The Dawn of a New Era

Compliance monkeyThe Commission have released a new Consultation on Revisions to the AML/CFT Framework with the purpose of bringing the Guernsey AML/CFT framework up to and in line with the Financial Action Task Force international standards issued in 2012.  This new Framework will also address the recommendations that have been made by MoneyVal in their report on Guernsey that were published in January 2016.

These enhancements to the Guernsey Anti-Money Laundering and Comatting Financing of Terrorism (“AML/CFT”) Framework will affect Guernsey Financial Services Businesses, Prescribed businesses and the Non-Regulated Financial Services Businesses which will all become Specified Businesses. Some of the headline changes that need to be borne in mind by the Boards, Senior Managers and Controllers of Specified Business are as follows:

  • There will be only one Handbook for “specified businesses”, removing the current separate Handbooks for “Financial Services Businesses” and “Prescribed Businesses”. This is done on the basis that prescribed businesses have now had sufficient time to develop and be experienced in AML and CFT requirements.
  • Business Risk Assessments (“BRAs”) must clearly distinguish between AML and CFT risks. This can still be covered in one document. The proposed Handbook clearly puts more emphasis throughout on CTF, compared to the current Handbook. BRAs must also refer to the National Risk Assessment.
  • The definition of ‘Business Relationship’ has been expanded to include giving advice. “Such a relationship does not need to involve the firm in an actual transaction; giving advice may often constitute establishing a business relationship”
  • Additional CDD (“ACDD”) is proposed for the following relationships
    – Non-resident Customer
    – Private Banking Services
    – A customer that is a legal person or a legal arrangement used for personal asset holding purposes
    – Company with nominee shareholders that issues shares in the form of bearer shares
  • There is a proposed change in the treatment of PEPs with “domestic PEPs” and “Foreign PEPs” to be classified appropriately  and the addition of International Organisation PEPS ( “IOPEPs”) and finally a risk based approach for the treatment of PEPs with no assets in a structure.
  • The role of Money Laundering Reporting Officer (“MLRO”) is to change to Financial Crime Reporting Officer (“FCRO”), which again highlights the coverage of CFT as well as AML.
  • In addition to the FCRO, a new role of Financial Crime Compliance Officer is proposed. This role can be undertaken the FCRO but this role must be undertaken by someone independent of business development and client facing roles.
  • A revised approach to identifying beneficial ownership is proposed which extends beyond just legal ownership, instead focussing on actual ultimate ownership and control.
  • There are new rules proposed for authorised and registered Collective Investment Schemes which will define the responsibility for AML and CFT requirements which fall under the responsibility of the nominated businesses which are licensed under the Protection of investors Law.

This consultation gives all parties the opportunity to raise any further considerations that may be of benefit and we would encourage everyone to take the time to consider how this new handbook will affect their business and industry and to make representation if any improvements could be considered.

The Board’s of Specified Businesses should make themselves aware and be familiar at this early stage of the high level changes to the Guernsey regulatory framework. A high level review of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) ordinance, 2017, schedule 3 to identify the proposed enhancements to the Guernsey AML/CFT Framework, has been prepared by Redwood Offshore Limited to assist the Board with understanding and preparing for the changes to come.

logoIt is important with the dawn of this new era that all Specified Businesses consider this Consultation fully and make representations as may be necessary to the Commission.  Specified Businesses must ensure that their business and respective industry and the Guernsey Financial Services industry as a whole continue to have an effective and workable AML/CFT regime going forward which serves to maintain and promote itself as one of the best International Financial Centres in the world and a place to do business.

 

 

De-Mystifying the High-Risk Territory

Compliance monkeyThere is much talk these days regarding the difficulty of providing products and services to those persons who are in high risk territories.  The main gripe is that the Guernsey Regulatory Framework is stifling and strangulating licensees when it comes to high risk territories. This seems to be at odds with the presentations and assertions of the Commission about Guernsey being open for business and empowering its licensees to engage in risk to develop and grow.  What is the truth, are we being misinformed and if so by who?

When it comes to high risk territories licensees must be aware of the obligations in the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 as amended (“the Regulations”) and the Handbook for Financial Services Businesses on countering Financial Crime and Terrorist Financing (“the Handbook”).  Regulation 5 (1) (c) states the following;

“(c) a business relationship or an occasional transaction – (i) where the customer is established or situated in a country or territory that does not apply or insufficiently applies the Financial Action Task Force Recommendations on Money Laundering, or (ii) which the financial services business considers to be a high risk relationship, taking into account any notices,”

The Handbook goes further at rule 58 where it states the following;

“is connected to any of the countries or territories listed in Part A or Part C of Instructions on Business from Sensitive Sources issued by the Commission; is designated as high risk.”

