Service notice – myRegistry and our Security Interests Register will be unavailable due to scheduled maintenance from 10:00am until 6:00pm on Saturday 29 November and 6:00pm on Tuesday 2 December until 2:00am on Wednesday 3 December.

Feedback from our examination of independent financial advisers’ investment services to vulnerable persons

Issued:03 May 2024
Feedback from our examination of independent financial advisers’ investment services to vulnerable persons

Thematic examination programme 2023

1 Executive summary

During the second quarter of 2023, we assessed the extent to which supervised persons holding a class D investment business licence had complied with their regulatory obligations in terms of their provision of investment services to vulnerable persons. A summary of the background to the vulnerable person thematic examination is provided in section 2.

The JFSC’s guidance note on the provision of investment services to vulnerable persons under the Code of Practice for investment business explains that there is no set definition of a vulnerable person. However, a vulnerable person can be considered as an individual whose personal circumstances, or characteristics could leave them vulnerable to have their finances placed at risk. This is specifically relevant where a registered person is acting without appropriate care, or diligence.

The vulnerable person thematic examination considered the conduct of supervised persons against the investment business code. This particularly applies to Principle 2 of the Investment Business Code that requires supervised persons to have the highest regard for the interests of their clients. Paragraph 2.5 of the Investment Business Code specifically requires supervised persons to identify and ensure that appropriate protection is given to a vulnerable client. Identifying a vulnerable person, or a potentially vulnerable person, and the reason for their vulnerability is essential for a supervised person to be able to tailor its processes and meet its obligations. By having in place adequate and effective systems and controls, including policies and procedures to protect vulnerable customers, supervised persons are expected to prove they are observing the investment business code and giving due consideration to the guidance note.

We examined a total of 69 customer files across six supervised persons as part of the vulnerable person thematic examination. Information was requested from those six supervised persons covering a review period of 1 April 2022 to 31 March 2023.

A detailed overview of the examination findings is set out in section 3.1. There were some findings identified during the examinations which were outside the scope of the vulnerable person thematic examination. These are referenced in section 3.2 but are not explored in detail.

1.1 Key findings within scope and good practice

The table below summarises the key findings identified during the vulnerable person thematic examination and sets out examples of good practice relating to each area. Not all examples of good practice were identified during the examination.

