Thematic examination programme 2022 feedback Beneficial Ownership and Control

Thematic examination programme 2022 – Feedback

Beneficial Ownership and Control

1 Executive Summary

During the fourth quarter of 2022, we assessed the extent to which supervised persons had complied with their regulatory obligations with respect to Beneficial Ownership and Control (BOC). Information was requested covering a review period of 1 July 2021 to 30 June 2022 (the Review Period).

In terms of legal and regulatory obligations, knowing and understanding a customer’s ownership structure is integral to complying with the Money Laundering Order and the AML/CFT/CPF Codes of Practice. Where a supervised person has customers that are legal persons, the Money Laundering Order requires the ownership and control structure of the customer to be understood. It also requires the identification of the individual(s) who is/are the customer’s beneficial owner(s) and controller(s). Without establishing a customer’s BOC, it is impossible for a supervised person to apply a risk-based approach to managing financial crime risks. Compliance with requirements relating to BOC is therefore a fundamental element of a supervised person’s AML/CFT/CPF control framework. Separate obligations in terms of BOC are also set out in the Disclosure Law, such as the requirement to notify Registry of a change in BOC information within 21 days of becoming aware of the change.

Where any of the regulatory obligations connected to BOC are not fulfilled, a supervised person’s CDD measures (i.e. identification measures and ongoing monitoring) may not be fully effective, potentially exposing them to a higher level of financial crime risk.

During this thematic, the JFSC examined 120 customer files across 10 supervised persons, all of whom provided Trust Company Business (TCB) services. The examination included a review of customers that were legal persons with at least 50% ownership by a trustee on behalf of a trust. Information relevant to Jersey legal persons reviewed by the JFSC examination teams was also provided to Registry, which conducted a review against its own records.

A detailed overview of the examination findings is set out in section 3 below. Findings identified by Registry were dealt with separately by Registry’s Supervision Team and are not discussed in this feedback paper. A glossary of terms used can be found at the end of this document.

1.1 Findings and best practice

The table below summarises the more detailed findings set out in Section 3 which were identified during the examinations. We have also listed some examples of best practice which relate to each of these areas. Note that not all these examples of best practice were identified during these examinations.

Area of findings	Findings	Best practice
Corporate Governance – Compliance Monitoring Plan	No CMP was in place during the review period, meaning that issues in respect of BOC might not be identified   A beneficial owner’s change of address had been identified during the review of a customer file, but this change had not been filed with Registry in line with the requirement to do so CMP test results were handwritten and supporting notes were illegible meaning the supervised person could not evidence it had performed adequate testing of its compliance with the BOC requirements	The CMP is clearly mapped to and designed to assess compliance with all the legal and regulatory requirements regarding BOC which includes identifying obligations arising under the Order, the AML/CTF/CPF Code of Practice and the Disclosure Law Where breaches of the BOC requirements are identified, a root-cause analysis is conducted and remedial action is undertaken to ensure there are no recurrences. Consideration is also given to staff training requirements to mitigate any such risk Results of the CMP are reported to the Board so that it is aware of the level of compliance with the BOC requirements Periodic reviews of customers revalidate BOC information The frequency of periodic reviews is determined by the risk rating of the customer
Internal Systems and Controls – Policies and Procedures	Inconsistencies between supervised persons’ policies, procedures and guidance in terms of the ownership percentage above which an individual would be considered a beneficial owner Inconsistencies within policies and procedures regarding what enhanced due diligence measures should be applied to higher risk customers Oversights, errors, and omissions in the application of CDD measures led to supervised persons not following their own procedures In a number of cases, changes to BOC information were not notified to Registry within 21 days, as required by the Disclosure Law and supervised persons’ own policies and procedures Policies and procedures did not cover the requirement to inform Registry when notifiable changes to BOC information occurred Testing was not in place which would have flagged that a change in BOC information required notification to Registry A supervised person failed to comply with its own policies and procedures as there were a significant volume of periodic reviews overdue Policies and procedures did not set out how to review a business relationship following a trigger event	Supervised persons periodically benchmark their policies and procedures relevant to BOC against Jersey’s legal and regulatory requirements to ensure they remain fit for purpose. Prompt action is taken to address any deficiencies Where CMP testing identifies that employees have breached policies and procedures relating to BOC requirements, steps are taken to improve staff awareness of those requirements
Internal Systems and Controls – Training of Employees	Training delivered contained references to Jersey legislation no longer in force	Where employees receive group training on BOC, additional Jersey-specific training is also provided where necessary Training is periodically reviewed and updated, to take account of changes in BOC requirements and guidance Employees’ understanding of BOC requirements is tested following the delivery of training
Identification Measures – Assessment of Risk	The Customer Risk Assessment (CRA) was completed incorrectly, which could lead to an incorrect risk rating being generated and beneficial owners or controllers not being identified The CRA did not take account of the risk posed by all parties connected to the customer, e.g. not all shareholders were considered The questions in the CRA were the same for both natural persons and legal persons, resulting in certain risks associated with beneficial owners and controllers not being considered The CRA did not consider the cumulative risk exposure from the customer being connected to multiple high-risk jurisdictions. Insufficient measures may be applied to the customer if not all risk factors are considered in the CRA	Staff understanding of key customer relationships are regularly refreshed to ensure employees fully understand the ownership structure, historic/ current/expected activities, and key risks of their customers The CRA includes consideration of whether the customer has any indirect risk exposure, e.g. to higher risk or sanctioned countries or territories The CRA considers the cumulative impact of lower-level risks that together may result in an assessment of a higher risk of financial crime The CRA considers the transparency and behaviour of the customer
Identification Measures – Finding out identity and obtaining evidence of identity	Documents obtained as evidence of identity were not in line with the requirements set out in the policies and procedures	Policies and procedures provide examples of what information or documents could be obtained to corroborate source of wealth and source of funds. For example, requesting copies of audited financial statements for a corporate customer Policies and procedures provide case studies to help explain how BOC is to be determined in different circumstances, e.g. complex structures or different types of legal person Supervised persons utilise the three-tier test set out in Section 4 of the Handbook to identify beneficial owners and controllers for CDD purposes and follow Registry’s guidance for BOC notification purposes