At first glance the minimum requirements are that by applying the full instructions on Business from Sensitive Sources you would have a lists of high risk jurisdictions that the Commission would be happy with in meeting the requirements of the Regulation and the Handbook. The Commission have empowered Financial Services Businesses in Guernsey to actively engage and establish their own risk appetite and as such the Instructions on Business from Sensitive resources only represents the minimum requirements.  The Handbook at section 70 goes further to recommend that a high risk factor regarding territory would also include the following;

“customers based in, or conducting business in or through, a country or territory with known higher levels of bribery and corruption, or organised crime, or involved in illegal drug production/processing/distribution, or associated with terrorism; involvement of an introducer from a country or territory which does not have an adequate AML/CFT infrastructure;”

Just by looking at Transparency International perception index this allows the potential for a greater number of territories that could be designated as high risk. There are also those territories that Guernsey has Sanction regimes on which pose an association with terrorism and as such could be deemed high risk. The question is must these territories be high risk?

The Commission have through rule 57 empowered Directors and Boards to take a proactive view of risk where a business relationship has a high risk element (that is not a high risk element specified in Regulation 5(1)(a-c) or listed at part A or Part C of the Instruction on Business from Sensitive Sources) but this element does not mean that the actual risk of the relationship is high.  A Financial Service Business where it has compelling mitigating factors that it documents, can choose a lower and more realistic risk rating. Therefore, a territory that the Financial Services Business may class as high due to internal policy or procedure or that an international body classifies as high does not necessarily make the whole relationship high risk.

Some examples of where and how rule 57 can be applied;

  • An entity that is administer and controlled in Guernsey is conducting business in a territory that is not on the Business from Sensitive Sources Instruction but has a high bribery and corruption rating, there are controls in place to mitigate associated risk of bribery and corruption risk do we have to have this as high risk? If the licensee can demonstrate compelling mitigating factors to meet rule 57 of the Handbook, it could choose to down grade the risk if its policy procedures and controls allow.

 

  • An entity that we administer and control is conducting business in a territory that is on the Business from Sensitive Sources, there are controls in place to mitigate associated risk do we have to have this as high risk? This must be rated as high risk as it falls under the Regulations and the Handbook as having to be rated as high risk.

 

  • A Beneficiary resides in a Sanctioned country which the Financial Services Business deems as high risk, do they need to be classified as such? If the licensee can demonstrate that the beneficiary and the entity that will be receiving any transaction is not subject to a Sanction notice and demonstrates the compelling mitigating factors to meet rule 57 of the Handbook, it could choose to down grade the risk if its policy procedures and controls allows.

 

  • A customer born in a higher risk country due to bribery and corruption but residing and employed in Guernsey and all funds for the business relationship have been earnt in Guernsey do they have to be high risk? Though a Licensee must obtain information on Place of Birth and Nationality under the rule 86 of the Handbook there is no requirement to risk rate on this basis and it could be discriminatory.

 

  • There are also occasions where part of a structure or an entity is registered in a higher risk jurisdiction, such as a Panamanian foundation that is controlled and administered in Guernsey. The question that must be asked is does a brass plaque in a higher risk country create a higher risk? Regarding the Regulation and the Handbook the Panamanian Foundation could be said to be based in Guernsey due to the management and control element and as such would not fall under a higher risk country element as the due diligence requirements would be undertaken by the Guernsey Fiduciary to the requirements of the Handbook and the Regulation.

 

  • The use of corporate entities registered in other higher risk jurisdictions by a Guernsey licensee for its customers, the Corporate Service Provider in the higher risk territory is only the Registered Agent for corporate entities and only undertakes the required statutory functions of the Territory are these structures require to be high risk? Though higher risk jurisdictions can be used to provide a corporate entity they may not apply the same anti-money laundering measures and countering terrorist financing measures as we are required to do in Guernsey. In these cases, it could be said that the business relationship is based and established in Guernsey as the corporate entity is controlled and administered by a Guernsey Licensee who must comply the Guernsey Regulatory Framework requirements.  Does a brass plaque really carry a risk or money laundering and terrorist financing or should we be more worried about the risk of the beneficial owners and controllers?