Area of findings	Findings	Good practice
Vulnerable persons considerations	lack of evidence of consideration of the guidance note, contrary to the obligation to do so under the Investment Business Code failure to identify clients as vulnerable, or failure to record the classification of a vulnerable person in the relevant system, or in the fact-finding documentation failure to apply a consistent approach to identifying and affording appropriate protection to vulnerable persons failure to consistently obtain, document and maintain information about the circumstances of clients and their investment objectives failure to identify all relevant risks, including those relating to vulnerable persons	the definition of a vulnerable person is clear and notes that vulnerabilities, or potential vulnerabilities, can take many forms could include a number of cumulative factors, and could be temporary or permanent in nature tailored measures are put in place to provide vulnerable persons with appropriate protections. These should be recorded on the client file and/or in a centralised register, for example the definition of a vulnerable person is tailored to the supervised person’s business the use of real-life anonymised examples are detailed within policies and procedures to help guide staff when assessing whether a client is a vulnerable person relevant employees are aware of and/or able to access details of the vulnerabilities identified such as: - when the vulnerability was identified - what the vulnerability consists of, and whether it is multi-layered - If relevant, any known reason for the vulnerability - whether the vulnerability is temporary or permanent - when the vulnerability was identified, what steps were taken by the supervised person and, if no steps were taken, why not - when the matter was last reviewed - when the matter is next due review - any other relevant updates or comments the risk assessment should consider the potential risk of vulnerable persons and suitable advice systems and controls should be implemented to mitigate the risks identified by the business, such as effective policies and procedures, registers, and peer reviews the effectiveness of these systems and controls should be assessed regularly as part of the business’ compliance monitoring plan
Suitability of advice	failure to make information available to clients in an easy to understand and timely manner failure to include relevant risk warnings and/or ensure clients are aware of investor compensation schemes and/or cooling off periods, where relevant failure to evidence effective controls that ensure suitable advice is provided, such as a peer review, or four eye check failure to evidence that controls, such as a peer review process, were effective as a compliance monitoring tool failure to frequently review the due diligence and suitability criteria for products and investment services providers	the advice provided to the client is tailored to their needs, for example, if the client does not have a good understanding of English, measures are put in place to ensure the client understands the advice, such as provide a translated version of the advice, or having a trusted third-party interpreter attend a meeting where the advice is discussed the rationale for the tailored approach should be documented on the file policies and procedures detail how employees should manage and document situations where clients require assistance from third parties, ensuring safeguards are in place to protect the interests of the vulnerable person policies and procedures that define how businesses implement their peer review processes should clearly distinguish between those which are compliance focussed (internal) and those which are advice focussed (external) accurate records should be maintained to demonstrate that the review has taken place, as well as the outcome of the review.
Corporate governance: conflicts of interest	deficient policies and procedures relating to conflicts of interest, for example not enough detail on how conflicts of interest would be identified and managed if they could not be avoided policies and procedures did not always address conflicts that occurred due to friendships and family connections failure to take steps to avoid conflicts of interest failures to identify conflicts of interest where conflicts of interest existed, a failure to show how the conflicts were managed	policies and procedures on conflicts of interest are comprehensive and robust to ensure that they are avoided where possible where it is not possible to avoid conflicts of interest, they are appropriately identified and managed decisions to onboard a vulnerable person where a conflict of interest has been identified are carefully considered recording in sufficient detail the rationale for the decision to onboard a vulnerable person where there is a conflict of interest recording and regularly reviewing mechanisms to minimise the risks where there is a conflict of interest associated with onboarding vulnerable persons mechanisms are in place for employees to discuss potential conflicts of interests with their manager, and in each instance the decision is recorded controls are in place to avoid conflicts of interests, for example where a client relationship is likely to create a conflict of interest with a particular independent financial advisor, another independent financial advisor within the business will take on the client (with the client’s consent) if the above is not possible, or the client does not consent, other controls are implemented, such as a four-eye check to ensure the advice provided is appropriate The conflicts of interest register is comprehensive and includes, for instance: - the client and whether, or not they are a vulnerable person - the reason for the conflict - when the conflict was identified and how it was identified - what steps have been taken to avoid the conflict and if none, why - what steps have been taken to manage the conflict and reduce the risk - any developments in the client relationship that might be relevant, and any other relevant information - the date of next review
Internal systems, controls and training	training on how to identify and manage vulnerable person clients was not provided to employees training was not sufficiently tailored to the employee’s role, for example, advisers were not given training on considerations when advising vulnerable persons	all client facing employees, including advisers, are provided with training in how to identify and engage with vulnerable persons employees understand what escalation processes may be triggered once a client is identified as a vulnerable person policies and procedures, training materials, and client files clearly show why identifying vulnerable persons is important and why it’s necessary to tailor interactions with them

Area of findings

Findings

Good practice

Vulnerable persons considerations

lack of evidence of consideration of the guidance note, contrary to the obligation to do so under the Investment Business Code

failure to identify clients as vulnerable, or failure to record the classification of a vulnerable person in the relevant system, or in the fact-finding documentation

failure to apply a consistent approach to identifying and affording appropriate protection to vulnerable persons

failure to consistently obtain, document and maintain information about the circumstances of clients and their investment objectives

failure to identify all relevant risks, including those relating to vulnerable persons

the definition of a vulnerable person is clear and notes that vulnerabilities, or potential vulnerabilities, can take many forms could include a number of cumulative factors, and could be temporary or permanent in nature

tailored measures are put in place to provide vulnerable persons with appropriate protections. These should be recorded on the client file and/or in a centralised register, for example

the definition of a vulnerable person is tailored to the supervised person’s business

the use of real-life anonymised examples are detailed within policies and procedures to help guide staff when assessing whether a client is a vulnerable person

relevant employees are aware of and/or able to access details of the vulnerabilities identified such as:

- when the vulnerability was identified

- what the vulnerability consists of, and whether it is multi-layered

- If relevant, any known reason for the vulnerability

- whether the vulnerability is temporary or permanent

- when the vulnerability was identified, what steps were taken by the supervised person and, if no steps were taken, why not

- when the matter was last reviewed

- when the matter is next due review

- any other relevant updates or comments

the risk assessment should consider the potential risk of vulnerable persons and suitable advice

systems and controls should be implemented to mitigate the risks identified by the business, such as effective policies and procedures, registers, and peer reviews

the effectiveness of these systems and controls should be assessed regularly as part of the business’ compliance monitoring plan

