Guidance for accessing the Obliged Entity Beneficial Owner register (OEBO register)

Glossary

Term	Definition
Accessing party/ies	the relevant person or their representative as defined in Article 8A of the Financial Services (Disclosure and Provision of Information) (Jersey) Law (DPI Law)
Beneficial owner	Defined in Article 2 of the Financial Services (Disclosure and Provision of Information) (Jersey) Law (DPI Law) as ‘an individual who ultimately owns or controls ….’
customer due diligence (CDD)	as defined in Article 3 of the Money Laundering (Jersey) Order 2008
obliged entity	relevant person who is obliged to perform CDD and will be granted access to the OEBO register
relevant person	as defined in Article 1 of the Money Laundering (Jersey) Order 2008
significant persons	as defined in Article 1 of the Financial Services (Disclosure and Provision of Information) (Jersey) Law (DPI Law)

Background and legislation introduction

Recent international policy discussion has considered the disclosure of beneficial ownership information with other parties for the purposes of preventing money laundering and terrorist financing. The Financial Action Task Force (FATF) recommended that countries consider facilitating access to persons who are obliged to perform customer due diligence (CDD) to support them in this process (Guidance on Beneficial Ownership of Legal Persons - 10 March 2023 (FATF). These persons are known as obliged entities. This includes banks and other financial services businesses.

Our Registry collects the personal details of individuals who own and/or control Jersey incorporated or established entities at the point of registration and on an ongoing basis. It is a statutory requirement that this “associated party” information is accurate and is kept up to date by the entity. Information about a Jersey entity's significant persons (such as the directors of a company, or a member of the council of the foundation) is currently available publicly via the entity search on our website.

On 11 September 2024 the States Assembly’s approval of an amendment to the Financial Services (Disclosure and Provision of Information) (Jersey) Law (DPI Law) to reflect the FATF guidance, obliged entities, referred to in the DPI Law as a "relevant person", or their representative (which may include an anti-money laundering service provider or a person appointed by the relevant person to assist with the relevant person's CDD obligations under the Money Laundering Order (MLO)) (each an "accessing party") will be able to access certain personal information held by our Registry relating to the individual beneficial owners and controllers of a Jersey entity strictly for the purposes of fulfilling their CDD obligations pursuant to the MLO.

An accessing party who accesses the personal data of beneficial owners or controllers for purposes other than to assist them in meeting the obliged entity obligations under the MLO, will be subject to criminal penalty. As set out below, access to the register will be strictly controlled. Additionally, we will maintain an audit of each accessing party's access to the beneficial owner and controller information, and can investigate that access, including requesting information evidencing the nature of the access.

Who can apply for access and how to apply?

For the purposes of the DPI Law, an obliged entity is one that is required to perform CDD functions in accordance with the MLO, and only accessing parties may be given access to the beneficial owner and controller information, known as the Obliged Entity Beneficial Owner (OEBO) register.

From the 24 February, the lead administrator for Jersey obliged entities and their representatives will be permitted to access the OEBO register through myJFSC. The lead administrator will control the permission and access to certain individuals within the obliged entity or their representatives by granting their access and will then incorporate it into business-as-usual instructions.

Due to the sensitive nature of the information that will be accessed, each application is being assessed and treated with care which may cause delays in access being granted.

Role and responsibilities of the lead obliged entity administrator

The lead administrator for the accessing party on myJFSC will be responsible for applying for access to the OEBO register. Once access is granted, they are responsible for assigning access to the OEBO register to other appropriate administrators within their organisation. It is the responsibility of the accessing party to ensure that:

• users only access the OEBO register for legitimate reasons
• users understand the legalisation in accordance with access and the penalties for misuse
• they remove users upon cessation of relationship
• they have appropriate procedures in place for usage and periodic audit trail reviews, to mitigate risk of misuse

It is recommended that a periodic role-based access control review takes place to ensure responsibilities are adhered to. There is an audit capability for accessing parties to assist with this review.

To register a lead obliged entity administrator, key or principal persons must send an email request to [email protected] setting out the individual’s name, email address and any domains linked to their organisation.

There is guidance on our website on how the lead obliged entity administrator can add or remove user access: Portal Administrator Role - how the functionality works.

Monitoring controls are in place and if we believe the system is being mis-used we can block your account. If your access is blocked, please contact your organisation’s administrator.
Your administrator must contact [email protected] to re-activate blocked accounts.

If you are required to search a large number of entities as part of your customer due diligence, please contact us for guidance.