From this brief review of the pertinent sections of the Regulations and the Handbook, the Commission have in fact created a framework when it comes to territory that does allow for consideration of risk and not everything is or should be classified as high though some must be.  Unfortunately, it is possible that licensees themselves, through either lack of knowledge, understanding or misinterpretation of the Regulation and Handbook are creating their own frameworks that are inflexible to allow compelling mitigation to be taken in to account when it comes to risking Territory risk where permissible.  This inflexable framework would contribute to the strangulation of a Financial Services Business and the potential offering of products and services to new markets and developing countries.

Remember the Commission are there to use enforcement action on those who fall below minimum requirements and/or do not apply their own policies and procedures. There are countless other examples where rule 57 of the Handbook can be utilised so please contact me if you are interested in further clarification.Compliance monkey

Reflections of 2016

Compliance monkeyAs the sun gets lower, the evenings longer and we get closer to the end of a year I cannot help but think what a year it has been and begin to reflect.  For me personally it has been a year that has been full of hard work, assistance and resolution of problems and all this led me to the beautiful Island of Bermuda to undertake a contract for a client.  Not only a fantastic opportunity to show case my skills and knowledge but a joy to work for some fantastic people and meet old and new friends as well as to experience another regulatory culture. While I would rather be pondering the last year and this post from a pool in Bermuda instead of next to a fire on a brisk cold day, Guernsey still very much holds my heart, though Bermuda is a close second.

In looking to the challenges of the future and what the next year may hold for us is it time to reflect on the past year, the regulatory framework and what is needed to ensure that our business moves forward, prospers and continues to uphold the regulatory standards and meet future challenges, and there is no better way to do this than look back over the last year.

There have unfortunately been instances where the Guernsey Financial Services Commission (GFSC) has had to take enforcement action in 2016, never an easy decision but essential in today’s world to assist in the safeguarding and continual success of our international reputation and prosperity.  I do not think it is right to dissect these cases as these are disclosed on the GFSC website but rather look at what lessons can be learnt to avoid a repeat to our businesses and to protect the Directors and Stakeholders.

Risk, Identification and Verification

Most of these incidents reported by the Commission are in respect of Anti-Money Laundering and Counter Terrorist Financing (AML/CTF) within businesses.  That is not to say that all these incidents related to actual financial crime but rather that businesses were not meeting the standards and expectation imposed by our regulatory framework to ensure that verification documentation mitigated the risk of the Island being utilised by criminals.

The identification and verification of customers and controllers to a business relationship is a continuing matter that is reported by the GFSC.  In many cases business’s application of a “risk based approach” had failed to ensure that the due diligence and enhanced due diligence for customers and required parties to a business relationship or occasional transaction, had been obtained and met the standards required by the regulatory framework, inclusive of rules and guidance issued by the GFSC for certification and the suitability of certifiers. It must be remembered that wherever you are licensed you must meet that jurisdictions regulatory requirements as a minimum!

Monitoring and Sanctions

Periodic monitoring of customers was another area where businesses struggled.  It was found in some cases that this monitoring was not undertaken or if undertaken did not meet the regulatory requirements. It was found that risk assessments were inadequate and not reviewed as required by a business’s policy and procedures to meet the obligations of the GFSC, especially where customers had been assessed as high risk.  The review of the rationale for the business relationship and transactions undertaken was found to missing or inadequate, leading to the GFSC questioning whether appropriate and effective policies and procedures were in place inclusive of suspicious activity reporting.

The review of customers to Sanction lists was also noted as an area of concern. While this may be undertaken at the start of a relationship and periodically is it suitable just to wait for these trigger events?  Is the review of transactions subject to sanction screening to ensure that sanctioned legal persons or those entities that they control are not financed? It may be that the GFSC believe terrorist financing to be a low risk to the Bailiwick but this will do nothing to deter terrorist financiers if they find a gap in our defences.  A definite area I think the GFSC will look to assess when conducting on-site examinations and through thematic reviews in 2017, so be warned!

Corporate Governance

Corporate Governance has also come to the forefront not only in the AML/CTF area but also in more prudential assessments of a business.  In all cases enforced by the GFSC the findings go back to the corporate governance requirements of the regulatory framework with the accusation that directors failed to ensure that they acted to ensure that the business could meet the Guernsey regulatory requirements.  THE GFSC also in some cases questioned the independence and integrity of directors due to the regulatory failings identified.  Not only will this area come more to forefront with shareholder activist and the spotlight of international bodies but also from the GFSC to ensure that Directors are suitable and safeguarding Stakeholders and the business.