Suitability of advice

failure to make information available to clients in an easy to understand and timely manner

failure to include relevant risk warnings and/or ensure clients are aware of investor compensation schemes and/or cooling off periods, where relevant

failure to evidence effective controls that ensure suitable advice is provided, such as a peer review, or four eye check

failure to evidence that controls, such as a peer review process, were effective as a compliance monitoring tool

failure to frequently review the due diligence and suitability criteria for products and investment services providers

the advice provided to the client is tailored to their needs, for example, if the client does not have a good understanding of English, measures are put in place to ensure the client understands the advice, such as provide a translated version of the advice, or having a trusted third-party interpreter attend a meeting where the advice is discussed

the rationale for the tailored approach should be documented on the file

policies and procedures detail how employees should manage and document situations where clients require assistance from third parties, ensuring safeguards are in place to protect the interests of the vulnerable person

policies and procedures that define how businesses implement their peer review processes should clearly distinguish between those which are compliance focussed (internal) and those which are advice focussed (external)

accurate records should be maintained to demonstrate that the review has taken place, as well as the outcome of the review.

Corporate governance:

conflicts of interest

deficient policies and procedures relating to conflicts of interest, for example not enough detail on how conflicts of interest would be identified and managed if they could not be avoided

policies and procedures did not always address conflicts that occurred due to friendships and family connections

failure to take steps to avoid conflicts of interest

failures to identify conflicts of interest

where conflicts of interest existed, a failure to show how the conflicts were managed

policies and procedures on conflicts of interest are comprehensive and robust to ensure that they are avoided where possible

where it is not possible to avoid conflicts of interest, they are appropriately identified and managed

decisions to onboard a vulnerable person where a conflict of interest has been identified are carefully considered

recording in sufficient detail the rationale for the decision to onboard a vulnerable person where there is a conflict of interest

recording and regularly reviewing mechanisms to minimise the risks where there is a conflict of interest associated with onboarding vulnerable persons

mechanisms are in place for employees to discuss potential conflicts of interests with their manager, and in each instance the decision is recorded

controls are in place to avoid conflicts of interests, for example where a client relationship is likely to create a conflict of interest with a particular independent financial advisor, another independent financial advisor within the business will take on the client (with the client’s consent)

if the above is not possible, or the client does not consent, other controls are implemented, such as a four-eye check to ensure the advice provided is appropriate

The conflicts of interest register is comprehensive and includes, for instance:

- the client and whether, or not they are a vulnerable person

- the reason for the conflict

- when the conflict was identified and how it was identified

- what steps have been taken to avoid the conflict and if none, why

- what steps have been taken to manage the conflict and reduce the risk

- any developments in the client relationship that might be relevant, and any other relevant information

- the date of next review

Internal systems, controls and training

training on how to identify and manage vulnerable person clients was not provided to employees

training was not sufficiently tailored to the employee’s role, for example, advisers were not given training on considerations when advising vulnerable persons

all client facing employees, including advisers, are provided with training in how to identify and engage with vulnerable persons

employees understand what escalation processes may be triggered once a client is identified as a vulnerable person

policies and procedures, training materials, and client files clearly show why identifying vulnerable persons is important and why it’s necessary to tailor interactions with them

1.2 Key statistics

We identified findings in all the examinations. Statistics regarding the number of findings include:

two thirds of supervised persons we examined were unable to demonstrate that they had considered the vulnerable persons guidance note, contrary to the obligation to do so in the investment business code

two thirds of supervised persons we examined were unable to show robust policies and procedures regarding conflicts of interest

in addition, they were unable to demonstrate that they looked to avoid conflicts of interest, or that they identified and appropriately managed conflicts of interest which were unavoidable.

half of the supervised persons we examined were unable to sufficiently demonstrate tailored employee training regarding vulnerable persons

1.3 Comparison with the 2017 thematic examination

As outlined below in section 2, we undertook a thematic examination in 2017 to test the suitability of investment advice provided to clients within the investment business sector. While the scope of the 2017 examination did not align precisely with the vulnerable person examination, we identified findings of a similar nature across both examinations, including:

failures to formally implement control and review processes beneficial in recognising and handling clients that requirement additional care, assistance, or support

failures to identify clients as vulnerable and document that such consideration had taken place due to a lack of effective policies and procedures detailing how to identify and appropriately deal with vulnerable persons

generic or absent risk warnings provided in suitability letters

failures to identify, record and manage conflicts of interests

Although out of scope for the vulnerable persons examination, we identified issues with record keeping and customer due diligence during our examinations , which we also identified as issues in our previous thematic examination. This indicates that supervised persons still have some work to do in these areas, and suggests that they are not making use of the vulnerable persons guidance note. More information on this can be found in sections 2 and 3.

1.4 Findings

This chart identifies the areas where in-scope findings were identified, and how many of the six examined supervised persons had findings in those areas:

This chart illustrates that:

there were findings across all areas within the vulnerable person thematic examination scope

more than half of the examined entities had findings in each of the areas in scope

five out of the six entities we examined had findings relating to vulnerable persons

We outline more granular detail regarding the findings in section 3.1.