1.2 Key statistics

Findings were identified in six of the 10 examinations undertaken. Some key statistics regarding the number of findings include:

Around a fifth of supervised persons examined had policies, procedures, and guidance which were inconsistent with each other in terms of the risk-based application of a threshold over which a person would be categorised as a beneficial owner or controller, therefore requiring CDD measures to be applied to them

Around a third of supervised persons examined did not consider all of the risk factors which may be presented by a customer in their CRA. Examples include PEP status, source of funds arising from higher risk jurisdictions, and risks arising from beneficial owners within the customer’s structure

We previously undertook a thematic examination in Q1 2018 to test 12 supervised persons’ compliance with the Registry requirements regarding BOC (the 2018 thematic). The scope of the 2018 thematic differed from that of the 2022 thematic, in that it focused more specifically on compliance with the revised Registry requirements for BOC which came into force on 30 June 2017. The Financial Services (Disclosure and Provision of Information) (Jersey) Law 2020 (the Disclosure Law) came into force on 6 January 2021 consolidating the filing and notification requirements for Registry. As noted above, the 2022 thematic focused on a supervised person’s compliance with the relevant parts of the Money Laundering Order and Handbook as well as considering the relevant filing and notification requirements in the Disclosure Law.

While some findings of a similar nature were identified across both thematics, these occurred in fewer instances during the 2022 thematic compared to the 2018 thematic, for example:

58% of supervised persons examined during the 2018 thematic had a finding in respect of policies, procedures, and training. This reduced to 40% in the 2022 thematic

92% of supervised persons examined during the 2018 thematic had a finding in respect of record keeping. No supervised persons had a record keeping finding in the 2022 thematic

50% of supervised persons examined during the 2018 thematic has a finding in respect of corporate governance. This reduced to 20% in the 2022 thematic

The above statistics indicate that supervised persons’ compliance in these areas has improved over the last four years. Of particular note is that no findings in the 2022 thematic related to a failure to identify beneficial owners and controllers. Furthermore, in the 2022 thematic four supervised persons had no findings identified.

However, some repeated issues have been identified across both thematics, including:

Updates to BOC information not being submitted to Registry within 21 days of becoming aware of the change

Documents collected as evidence of identity not being suitably certified, or translated into a language understood by an employee of the supervised person

CRAs not being completed correctly, which can result in the appropriate CDD measures not being applied

Three supervised persons were examined in both the 2018 and 2022 thematics. Two had no findings in 2022 and the third had findings, but on different issues to the 2018 exam.