With the Guernsey regulatory framework changing to meet the international requirements which are evolving it is difficult for any Director to ensure that their Business remains compliant.  Businesses in this ever-changing environment are at risk of falling behind the times.  While only minor infringements of the regulatory framework may be the result, if these infringements are many, systemic and material they may require to be reported to the GFSC.  By the Board bringing these issues to the GFSC, in some cases, remediation without the threat of enforcement can be undertaken, it is after all in the GFSC interest that businesses remediate and enhance themselves to meet the regulatory framework.  It is best to be able to show and have evidence that the Board have discussed the issues affecting the business and the action to be undertaken rather than hearsay in any regulatory inquiry!

Reflections

So, reflect on this year, look at the enforcement cases to ensure that you do not fall foul of history, review your business plans and business assessments to make sure you have the policies and procedures in place to meet the regulatory framework and the requirements of the Business.  Review the Compliance function is it suitable and sufficient? Consider its independence or whether there needs to be independent oversight or outside assistance?  Does the compliance monitoring facilitate management information that is required for Directors to undertake their duties and safeguard the business and stakeholders?  Look outside of your own regulatory regime to other sectors as if something is happening in one there is a good chance that those developments will feed in to your own sector’s regulatory requirements.  Look outside to other jurisdictions as developments there may impact on the regulatory framework where you are.

If you have a last Board meeting of 2016 or even an early 2017 Board meeting set the agenda to reflect on 2016 ensuring that history does not repeat itself. If you do find that you are not in compliance, please ensure that you have the issues and remediation documented whether you consider it material or not to report to the GFSC.

Instruction 01/2016

Compliance monkeyThe Commission have released their latest Business from Sensitive Sources Instruction, no 01/2016 (“the Instruction”) for Financial Services Businesses and Prescribed Businesses replacing the previous instruction 04/2015 that was issued back in November 2015.  The upshot is that Myanmar, Loa PDR and Vanuatu are now included in Part B of the Instruction which lists countries and territories with improving Global AML/CTF Compliance, while Algeria, Angola and Panama have been removed altogether from the Instruction. For Financial Services Businesses and Prescribed Businesses, it would appear to be that they can now apply a risked based approach to relationships or transaction through or from Myanmar, Loa PDR and Vanuatu, and as much is said in the Commission’s statement on their Instruction, but is that really the case?

A quick look at Chapter 3 of the Handbook and rule 58 sets out the Commissions requirement for designating high risk Business Relationships or Occasional Transactions.  These characteristics are those identified in section 1 (a) to (c) of Regulation 5 of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007, as amended (“the Regulations”) and also those connected with Parts A or Part C of the Business from Sensitive Sources issued by the Commission. At first glance it would therefore appear that Business Relationships or Occasional Transactions with Myanmar, Loa PDR and Vanuatu do not necessarily need to be high risk as they are on Part B of the instruction.

What is important to realise is that section 5 (1) (c) (i) of the Regulation states that customers established in or situated in a country or territory that does not apply or insufficiently applies the Financial Action Task Force (“FATF”) recommendations on Money Laundering must be designated as high risk.  As part B of the Instruction relates to countries or territories who are improving but not meeting the FATF requirements on Money Laundering it would indicate to me that Myanmar, Loa PDR and Vanuatu, still require to designated as high risk in order that a Financial Service Business or a Prescribe Business can meet their obligations under the RegulationTO13-3s.

If this is not confusing enough for any Director, Compliance/ Risk Officer or Money Laundering Reporting Officer, please also be aware of your banking arrangements and relationships.  Though this Instruction on the face of things allows you to apply a risk based approach which may or may not be in line with the requirements of the Regulations, your Bankers may not deem these jurisdictions to be anything other than high risk.  You may have decided as a business to apply a risk based approach but if this is not in line with your Bankers you may find yourself in bother.

The only advice I can give is make sure that your risk designation of a client meets the requirements of the regulations and that of your Bankers.

Dear Board, don’t engage me to undertake your outsource compliance requirements until you have read this!

Compliance monkeyGuernsey has an amazing regulatory framework which has become quite a selling point with financial service businesses offering their products and services and those financial service businesses wanting to come and have operations here. Some will utilise outsource compliance professionals to assist them with the cost of set up, on-going costs,  ensuring their business can have knowledgeable and professional persons on-board while it establishes and grows its presence and offerings. Even established firms may need extra compliance support in their business to be able to ensure that they can at all times remain compliant with the Guernsey regulatory framework or ensure that remediation is appropriate and effective.

In the last year the use of outsource compliance professionals has come to the forefront of the regulatory radar, instances of their failure having been identified as contributing to businesses failing to adhere to the regulatory framework. There have been numerous communications from the Commission to the industry on the issues surrounding the requirements for utilising an outsourced compliance professional and failures where this has not been met, showing that the Commission are treating this seriously.