A chart outlining the out-of-scope findings and a brief narrative is set out in section 3.2.

1.5 Action required

We expect boards and senior management of all supervised persons subject to the requirements of the Investment Business Code of Practice, not just those included in this examination, to:

consider the findings and good practice highlighted in this feedback against their own arrangements

make changes to their systems and controls if any areas are identified for development

ensure that their business is complying with all relevant regulatory requirements in relation to vulnerable persons

They can expect us to consider it an aggravating factor when determining our regulatory strategy where we identify any findings that show:

supervised persons have not considered their own compliance arrangements against the feedback and guidance issued by the JFSC

supervised persons have not taken steps to remediate identified deficiencies

Supervised persons should consider the following:

the Investment Business Code of Practice, in particular, but not limited to, principles 2 and 3

the Money Laundering (Jersey) Order 2008, in particular the following:

-articles 3, 13 and 15 regarding the obligations of supervised persons relating to identification measures

-article 11 with respect to the obligations of supervised persons regarding their processes and procedures, and their monitoring obligations

the handbook for the prevention and detection of money laundering, the countering of terrorist financing and of proliferation financing, in particular the following:

-section 2.3 regarding the responsibilities of the board and senior management

-section 2.4 regarding supervised persons’ obligation to have effective systems and controls

-section 4.3 regarding supervised persons’ obligation to identify and obtain evidence

the 2017 thematic examination feedback paper

our guidance note on the provision of investment services to vulnerable persons under the Code of Practice for investment business

our industry update on the vulnerable person thematic examination

Where supervised persons identify any deficiencies in their systems and controls, we expect them to:

prepare a remediation plan and discuss this with their supervisor

consider the notification requirements under the AML/CFT/CPF Code of Practice set out in section 2.3 of the Handbook and the Investment Business Code of Practice to deal with the JFSC in an open and cooperative manner

remedy any identified matters in the manner set out in the remediation plan agreed with their supervisor

consider what assurance activities may provide comfort to the board and senior management that any issues identified have been addressed

Supervised persons should consider our guidance on remediation action plans.

2 Background and scope

We regularly undertake thematic examinations to assess whether statutory and regulatory requirements are being complied with in targeted areas. Thematic examinations may cover wider themes over multiple sectors or be sector specific, as with the vulnerable person thematic examination.

The purpose of this feedback paper is to:

publish an anonymised summary of the key findings identified during the vulnerable person thematic examination

set out relevant good practice for supervised persons subject to the requirements set out in the Investment Business Code of Practice.

It is not intended to comprehensively describe all risks that may be associated with non-compliance to regulatory obligations. Not all firms face the issues described.

2.1 The 2017 thematic examination feedback

Before we look at the findings, it is helpful to reflect on how practice has evolved in this area and historic similar findings.

In 2017, in response to concerns around investment advice, the JFSC undertook the 2017 thematic examination. A total of 10 supervised persons were examined for their compliance with the Investment Business Code of Practice.

Like the vulnerable person thematic examination, the 2017 examination focussed on compliance with principle 2 of the Investment Business Code, however, the topic of suitability of investments was broader than that of vulnerable persons.

Nevertheless, there were similarities across both examinations (noted in section 1.3), indicating that certain areas of weakness in the sector remain. The relevant areas to the vulnerable person examination were the 2017 findings relating to suitability letters, vulnerable clients and conflicts of interests.

Other key areas of cross over included policies and procedures, record keeping and identification measures and client due diligence including source of funds and source of wealth. The related feedback paper lists 19 finding areas.

2.2 JFSC guidance note on vulnerable persons

We issued a guidance note on the provision of investment services to vulnerable persons under the Code of Practice for investment business on 31 October 2019. This was in response to a consultation on proposed enhancements to the investment business regime in 2018, and in response to continued issues identified relating to the treatment and level of care provided to vulnerable persons.

The 2019 guidance note sets out practical considerations for industry professionals and remains essential reading. The document indicated that the treatment of vulnerable persons would continue to be an area of focus for our onsite examination programme.

2.3 The vulnerable person thematic examination

2.3.1 Purpose and scope

The vulnerable person thematic examination aimed to assess:

how supervised persons identify and interact with vulnerable persons

the measures they put in place to protect vulnerable persons

how supervised persons monitor those protections

The examination focussed on compliance with principles 2 and 3 of the Investment Business Code, which states that a supervised person must:

have the highest regard for the interests of its clients

organise and control its affairs effectively for the proper performance of its business activities

be able to demonstrate that they have adequate risk management systems.