1.3 Assessment of examination results

As noted above, there has been a general improvement in overall compliance when comparing findings across the 2018 and 2022 thematic examinations. This suggests that supervised persons have worked to enhance their systems and controls in respect of BOC during the intervening period.

The key statistics described above do, however, suggest that work continues to be required by supervised persons regarding:

The maintenance of consistent policies and procedures

Ensuring that CRAs take into account all risk factors which are presented by the customer

Identifying all beneficial owners and controllers connected to a customer, and obtaining evidence of identity which is reasonably capable of verifying that a person being identified is who they say they are

Supervised persons are also reminded to review the BOC information provided to Registry on an ongoing basis, not just at the time of the annual confirmation. Where they become aware of any incorrect or outdated information previously submitted to Registry, a supervised person should submit an update at the earliest opportunity.

1.4 Findings

Four supervised persons had no findings identified during their respective examinations. The below chart outlines areas where findings were identified across the six remaining supervised persons:

1.5 Action required

We expect Boards and senior management of all supervised persons, not just those subject to this examination, to:

consider the findings and best practice highlighted in this feedback against their own arrangements

make changes to their systems and controls if they identify any areas for development

ensure that their business is complying with all relevant statutory and regulatory requirements in relation to BOC

Supervised persons may also refer to the following:

Section 4.5 of the Handbook, which provides guidance notes for ascertaining who are the beneficial owners and controllers of legal persons:

Companies – Section 4.5.1, paragraphs 190-195

Foundations – Section 4.5.3, paragraphs 203-207

Partnerships – Section 4.5.5, paragraphs 215-221

Registry’s Beneficial Ownership and Controller Guidance to be provided upon establishment or registration of a number of legal persons. The guidance note also covers the requirement to notify Registry of any change in BOC information within 21 days

Where supervised persons identify any deficiencies in systems and controls, we expect them to:

prepare a remediation plan and discuss this with their Supervisor

consider the notification requirements under the AML/CFT/CPF Code of Practice set out in Section 2.3 of the Handbook, and the relevant Codes of Practice (dealing with the JFSC in an open and co-operative manner)

remedy any identified matters in the manner set out in the remediation plan agreed with their Supervisor

consider what assurance activities may provide comfort to the Board and senior management that deficiencies identified have been addressed effectively

Supervised persons should consider our guidance on remediation action plans.

 

2 Background and Scope

We regularly undertake thematic examinations to assess the extent to which statutory and regulatory requirements are being complied with in targeted areas. Thematic examinations may be sector-specific, but they often address wider themes which cover multiple sectors. The purpose of this feedback paper is to publish an anonymised summary of the key findings identified during the thematic examination and set out relevant best practice for the benefit of all supervised persons. Find out more about the examination process.

The theme was chosen in order to revisit supervised persons’ understanding and verification of BOC following the identification of deficiencies during our 2018 thematic examination on this area. A broad range of findings were identified during the 2018 thematic, including:

Board oversight

Policies, procedures and training

Record keeping

The objective of this thematic examination was to review and assess the extent to which supervised persons had complied with legislative requirements in Jersey relating to BOC, as well as relevant AML/CFT/CPF Codes contained within the Handbook.

The selection process was supported by our risk model and customer information submitted by supervised persons. In addition, three supervised persons selected for this thematic had also been subject to the 2018 thematic.

Over the course of the thematic, 120 customers were reviewed. The customers were legal persons rather than natural persons and, in all but 12 cases, had at least 50% of their ownership held by a trustee on behalf of a trust.

The JFSC’s assessment of compliance with statutory and regulatory requirements included in the examination scope was based on those in force during the Review Period.

In addition to their TCB licences, some of the 10 examined supervised persons also held other licence types, as outlined by the below chart. The abbreviated terms used in the chart are defined in the glossary set out at the end of this paper.  

In certain thematic examinations, we may choose to also send questionnaires to additional supervised persons. This allows us to collect information relevant to the examination from a broader range of supervised persons, which can then be followed up via a desk-based review if necessary. No questionnaires were sent to additional supervised persons as part of this thematic examination.

 

3 Key findings

The key findings summarised in this section are taken from the six supervised persons where findings were identified. They identify a range of deficiencies in systems and controls which could expose supervised persons to a heightened risk of failing to prevent or detect financial crime.

If a supervised person does not have sufficient controls in place regarding BOC then its AML/CFT/CPF framework will be fundamentally compromised, exposing the supervised person, and Jersey, to unacceptable levels of financial crime risk.