At the end of the day the responsibility for compliance to the regulatory framework is laid firmly at the feet of the Board and they are the first point of call when failings or regulatory deficiencies are identified by the Commission. The need to ensure a Licensee is meeting the regulatory requirements forms at the most basic level with the minimum criteria of licensing as well as being mentioned throughout the regulations, codes instructions, and guidance issued by the Commission.

So what needs to be considered by Boards? Here are some questions to be asked but at all times refer to the legislation regulations, rules,instruction and codes that pertain to your business and licence.

Prior to any engagement consider these points.

You wouldn’t employ anyone to undertake the role in a full-time capacity so why would you chose anyone to do your outsource function?

Prior to any engagement do your due diligence on the outsource company/ person, the person who will be your appointed compliance representative and the people who will be doing the work. At the very minimum the person who will be undertaking the work needs to be suitably qualified and knowledgeable of the area your business operates in and the regulatory rules that pertain to your licence.  You will need to ensure that you can evidence that they have been appropriately screened as you will be expected to have been as diligent with your provider as with your own staff!

You wouldn’t employ anyone who doesn’t have the time for your business?

Prior to any engagement you need to work out how much time will be required. This will change from the role that compliance professional will undertake, as an example an outsourced MLRO will have different time requirements to a compliance professional assisting with licensing.

When you actually look at it, if you have a compliance professional for two hours a week it would take them eighteen weeks to achieve one thirty-six hour working week in your business! Obviously cost is a major factor in this assessment and knowledge and experience never come cheap. The time any compliance professional spends on your business must be commensurate to the size, complexity and nature of your business and the role undertaken.

You need to be aware that a compliance professional will also be working for other firms, there is obviously a risk regarding resources. If their clients require more time or the outsource provider or person undertaking the role has issues with resources will you be affected? You need to ensure that there are controls in place or a plan B to mitigate these risk.

You wouldn’t have any old agreement?

You need to ensure that the outsource agreement meets the requirement of the Guernsey regulatory framework and is legally binding. The Board cannot discharge its responsibilities only delegate the work, it is often a good idea to have a Guernsey Advocate firm look over any agreement, especially if the Board are not familiar with Guernsey Law or this area.

During any engagement consider these points.

You wouldn’t want to be assessed by any old criteria, what criteria is the business or business area being assessed to?

Again this depends on the role you are utilising the outsourced compliance professional for, but you need to know how they are monitoring you and to what standard.  The Board must make sure that it can evidence and satisfy itself and the Commission that the Guernsey regulatory framework requirements have been met.

You wouldn’t want any report, do the reports provided give the full picture of the work being undertaken?

The reports that are provided to the Board must be meaningful and contain accurate management information. This allow the Board to see the whole picture of their business or the area that the outsourced provided has been contracted to service and assess the level of compliance to the regulatory framework. If areas or remediation work have been identified are the Board kept appropriately up to date?

You wouldn’t want to keep on anyone who isn’t performing, is the outsource provider performing to the required standards?

Throughout any engagement the Board must consistently monitor and evidence its monitoring of the outsource provider and/or those undertaking the work for the Licensee. Is the Board satisfied with the work undertaken, is the monitoring of the business meeting the requirements of the Guernsey regulatory framework, has the business changed in its complexity, nature or size and is the person doing the role still suitable?

The most important aspect to any outsource relationship is that you have the right person/firm, they add something to your business, provide you with the accurate management information, they get on with you and are honest to you regarding their business and yours. By hopefully considering and evidencing these requirements a Board will be able to show that they have acted to ensure that their business meets the requirements of the Guernsey regulatory framework. In the unfortunate case where things have not worked out the Board will be able to evidence that they were aware of the issues at the earliest opportunity and have acted to mitigate any non-compliance and remediate the situation.

The Sum of All the Parts

Compliance monkeyThe Guernsey Anti-Money Laundering and Countering Terrorist Financing (“AML/CTF”) framework has continually developed to take in to account good practice, external pressures, requests and recommendations of onshore governments, quangos and international organisations  to ensure that financial crime in all its guises is effectively tackled. The Commission have sought to and I would say that they have largely achieved a cohesive framework that effectively mitigates against the use by criminals of Guernsey as an international finance centre while not over burdening the Financial Service Business operating here.