Our industry update about the vulnerable person thematic examination (issued in April 2023) provides some further useful background reading.

The industry update aimed to encourage consideration by supervised persons of the many aspects of what defines a vulnerable person, and the equally multidimensional measures which may need to be put in place to protect vulnerable persons.

The industry update also sets out the scope of the thematic examination, which, in addition to an assessment of the suitability of advice to vulnerable persons, includes an assessment of supervised persons’:

policies and procedures relating to the identification of vulnerable persons and the provision and implementation of appropriate protection

risk assessments

ongoing monitoring

2.3.2 Process

A six-phase process was adopted for the vulnerable person thematic examination. The phases can be described as follows:

Phase	Summary	Detail
1	Questionnaire to class D licence holders	In April 2023, we sent a questionnaire to class D licence holders asking for information on the systems and controls in place relating to the treatment of vulnerable persons. The responses to the questionnaire helped inform the selection of supervised persons for the onsite examinations.
2	Issuance of IR1	An information request was sent to the supervised persons selected for an onsite examination requesting: a client list, core policies and procedures, registers, documentation relating to governance, and training materials specific to suitability of advice and vulnerable persons.
3	Issuance of IR2	Following receipt of the client list, we selected a sample of client files via a second information request which also asked for: client profiles, a summary of advice provided, customer due diligence and risk assessments, fact find documentation and suitability or reasons why letters”
4	Desk-based document review	We undertook a desk-based review of the information provided in response to IR1 and IR2. We raised queries as they arose directly with supervised persons, prior to the onsite, to narrow the focus for the interview questions during the examination.
5	Onsite examination	During the onsite, we interviewed various employees. As a ‘no surprises’ policy is operated, supervised persons were kept informed of any potential findings throughout the examination.
6	Examination report	Where findings were identified, they were incorporated into a formal examination report. The findings from each of those reports are included within this feedback paper in a consolidated and anonymised format.

Further information about the examination process is available on our website.

We would like to thank the supervised persons who provided responses to the questionnaire. While those supervised persons that were not selected for the onsite examination would not have received a personalised report from us, we would expect them to carefully consider the content of this feedback paper. We recommend they perform a gap analysis against their own systems and controls to ensure they are compliant and, where appropriate, are able to demonstrate good practice.

3 Key findings

The key findings summarised in this section identify a range of deficiencies in systems and controls and corporate governance. These have the potential to prevent supervised persons from meeting their obligations under the Investment Business Code of Practice and the order.

3.1 Findings within scope

3.1.1 Vulnerable persons

Obligations under the investment business code and consideration of the guidance note

The Investment Business Code states that a supervised person must have the highest regard for the interests of its clients. For example, it requires supervised persons to:

act with due skill, care, and diligence to fulfil the responsibilities that it has undertaken

obtain, document and maintain any information about the circumstances (both financial and otherwise) and investment objectives of the client that are relevant to the services to be provided

consider any relevant guidance issued by the JFSC when determining how it will comply with the requirements under principles 2, 3 and 4 of the Investment Business Code.

The specific obligation on supervised persons to identify vulnerable persons and provide them appropriate protection, is detailed at paragraph 2.5 of the Investment Business Code. The guidance note outlines useful further information including:

who may be classified as a vulnerable person (paragraph 6)

how supervised persons might assist vulnerable persons (paragraph 8)

what systems and controls should be put in place to manage vulnerable persons (paragraph 9)

The JFSC’s expectations of supervised persons to ensure a vulnerable person is provided with adequate care which is implicit in the investment business code (paragraph 10)

The JFSC expects supervised persons to have policies and procedures designed to detect and prevent vulnerable persons suffering financial losses because of a third-party attempting to exploit their vulnerabilities. Paragraph 3.2.1.5 of the Investment Business Code is referred to noting that supervised persons are required to have systems in place to enable management to guard properly against involvement in financial crime, including fraud.