3.1 Corporate Governance

Section 2.3 of the Handbook outlines the key responsibilities of the Board of a supervised person in the context of preventing and detecting financial crime as:

identifying the supervised person’s financial crime risks

ensuring that its systems and controls (including policies and procedures) are appropriately designed and implemented to manage those risks

ensuring that sufficient resources are devoted to fulfilling these responsibilities

Compliance Monitoring Plan

Article 11(1) of the Money Laundering Order requires supervised persons to maintain appropriate and consistent policies and procedures for a range of matters, including for the monitoring and management of compliance with, and the internal communication of, such policies and procedures.

Across the supervised persons examined there were two corporate governance findings[1] in relation to the CMP. Where the CMP is not sufficiently detailed, or testing is not properly undertaken, this creates the risk that compliance deficiencies will not be identified and addressed, increasing the supervised person’s exposure to financial crime. Examples of the issues identified included:

One supervised person did not have a CMP in place during the review period, creating the risk that breaches would not be identified and remediated

A review of a customer identified that a beneficial owner’s address had changed. However, Registry was not informed of the change. As a result, the supervised person was in breach of its statutory obligation to report changes of BOC information to Registry

In another case, the results of testing regarding the acceptance of new business were found to be handwritten. In addition, the supporting notes for the test were illegible. If the records of CMP testing are not easily understandable or accessible, the Board will not have access to all the facts when considering whether remedial actions need to be taken, potentially leaving breaches unresolved

3.2 Internal Systems and Controls

Section 2.4 of the Handbook includes an AML/CFT/CPF Code of Practice that requires supervised persons to establish and maintain a range of systems and controls to prevent and detect financial crime. These systems and controls must enable the supervised person to meet a range of obligations set out elsewhere within the Handbook and in Jersey’s legal framework, including:

the application of policies and procedures set out in Article 11 of the Money Laundering Order

screening, training, and awareness of employees

Policies and Procedures

Article 11(1) of the Money Laundering Order requires supervised persons to maintain appropriate and consistent policies and procedures for matters including customer due diligence measures.

Across the examined supervised persons there were four internal systems and controls findings in relation to policies and procedures. Examples of the issues identified included:

In one case, the supervised person’s policies and procedures did not cover the requirement to notify Registry where a change in BOC information was identified. In another case, the supervised person did not conduct any testing during the review period which would have identified that a notification of change in BOC information for a customer was necessary but had not been filed with Registry. These issues create the risk that non-compliance is not identified and addressed in a timely manner and a supervised person may be responsible for a customer failing to comply with its notification obligations under the Disclosure Law

In another case, a supervised person’s policies and procedures provided a list of trigger events which would require a review of the customer. However, there was no procedure outlining how a review caused by a trigger event would be conducted. This creates the risk that reviews would be conducted inconsistently, potentially missing risks which could later crystallise

One supervised person had a large number of periodic reviews outstanding. The majority of these were in respect of higher risk customers. The supervised person was in breach of their own P&Ps, which required periodic reviews to be completed on-time. If periodic reviews are not completed to schedule, there is a risk that issues will not be addressed in a timely manner

In two cases, supervised persons had not notified Registry of changes to customers’ BOC information within 21 days of becoming aware of the change, meaning their customers were in breach of the reporting requirements to Registry

In one case, a section of a supervised person’s compliance manual mandated testing for low-risk customers to be carried out at a specific frequency, but another section of the same document required the testing be carried out at a different frequency. These inconsistencies created the risk that testing might not be carried out at the appropriate times, resulting in deficiencies going undetected

In two cases, supervised persons’ policies, procedures, and/or guidance in respect of BOC and the wider application of CDD measures were not consistent with one another. Examples included:

when to obtain evidence of identity based on an ownership threshold

what documentation to collect for individuals who were not resident in Jersey

what constituted suitable certification of identity documents

Training of employees

Articles 11(9) to (12) of the Money Laundering Order set out statutory obligations to make employees whose duties relate to the provision of a financial services business aware of the policies and procedures put in place under Article 11(1). These Articles also require a supervised person to provide those employees with training on recognising and handling suspicious transactions and activity, as well as monitoring and testing the effectiveness of said training. Provisions in the AML/CFT/CPF Codes of Practice relating to training and awareness are set out in the Handbook. In particular, Section 9.5 of the Handbook requires a supervised person to provide adequate training to employees at appropriate frequencies. Such training must, among other things:

be tailored to the supervised person and be relevant to the employees receiving the training

cover key aspects of AML/CFT/CPF legislation

One finding was identified in relation to training, that referred to two pieces of out-of-date Jersey legislation which had been repealed in 2014 and 2020 respectively. No reference was made to the replacement legislation.