This cohesive framework has been achieved over the course of the years by open dialogue with local industry bodies, licensees and working effectively and productively with those outside of Guernsey to achieve a proportionate approach for  the products and services that are provided to clients wishing to utilise the jurisdiction. Most notably in 2013 the AML/CTF framework in Guernsey changed extensively and this resulted in general insurance products being removed, but did it remove all the products and services that can classified as General Insurance?

With regard to the Insurance sector in Guernsey, a legal entity can be licensed for general business or for long-term business. Long term business is defined in the Insurance Business (Bailiwick of Guernsey) Law, 2002 as contracts on human life, human longevity, marriage and birth, linked long-term, permanent health, capital redemption, pension fund management and credit life assurance. Due to the nature and the requirements of some clients, an insurance licensee with a general business categorisation may want to offer some of these products to their clients to supplement the range of products and services they currently or can offer their clients, but without the need to be licensed for long-term business.  Section 2(4) of the Insurance Business (Bailiwick of Guernsey) Law, 2002 does allow for an Insurance licensee to elect that a contract for a term of not more than 18 months that may be regarded as a long-term business contract and can be deemed to be general business.

This would appear to allow a general insurer to fit such products into their licence requirements e.g. general insurance, without the requirements to adhere to the Guernsey AML/CTF framework as per the changes that were made to the Commission’s AML/CTF Handbook (” Commission’s Handbook”), in 2013.  It should be noted that the treatment of these products, though allowed to be done in certain circumstances by an Insurance licensee does not change the definition of those products in the Insurance Business (Bailiwick of Guernsey) Law, 2002.

In the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 at schedule 1 it states that a Financial Services Businesses for the purposes of the Regulations are detailed in part 1 of the schedule, except where they are incidental or are other activities as listed at Part 2 of the Schedule. Part 1 of the schedule includes the carrying on of “Long Term Business as defined by the Insurance Business (Bailiwick of Guernsey) Law, 2002 as being a Financial Services Business for the purposes of the Regulation and the Commission’s Handbook, it does not include any change in the treatment of an Insurance product by an Insurance Licensee. The Commission’s Handbook at section 4.8 specifically deals with the treatment of life or other investment linked insurance policies and as such these appear to directly fall in to the Guernsey AML/CTF regime. Effectively this is saying that if a product falls under the long-term definition stated in the Insurance Business (Bailiwick of Guernsey) Law, 2002 though a Licensee it may regard it as being General business they remain subject to the AML/CTF Regulations. Thus a licensee must adhere to the requirements of the Commission’s Handbook and AML/CTF framework when dealing with such products.

The sum of all these parts would indicate that an Insurance licensee effecting or carrying out life or other long-term products regardless of how a Licensee may be able to classify these products as general business under the Insurance Business (Bailiwick of Guernsey) Law, 2002, they would still fall under the AML/CTF regulations and Commission’s Handbook by way of the requirements of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 held at schedule 1. An Insurance Licensee regardless of how it treats such products under its licence would be required to have in place an effective AML/CTF framework.  A licensee must be able to evidence the suitability of its AML/CTF framework and compliance with the AML/CTF requirements pertaining to its business to the Commission.

An Insurance licensee must ensure that at all times they meet the requirements for the minimum criteria for licensing, schedule 4 of the Insurance Business (Bailiwick of Guernsey) Law, 2002. This includes a requirement to meet and adhere to any rules, codes, guidance, principles and instructions issued from time to time under any other enactment as may be applicable to the business, and this would also be inclusive of the Guernsey AML/CTF framework.

Missing the Elephant in the room.

These last few weeks I have been thinking back to myCompliance monkey time in Law Enforcement. Those of you who can remember back that far probably have an image of a young surfer dude who turned up in the most scruffiest uniform, collar half in half out, requiring either a haircut or beard trim, usually both and never mind the lack of tie!

Those who worked with me will probably remember a person who worked manically yet methodically, questioning everything, discussing and testing theories before providing a list of potential targets for Officers to stop and check out. I am very proud to have been one of the highest seizing drugs Officers during my time, but all this could not have been done without the above, the support of my senior officers (and at times I pushed them to the limits) and the Law Enforcement Officers and teams I worked with, who looked at the whole.

In recent weeks there has been a lot of international interest in the offshore world regarding tax avoidance and tax evasion as well as financial crime, which has included revelations of HSBC in Switzerland. This post is not about HSBC, what is or isn’t tax evasion or even the ethics behind tax avoidance or financial crime, but I hope to try to provide some advice where the due diligence process fails. I have previously written about how due diligence is only part of the solution. As a past Customs and Immigration Officer and now as a compliance manager and consultant these documents are essential in identifying and verifying the target/ client but this is by no means the be all or end all.