Example findings

Across the examined supervised persons, five had findings regarding their obligations relevant to the treatment of vulnerable persons. Examples of the findings include:

in four out of six of the supervised persons examined there was a failure to evidence that consideration had been given to the vulnerable person guidance note, despite the requirement to do so in paragraph 2.2 of the code. For example:

-three of the supervised persons had failed to put in place policies and procedures designed to detect and prevent the facilitation of vulnerable persons suffering financial losses because of a third-party attempting to exploit their vulnerabilities (as set out in paragraph 10.5 of the guidance note)

-without identifying a client as a vulnerable person, and what their vulnerabilities consist of, supervised persons cannot tailor the services to provide the vulnerable person with appropriate protection. For instance, without identifying that a client with a degenerative illness may be vulnerable, the supervised person cannot consider what protection to put in place, such as more frequent file reviews, or other ways to present their advice (advice in writing and in person with a trusted third-party present, for example)

-at two of the examined supervised persons there was a failure to identify and provide appropriate protections to vulnerable persons. For example, the following factors were not identified as having the potential to make a client vulnerable (or more vulnerable):

- being of advanced years, and being the primary carer for a spouse who was a vulnerable person

- being in ill-health and subsequently grieving the loss of a long-term partner

- grieving the loss of a child

- being of advanced years, widowed and recently moved to the island

- having a degenerative illness and being a full-time carer for an elderly parent

-factors like these may cause a client to become a vulnerable person or increase the vulnerability of a client who was already identified as vulnerable. Supervised persons must ensure their processes provide appropriate protection to vulnerable persons, such as additional assistance (see paragraph 8 of the guidance note)

-supervised persons must also consider implementing additional controls such as those set out at paragraph 9 of the guidance note, such as an additional sign off or imposing cooling off periods

-in one instance, the supervised person’s risk assessment documentation made no mention of risks relating to vulnerable persons. Without this, the board cannot demonstrate that all relevant risks have been identified and that they have appropriate oversight.

three of the supervised persons had inadequacies recording the information when a vulnerable person was identified. Examples included: incomplete documentation (such as fact finds), insufficient recording of vulnerabilities identified, and inadequate recording of the steps taken to provide the vulnerable person with appropriate protections. Without recording these details, it is difficult for supervised persons to evidence that they meet the obligation under paragraph 2.5 of the investment business code

3.1.2 Suitability of advice

Obligations under the code and consideration of the guidance note

The Investment Business Code states that supervised persons must:

demonstrate, in writing, that the advice it offers or the discretion it exercises is suitable for each client

ensure information is comprehensible and timely to enable a client to make an informed investment decision

outline relevant other factors such as risk warnings, investor compensation schemes and cooling off periods

communicate information to clients in a way that is adequate, fair and not misleading

In addition, the Investment Business Code requires that a supervised person must annually review the due diligence and suitability criteria of the products and its investment service providers. This is in relation to the investment services provided to its clients.

Where a supervised person does not comply with these obligations, they are at risk of not being able to prove the advice provided is appropriate for their clients. This could also lead to them being unable to evidence that it acted with the highest regard for the interests of clients.

The guidance note states that additional sign-off should be considered at appropriate stages of the investment process. For example, a new business application and issuing suitability letters, or proposal letters. The guidance note suggests that this might include a peer review, compliance review or a senior manager, or director review. Supervised persons should consider when one or more such reviews may be appropriate for its business.

Example findings

Across the examined supervised persons, three had findings relating to suitability of advice.

Examples of the issues identified included:

In three cases the supervised persons did not make information available to their clients in an understandable and timely manner on every occasion. In one instance there was no evidence of written advice being sent to the client who was vulnerable due to language limitations. In the absence of written advice, it cannot be said that this client received appropriate information in an easy to understand and timely manner to allow them to make an informed investment decision.

In three cases there were instances where the supervised persons did not:

-clearly identify, set out the relevant risk warnings, or provide a summary of the risk factors associated with the products

-inform the client of the existence or otherwise of an investor compensation scheme

-clearly identify or inform the client of any applicable cooling off periods

In two instances at one supervised person there was conflicting details within the suitability letter and attached appendix regarding tax implications. Without a full understanding of all the potential advantages or disadvantages of the products, clients are unable to make fully informed investment decisions

In two cases the supervised persons peer review process was insufficiently recorded, meaning they were unable to evidence that their mechanisms acted as a cross-check to the suitability of advice provided to their clients. For example, at one supervised person the peer reviews were dated after the suitability letter had been sent to the client. It is important that the process is recorded to enable supervised persons to demonstrate the purpose, implementation, and effectiveness of the process. It also ensures consistency for its business.

In one case the supervised person did not annually review its due diligence and suitability criteria for its products and investment services providers. Supervised persons that fail to review their products and investment services providers are at risk of their advice being inappropriate for their clients.

3.1.3 Conflicts of interest

Obligations under the code and consideration of the guidance note

The Investment Business Code requires supervised persons to identify as well as manage any conflicts of interest. It also requires supervised persons to try to avoid any conflict of interest.