If employees are not provided with training on the correct legislation, they may not be aware of their obligations in terms of understanding and filing BOC information. This could mean, for example, that not all relevant beneficial owner and controller information is notified to Registry.

3.3 Identification Measures

Alongside ongoing monitoring, identification measures form part of the wider activity of ‘customer due diligence measures’ which is required by Article 13(1) of the Money Laundering Order. Article 3(2) of the Money Laundering Order outlines what identification measures are comprised of. These measures are further detailed in Section 3 and 4 of the Handbook.

Assessment of Risk

Article 3(5) of the Money Laundering Order requires supervised persons to assess the risk that any business relationship or one-off transaction will involve money laundering, as part of the wider identification measures set out in Article 3(2). In addition, Section 3.3 of the Handbook includes an AML/CFT/CPF Code of Practice that requires supervised persons to apply a risk-based approach to determine what measures should be applied during the identification process.

When supported by a correctly applied risk assessment, a risk-based approach allows a supervised person to manage the financial crime risk posed by a customer relationship in an effective and proportionate manner. However, if a risk assessment has not been properly carried out, appropriate measures and controls might not be applied to a customer relationship, leading to a significantly higher risk exposure for the supervised person.

The incorrect application of a risk-based approach may also have an impact on the application of CDD measures to beneficial owners and controllers. For example, a supervised person may have a policy that requires that certain CDD measures need not be applied to beneficial owners where their shareholding in the customer is below a certain percentage and the customer is categorised as low risk. That shareholding threshold may be lower where the customer is assessed as high risk and if an incorrect risk rating is generated for a customer, there is a danger that the supervised person will not apply CDD measures commensurate with the risk.

There were two identification measures findings relating to the assessment of risk. Examples of the issues identified include:

The CRA not being completed correctly. For example, in one customer file the response selected for ‘control of customer’ incorrectly stated that the supervised person shared control with other regulated service providers. In another customer file, the incorrect country of residence was selected in respect of ‘persons of interest’ connected to the customer

In one case, a supervised person had rated a customer as low risk but had not accounted for a majority shareholder of the customer being a PEP. In another case, the CRA did not capture all of the risks posed by the customer’s beneficial owners and controllers. As a result, the supervised persons could not demonstrate their CRA adequately assessed all of the risks factors

In one case, the supervised person used the same CRA for both individuals and legal persons. This meant that the questions on the CRA were not tailored to account for the unique characteristics of each type of person. In this case, the CRA did not consider the risks posed by beneficial owners and controllers of a customer. The supervised person therefore might not identify risks specifically relating to those parties, such as a shareholder being connected to a high-risk jurisdiction. This could mean that the incorrect risk rating is generated and the appropriate risk-based measures are not applied

In one case, the supervised person’s CRA requested the jurisdiction of the customer’s source of funds. However, there was no provision for scenarios where the source of funds might originate from more than one jurisdiction. For example, if the source of funds is 80% derived from a low-risk jurisdiction and 20% from a high-risk jurisdiction, the exposure to the high-risk jurisdiction might not be identified, potentially leading to an incorrect risk rating.

Finding out identity and obtaining evidence

Article 3(2)(c)(iii) of the Money Laundering Order sets out that where a customer is a legal person, a supervised person must find out the identity of individuals who are the beneficial owners or controllers of the customer and obtain evidence of the identity of those individuals. Article 3(4)(b) of the Money Laundering Order states that for the purposes of Article 3(2) of the Money Laundering Order, identification of a person includes obtaining evidence, on the basis of documents, data or information from a reliable and independent source, that is reasonably capable of verifying that the person to be identified is who they are said to be and satisfies the person responsible for the identification of a person that the evidence does establish that fact.

Section 4.3.2 of the Handbook also sets out an AML/CFT/CPF Code of Practice that requires the key documents obtained as evidence of identity to be understandable (i.e., in a language understood by an employee of the supervised person). Sections 4.3.1 to 4.3.5 also provide guidance notes on what constitutes sufficient identity information, along with different ways to obtain evidence of identity.

If a supervised person has not adequately verified that a person is who they say they are, the risk arises that the business relationship or one-off transaction might be carried out with the wrong person. This exposes the supervised person to a heightened risk of facilitating financial crime.