It is all about the analysis of information in front of us, checking these details and asking the questions not our pre-conceived ideas or prejudices. Do we ask the question of why our clients invest offshore or set up dynastic structures or entrepreneurial structures offshore, do we understand and test and document, this rationale and reason and do the transactions make sense and fit the profile?

As a Law Enforcement Officer I would start by building a picture of travellers, and ask myself if the analysis I had in front of me made sense. Were there any comparisons to known smuggling and people trafficking profiles? Then I would seek out the experience of my peers, asking questions and gaining in-sights, understanding and clarifying what I had in front of me. This is no different from a Financial Services Business, where you are obtaining identification details, verifying these with documentation, researching through the various open-source intelligence databases for known facts, asking questions regarding the rationale. Seeking supporting evidence e.g. tax/ legal rationale and advice for the creation of a structure, its suitability and comparing the client and business relationship to known criminal profiles.

Having assisted licensees when they have been subjected to on-site visits by the Commission the main observation is, to a greater or lesser extent, that the requirements of the Regulations and the Handbook have been met. Some licensees have gone for just meeting the required standards others are far in excess of what is required by the regulations, but all generally pass with only the criticism of lack of former names or certification not meeting the expectations of the Commission. The real bug bear for the Commission is the lack of or insufficient periodic review. Yes we screen for sanctions, yes we check the appropriateness of our due diligence and we risk assess to what we see in our verification documents and from our refreshed our database checks but is this enough? Well unfortunately no it’s not and we are missing the Elephant in the room.

We spend alot of time getting the tax/ legal advice, the rationale of the relationship and the expected transactions at the start of the on-boarding process but we seldom question these areas again in the course of the business relationship. Tax advice is valid when it is given and after that it is outdated and what was legal tax mitigation can become tax evasion, transactions vary due to life circumstances including financial crime, entrepreneurial relationships change due to economic reasons and taking advantage of situations, some which can be financial crime. The information is in front of our eyes yet we fail to look at it, react to it, analysis it and document these changes or question the rationale.

Being miles above and beyond regulation may serve little purpose apart from to annoy clients and make the offshore world difficult to invest in and access for those with legitimate reasons and rationales. You may think it looks good to a Regulator to be gold platted but that is not the case as they are only looking at compliance with the regulatory requirements. The information to detect financial crime in all its guises is in front of us, the transactions, the file notes of meetings and the tax advice or legal advice. All this allows us to analyse the client to ensure that what we have fits in to our knowledge and understanding of the them and that what we have is legal and remains legal. This though is the Elephant in the room we seldom look at and where Regulators will not look kindly on when they find it lacking, regardless of how high above the required due diligence standards you are!

In all these Financial crime and Tax evasion cases if the advice had been looked at, the transactions and rationale been reviewed in detail would things have been different? It is not OK to say things were different back in the day, it does not absolve you or anyone from financial crime or being complicit in it.

If the only thing you take from this is to look at the whole picture, analyse all the information and rationale of a client, ask any questions you can’t fathom out, and obtain answers and document your full review, this post will have been worth it.

What doesn’t kill us only makes us stronger

drift drivingOne cylinder shut down due to a malfunctioning regulator and now my other regulator had started to malfunction, I realised that the situation was now extremely serious and the next decisions would be the most important of my life. As I drifted there at thirty eight meters, unlikely to successfully survive a dash to the surface I took a deep breath trying not to choke on the seawater as it came into my mouth, I focused on the task at hand and dismantled my switched off regulator and signalled to my buddy to put up a surface marker.

We all have to make decisions, the regulations force us to make decisions for the protection of our customers ourselves and our jurisdictions. We demonstrate this by risk assessments, an exercise that can be seen as pointless and only for the sake of the regulations. By engaging with the assessment process and thoroughly reviewing and demonstrating the potential areas of risk that we face we are able to understand, minimise and hopefully withstand potential events that may and will occur. It goes without saying that any risk assessment needs to be monitored and assessed regularly as environments and situations change, it also allows us to be more alert and able to detect and deal with new or unknown risks and risk areas as and when they arise.

I knew my focus was narrowing and it had become darker, my fingers replaced the membrane in the regulator and I screwed it together, I moved to the valve of my cylinder and slowly turned on the air, nothing happened and no air escaped. Slowly pressing down I purged the regulator it worked, thank God, and I put it in my mouth and tasted the sweet air. By no means was this a fix, more a patch as within seconds it started to leak again. I looked up to be greeted by two huge eyes of my dive buddy who had just released the surface marker, with a smile I signalled it was time to depart to the surface and I put my fingers round the line attached to the surface marker as we began our leisurely ascent.