Where conflicts do arise that cannot be avoided, the Investment Business Code requires a supervised person to have effective procedures to address such conflicts by:

disclosure

applying internal rules of confidentiality

declining to act

otherwise acting appropriately in the circumstances

Connected to these obligations are:

record keeping obligations which requires a supervised person to keep adequate, orderly, and up-to-date records in relation to, inter alia, its risk management systems

record keeping guidance contained in the guidance note states that a supervised person should record any additional measures undertaken to assist a client and ensure that its records are accurate and would hold up to external scrutiny

as with the findings relating to suitability of advice (above) and training (below), the issues around conflicts of interest do not arise purely in connection with vulnerable persons, but also apply to a supervised person’s entire client base. Even so, supervised persons should be aware of the risks associated with vulnerable persons as clients, such as the increased risk of undue influence where a conflict of interest is present. Comprehensive recording of the rationale behind the client take-on, notwithstanding the conflict and the mechanisms in place to manage the conflict, will be essential to assist the supervised person in proving their obligations have been met

Example findings

Across the examined supervised persons, four had findings relating to conflicts of interest. Examples of the issues identified included:

in four cases the supervised persons examined had deficient processes and procedures around conflicts of interests. For example:

at one supervised person the conflicts of interest policy and procedure exempted conflicts which were the result of friendship. This does not sufficiently consider the risks if the friendship is close and/or more than an acquaintanceship. The risks that such close connections may pose are higher where a client is a vulnerable person and could be more susceptible to undue influence or duress
at one supervised person the conflicts of interest policy and procedure did not properly address the definition of conflicts of interest, or the way conflicts must be recorded and mitigated. Without a clear definition and procedure, employees could fail to identify conflicts of interest, meaning the conflict cannot be avoided, or managed

In three cases supervised persons failed to identify, avoid and/or manage conflicts of interest. For example:

at one supervised person, while its policy stated that advising family members would create a conflict, there were many instances of this occurring in practice. Although the conflicts were identified, recorded and reported to the board, there was no evidence that the supervised person tried to avoid the conflicts occurring. Moreover, there were also insufficient measures to manage, or mitigate the risk arising from the conflict
at one supervised person, employees were identified as having competing roles within the business (key person roles and directorships). In addition, employees were identified as holding other business interests where there were examples of a shared customer base. While the conflicts were known to the board, there was not enough evidence recorded to demonstrate how the conflicts were being managed.

3.1.4 Training

Obligations under the code and consideration of the guidance note

The Investment Business Code requires that a supervised person is responsible for ensuring that the CPD taken by its investment employees and the compliance officer is appropriate to their role. This must consider the employee’s job description and current duties and may include future development needs.

The guidance note states that a supervised person should ensure that all employees, especially those providing investment services, are fully aware of the policies and procedures in place in respect of vulnerable persons and receive appropriate training

Specific training on how to identify and manage vulnerable persons is important to ensure that the supervised person can meet its obligations under the Investment Business Code. If employees are not properly trained, identification of vulnerable persons may be missed and if they do not know if a client is a vulnerable person, it is difficult to ensure they are given the necessary protection.

Example findings

Across the examined supervised persons three had findings relating to training.

The issues identified at three supervised persons were that there was either no, or insufficiently tailored, training on the topic of vulnerable persons provided to employees.

3.2 Out-of-scope findings

During the examinations, JFSC officers also identified findings which were deemed to be outside the scope of the thematic. Supervised persons are encouraged to consider the examples of good practice outlined in the 2017 thematic examination feedback paper as well as the other relevant feedback papers linked below.

3.2.1 Internal systems and controls (including policies and procedures)

The findings in this area included:

failure to screen, or otherwise take account of a client’s potential PEP status

deficient complaints procedures

no policy or procedure regarding delegated powers/powers of attorney, or similar considerations

failure to test adherence to policies and procedures

Concerns regarding policies and procedures were identified in the 2017 thematic. In addition, the 2022 financial crime examinations feedback paper outlines some findings in this area, along with good practice examples.

3.2.2 Corporate governance (board effectiveness and risk management)

The findings in this area included:

failure to document consideration of any potential barriers within the supervised person’s business risk assessment. This includes cultural barriers which may exist to prevent the operation of effective systems and controls together with policies and procedures to counter money laundering, terrorist financing and proliferation financing

failure to identify all relevant risks as required under principle 3 of the Investment Business Code

lack of evidence of adequate board oversight, such as missing or insufficiently detailed board minutes

Similar failings in relation to board oversight were identified in the 2017 thematic feedback paper. The 2022 AML/CFT Business Risk Assessment and formal AML/CFT Strategy Feedback paper includes some similar findings and best practice examples.