During the examination, there was one finding for identification measures specifically in relation to finding out identity and obtaining evidence. The finding included:

Deficiencies across a number of customer files including:

For two customers, certain due diligence documents collected by the supervised person as evidence of identity were either not certified, were certified as copies of copies, or were certified copies of PDFs. As these documents had not been suitably certified, the documentation obtained was not reasonably capable of confirming that the parties being identified were who they said they were. The supervised person was therefore unable to demonstrate it had obtained sufficient evidence of identity for these parties

For another customer, a utility bill obtained as verification of address was in a foreign language. If a document cannot be understood by the supervised person, it is unlikely to be an adequate source of evidence of identity

 

4 Next Steps

All supervised persons examined have received direct feedback from us. Where findings were identified, the supervised persons were required to submit a formal remediation plan setting out actions to be taken and timescales for completion.

Where serious breaches are identified, we consider the appropriate level of response on a case-by-case basis. In some cases, this may result in a referral to the JFSC’s Heightened Risk Response team and in other cases, formal enforcement action may follow.

When conducting remediation activity, we expect that issues are not reviewed in isolation, but consideration is given to the wider implications of the findings detailed in the examination reports. JFSC Supervisors work closely with supervised persons to ensure that the steps taken to address findings are appropriate to the scale of risks identified.

A key component of regulatory effectiveness is to ensure that where a supervised person has completed remediation activity, it has done so in a way that is not only effective, but also sustainable, to demonstrate compliance with the statutory and regulatory requirements on an ongoing basis.

We may, in certain cases, mandate remediation effectiveness testing following confirmation of completion from supervised persons.

In future engagements with us, supervised persons may be asked to evidence steps taken to address identified deficiencies in their control environments.

Where this action is not considered to be adequate, or where we identify deficiencies of a similar nature to those highlighted in our feedback, we will consider our future supervisory strategy and where appropriate, regulatory action.

In future planning, we will consider repeating this thematic examination, to test whether industry have taken on-board the guidance set out in this feedback and whether the compliance rates have improved.

 

Glossary

AML	Anti-Money Laundering
AML/CFT/CPF Code of Practice	the AML/CFT/CPF Codes of Practice contained in the Handbook
The Handbook	Handbook for the prevention and detection of money laundering, the countering of terrorist financing, and the countering of proliferation financing
Board	the Board of Directors or the Board function described in Section 2.1 of the Handbook
BOC	Beneficial Ownership and Control
CDD	Customer Due Diligence
CFT	Countering the Financing of Terrorism
CMP	Compliance Monitoring Plan
CPF	Countering proliferation financing
CRA	Customer Risk Assessment
Disclosure Law	Financial Services (Disclosure and Provision of Information) (Jersey) Law 2020
DNFBPs	Designated Non-Financial Businesses and Professions
Financial Crime	Money laundering, the financing of terrorism, proliferation financing, and non-implementation/breaching/circumvention/evasion of targeted financial sanctions
financial services business	Has the meaning given in Article 1 of the Proceeds of Crime (Jersey) Law 1999
FSB	Fund Services Business
GIMB	General Insurance Mediation Business
JFSC	Jersey Financial Services Commission
Legal persons	Includes companies, foundations, incorporated limited partnerships, limited liability companies, limited liability partnerships and separate limited liability partnerships
ML/TF/PF	Money Laundering, Terrorist Financing, and Proliferation Financing
Money Laundering Order	Money Laundering (Jersey) Order 2008
P&Ps	Policies and Procedures
PEP	Politically Exposed Person
Registry	Jersey Companies Registry
Regulatory Laws	collectively the Banking Business (Jersey) Law 1991; Collective Investment Funds (Jersey) Law 1988; Financial Services (Jersey) Law 1998; Insurance Business (Jersey) Law 1996 and the Alternative Investment Funds (Jersey) Regulations 2012
Suitable certification	Certification of a document in line with the guidance set out in Section 4.3.3 of the Handbook
supervised person	defined in Article 1 of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008. Includes persons regulated by the JFSC under one of the Regulatory Laws and designated non-financial services businesses and professions (DNFBPs).
SCH2	Licences issued relating to the carrying on of business listed in Part 3 of Schedule 2 to the Proceeds of Crime (Jersey) Law 1999
TCB	Trust Company Business

[1] Findings may be comprised of more than one issue.