At eighteen meters the patch was failing, at seventeen meters the regulator was finished and I put in to my mouth the other semi working regulator and felt air and cool salt water, at sixteen meters I could see the sun shimmering and new that the odds of them both working to a lifesaving capacity to the surface was not in my favour, it was time to change the plan to meet the situation and I signalled to my buddy. At fifteen meters with my buddy’s emergency octopus and air filling my lungs we gently continued our ascent to the surface. At the surface we were both smiling and greeted by our safety boat.

We had addressed the known risks by our planning and checks pre dive, during the dive we had calmly and successfully dealt with a worst case scenario, assessing the situation and assigning tasks to create a better situation. The ascent had been undertaken in a control manner avoiding the potential of the bends and though it had required a change to meet the situation we had accomplished the task successfully. The risk had morphed but we had successfully dealt with the new and unknown risk due to good training, assessment and management.

Risk assessments are not pointless or just for regulators or governing bodies to review and assess but are vital. Life and business is about risk, just make sure that you have realised and assessed them initially and then periodically, fate has a nasty habit of striking when you least expect it as history and the present time shows us, make sure you can survive.

When things go wrong review, understand, remediate and enhance, I know that is what I will be doing, it wont be pointless and will make me stronger.

Questions, Coffee and Ghosts.

imagesAre we now being regulated by international organisations and their regulators rather that our own regulators?  Is our regulatory framework becoming a secondary consideration to the regulatory frameworks and group policies of international organisations that finance our community?  Is this leading to the stagnation of Guernsey as a whole where compliance cost rise to meet these external influences rather than our own bespoke regulatory framework? Is our competing and partaking in business in the international or developing world inhibited? Are the policies of the international regulatory community focused on large organisations, with a one size fits all attitude to the detriment of our smaller bespoke financial service providers? Even looking outside of our Financial Service Industry have international organisations, regulators and governments lost contact with local industry and people making them unproductive, uncompetitive and restricted?

Our businesses whether in finance or outside must adhere in some degree, to the requirements of committees and boardrooms far flung from our Island, and the whims of persons who lack connection understanding or appreciation of our island economy and value. Are these institutions aware of our idiosyncrasies as they strive to achieve a mythical norm presented by scoring sheets, algorithms and public opinion of their home countries? Has the international community lost the ability or the want to differentiate between the size nature and complexity of their own and other communities, businesses and financial centres?

A thought struck me while handing over my Guernsey one pound notes for my coffee today, if we print money why can’t we loan money? Why can’t we create a bank of the Bailiwick or other funding enterprises, regulated to our own standards that are acceptable international standards and set up for the needs, development and innovation of our local businesses?  Could we run a bank for the good and development of our community and its financial and non-financial businesses, lessening compliance expense faced by our businesses by focusing achieving the requirements of our regulations? Are we not best placed to understand, develop, innovate and realise the hopes and dreams of our Island community? Could we provide this as yet another string to our bow allowing us to partake and compete effectively in the international community? Rather than fit in to a box could we provide the bespoke solution tailored to our needs and requirements?

WilliamLeLacheurLooking into the last of my coffee as the rain began my mind was taken back to the ocean that I love so much, and yes we are but a drop in the ocean. The ocean has allowed us to raise some of the earliest taxes known, an anchor tax no less for the benefit of our Island and the development of our harbour in the 1400’s.  The ocean was mastered by our forefathers, and none other than William Le Lacheur who imported coffee and went on to influence economic and spiritual development in South America, as I walked through the Arcade I recalled how it was financed by Guernsey ingenuity and innovation.  I headed home past the Thomas De La Rue Public House, named after a Guernsey man who went from humble beginnings to founding De La Rue, who having adapted over the centuries and who have continually innovated while still printing bank notes today. These are but a few of the great historical figures that this Island has had and I could not help but wonder what these ghosts would suggest the same today, what would they think of my thoughts, would they see the potential of such ideas or a necessary to bring the development and innovation required to make the reality of tomorrow?

The ocean is vast and bountiful with a diversity of species and opportunities leading to competition and equilibrium, the loss of the equilibrium leads to the destruction of these unique habitats and species. Could the ripples of this idea radiate out to the benefit of our Island both domestically and internationally or will we be bound by the strangling nets of direct and/or indirect extra-territorial international regulation and policy? We need to look and focus on tomorrow while reflecting on the lessons of yesterday to achieve the dynamic solutions and adapt to the changing world as our forefathers did.