Customer	Means a customer of a relevant person as defined in the Order and the Handbook
Guidance	Guidance provided to relevant persons in the relevant Handbook
Handbook/s	Handbook/s for the prevention and detection of money laundering and the financing of terrorism
JFSC	Jersey Financial Services Commission
Order	Money Laundering (Jersey) Order 2008
Regulatory laws	Collectively the: Banking Business (Jersey) Law 1991; Collective Investment Funds (Jersey) Law 1988; Financial Services (Jersey) Law 1998; and Insurance Business (Jersey) Law 1996
Regulated business	A person that is registered with, or holds a permit issued by, the JFSC under one of the regulatory laws
Regulatory requirements	The AML/CFT Codes of Practice contained within the relevant Handbook
Relevant person	Means a person carrying on financial services business in or from within Jersey as defined under Article 1(1) of the Order
Schedule 2 business	A business described in Part B of Schedule 2 to the Proceeds of Crime (Jersey) Law 1999. Schedule 2 businesses include accountants, estate agents, the legal profession, dealers in high value goods and other businesses such as those involved in lending