3.2.3 Compliance monitoring plan

The findings in this area included:

failure to demonstrate an effective compliance monitoring plan to test the effectiveness of the supervised person’s controls that are in place to mitigate the identified risks

failure to perform any compliance monitoring testing in the review period

client files not reviewed in line with the supervised person’s policies and procedures at the appropriate frequency in accordance with the client risk rating and related periodic review procedures

The issue of compliance monitoring was considered in the 2017 thematic feedback paper. See also the 2020 Compliance monitoring examination feedback and the 2022 thematic examination programme – the role of the MLCO feedback with respect to similar findings and best practice examples.

3.2.4 Compliance function

The findings in this area included:

inadequately resourced compliance function

a failure by the board to have oversight in relation to the compliance function and monitoring

Similar failings regarding oversight of the compliance function by the board were identified in the 2017 thematic feedback paper.

3.2.5 Identification measures

The findings in this area included:

inadequate customer due diligence

lack of screening of clients

insufficient evidence regarding source of funds and source of wealth

This was also identified as an area for improvement in the 2017 thematic feedback paper and the 2022 financial crime examination feedback paper.

3.2.6 Record keeping

The findings regarding record keeping failures related to business risk assessment, policies and procedures and customer records.

Record keeping was identified as an area for improvement in the 2017 thematic examination feedback paper. The 2022 financial crime examination feedback paper outlines similar findings and best practice examples.

4 Next steps

All supervised persons examined received direct feedback from us. Where there were findings, the supervised persons were required to submit a formal remediation plan setting out actions to be taken and timescales for completion.

Where serious breaches are identified, we consider the appropriate level of response on a case-by-case basis directly with the supervised person. In some cases, this may result in a referral to the JFSC’s Heightened Risk Response team and in other cases, formal enforcement action may follow.

When conducting remediation activity, we expect that issues are not reviewed in isolation, but considered with wider implications of the findings detailed in the examination reports. Supervisors work closely with supervised persons to ensure that the steps taken to address findings are appropriate to the scale of risks identified. Read our guidance on how supervised persons should approach remediation action plans.

A key component of regulatory effectiveness is to ensure that where a supervised person has completed remediation activity, it has done so in a way that is not only effective, but also sustainable and can demonstrate compliance with the statutory and regulatory requirements on an ongoing basis.

We may, in certain cases, mandate remediation effectiveness testing following confirmation of completion from supervised persons.

In future engagements with us, supervised persons may be asked to evidence steps taken to address identified deficiencies in their control environment.

Where this action is not considered to be adequate, or where we identify similar deficiencies to those highlighted in our feedback papers, we will consider our future supervisory strategy and where appropriate, regulatory action.

In future planning, we will consider repeating this thematic examination, to test whether supervised persons have taken on-board the guidance set out in this feedback and whether the compliance rates have improved.

Glossary

AML	Anti-Money Laundering
AML/CFT/CPF Code of Practice	The AML/CFT/CPF codes of practice contained in the handbook
Board	The board of directors or the board function described in section 2.1 of the handbook
CFT	Countering the Financing of Terrorism
Class D	Class D investment business licence, defined in the schedule to the Financial Services (Financial Service Business) (Jersey) Order 2009 as “Giving investment advice when prevented from holding Client assets by virtue of a condition of registration”.
CPF	Countering proliferation financing
Financial Crime	Money laundering, the financing of terrorism, proliferation financing, and non-implementation/breaching/circumvention/evasion of targeted financial sanctions
financial services business	Has the meaning given in Article 1 of the Proceeds of Crime (Jersey) Law 1999
Guidance Note	The JFSC guidance note: the provision of investment services to vulnerable persons under the code of practice for investment business
Handbook	Handbook for the prevention and detection of money laundering, the countering of terrorist financing, and the countering of proliferation financing
IR1	First information request
IR2	Second information request
JFSC	Jersey Financial Services Commission
Order	Money Laundering (Jersey) Order 2008
PEP	Politically exposed person
Regulatory Laws	collectively the Banking Business (Jersey) Law 1991; Collective Investment Funds (Jersey) Law 1988; Financial Services (Jersey) Law 1998; Insurance Business (Jersey) Law 1996 and the Alternative Investment Funds (Jersey) Regulations 2012
Suitability letter	A letter from an Independent Financial Adviser to a client which details advice as to the suitability of an investments
Supervised person	Defined in Article 1 of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008. Includes persons regulated by the JFSC under one of the Regulatory Laws and designated non-financial services businesses and professions (DNFBPs).