Searching capabilities of the OEBO register

You must enter the exact entity name or registered number to complete your search. This can be found using the Registry entities search on our website.

An obliged entity will be able to see the following details of a beneficial owner or controller of an entity:

• name and any former name or other names by which the individual is or was known
• address for correspondence
• residential address
• nationality
• occupation
• gender
• date of birth
• place and country of birth

If searches are deemed to have been undertaken for any purpose other than completing the obliged entity's CDD in accordance with the MLO, this constitutes a breach of the law and would be referred to the attorney general for prosecution.

Regulation 4 and minors

The personal data of minors who are beneficial owners of an entity will not be made available. However, the personal data of individuals who have been granted approval pursuant to regulation 4 of the Financial Services (Disclosure and Provision of Information) (Jersey) Regulations 2020 will be available to an accessing party on the basis that the access to that information is not made available to the public, and must only be used by the obliged entity for specific purposes. There are criminal penalties of a fine and a period of imprisonment for any breach of the DPI Law.

We have written to the affected individuals who have been approved under Regulation 4.

Results on the register

Data returned is data held within thirty minutes of when the search is performed. Data will be refreshed every thirty minutes. The data will be downloadable so you can evidence the time and date the search took place and attach to your records. The data must be treated confidentially and securely and only used for completing CDD and keeping CDD records in accordance with the DPI Law.

Discrepancy reporting

The OEBO register does not verify or validate the particulars of beneficial owners and controllers entered in the central registry by obliged entities (or their nominated persons). Limited Partnerships are not legal entities so are not included as part of the OEBO register.

A discrepancy report will allow users of the OEBO register to report any discrepancies to us that have been identified between the information held on the register, and other information available to the accessing party.

Before reporting a discrepancy, please check that your information obtained from sources other than the OEBO register is current (within 3 months); if not please engage directly with the entity for updated information before reporting the discrepancy.

We will notify the nominated person of the entity that a discrepancy has been identified by issuing a letter via email with details of the type of discrepancy.

If you receive a discrepancy notification as a nominated person, we expect you to:

• take action by assessing the discrepancy noted
• verify the details on the registry match the entity’s records
• either confirm no discrepancies exist or file an updated associated party (UAP) submission

Timely assessment of discrepancy notifications is expected, and an entity is required to notify us within 21 days of becoming aware of any error or inaccuracy in the details on the registry.

Failure to action a discrepancy notification may result in the entity’s risk rating being increased and it potentially being subject to an ad hoc inspection by the Registry Supervision team.

Receipt of a discrepancy notification is not necessarily a trigger event that would require a nominated person to refresh the nominated person's own CDD in relation to the entity. Assessment of current records held in relation to an entity is sufficient.

Discrepancy marker

A marker will be visible if a discrepancy has been identified and reported to the Registry. It is to caution users that a change may be imminent so they may also identify a discrepancy to the information in their possession.

Discrepancies have been categorised into Material 1 and Material 2.

Material 1 discrepancy means there is a potential factual error on the register relating to beneficial ownership and control. For example, the filing is not up to date with the correct roles or ownership.

Material 2 discrepancy means there is a potential discrepancy in the data held on the register relating to beneficial ownership and control. For example, a typing mistake or spelling error.

Discrepancy flags will be removed from the OEBO register once a confirmation of no discrepancy is received, an UAP submission is filed or after 21 days following identification.

Registry Supervision

When our Registry Supervision team undertake an inspection, we can access the audit log held by the accessing party or the central registry and will select a sample of their searches to check that the searches have been undertaken for a legitimate reason. For example, if the accessing party has undertaken 30 searches, we could select 10 of those to check, by requesting evidence to support the legitimacy of each search. This could include prospective and/or successful client or customer onboarding documentation.

If searches are deemed to have been undertaken for any purpose other than completing the obliged entity's CDD in accordance with the MLO, this constitutes a breach of the law and will be referred to the attorney general for prosecution.

Data protection and subject access requests

Our privacy policy can be found here: privacy policy — Jersey Financial Services Commission

The Data Protection (Jersey) Law 2018 generally allows a data subject to make a request of a data controller, such as the JFSC, to be informed of the details of the recipients of their personal data. That same law provides certain exemptions for controllers who have shared the personal information of a data subject with a third party from having to provide that detail to the data subject on the basis that not to do so would prejudice the proper discharge of the functions of the DPI Law. The provision to an accessing party of the personal data of a beneficial owner or controller of a Jersey entity for the purposes of the DPI Law will be subject to this exemption.