I am still wild at heart, surfing, kayaking, and diving sometimes to extremes here on the Island. Every time I go into the water there is risk but also reward. The risks I face will vary on the day and the activity. While the rewards I will gain range from deep relaxation to extreme adrenaline rushes and highs. Each journey into the great blue needs differing skills, preparation and an appreciation of circumstances within myself and outside in the environment to ensure that the risks are managed and mitigated. It is more than just turning up to the coast with cool gear, superficially ticking the box of safety, but ensuring that I have the right flow of information, the tools, and skills to stay within my risk appetite and avoid injury or more. In a fluid environment to extract the maximum I must ensure that the information provided from external and internal sources is processed, considered and acted on to ensure safety. 

The Guernsey Framework has brought in the requirement that firms must assess their business of risks related to money laundering, terrorist financing. Alongside the recent focus on assessing the proliferation financing risks posed by the products and services that they provide to their customers.  This allows the level of risk that a business may face to be ascertained and for the board to then ensure that their policies, procedures, controls and the resources required are suitable and sufficient and remain within their risk appetite. A firm’s BRA must also look at the intrinsic risks of the firm as well as the external risks of the environment, which must be reviewed regularly or at least annually. Allowing the board to  take due consideration of these changes, the level of risk that may have changed to their own risk appetite, and to ensure that risks continue to be managed and mitigated. Preventing the business from being subjected to financial crime. 

The Guernsey regulatory framework sets out the areas that the board should be considering regularly, with suggested and meaningful questions to be considered, alongside a requirement that the board should consider other factors that are present in the business but not necessarily suggested in the framework. These questions or factors will change at different rates to the socio-political environment, the risk of the customers engaged by the business, and resources at hand to manage and mitigate the risks. The board needs to have up-to-date management information on the levels of risk of customers, the resources present, and the current and immediate future requirements. Allowing them to assess the risks and consider the suitability of its policies, procedures, and controls to protect the business and Guernsey.  

The issue becomes where the BRA is treated as a document used to meet the regulatory requirements. Shown through the demonstration of ticking the box of what is believed to be expected in the regulations, an ornament to be brought out, dusted off annually before being put back into its box. The failure to ensure that the BRA remains suitable and sufficient, with up-to-date management information being presented to the board regularly on the risks posed internally and externally inclusive of resources and financial crime issues faced by the firm. Which leads to mis-informed decisions and the higher potential of the failure of policies procedures and controls to prevent financial crime and regulatory intervention.

 It has always appeared odd to me that businesses require monthly management accounts to assess and control their business to its aims and objectives, but that financial crime risk is not considered in the same way. By ensuring that the financial risks are monitored with the resources required to manage and mitigate them a board is the best place to control the businesses exposure to risk, allow resources to be placed to risk, and allow early intervention to protect and preserve their business.  

The BRA is much more than a superficial document that shows compliance with the requirements, being instead a tool to allow board consideration of risks faced and posed on a regular on-going basis to ensure appropriate management and mitigation.  Allowing the board to ensure that resources are put to risks where required and that the direction of the business can be helmed effectively, they are able to handle the financial crime and regulatory squalls, overfalls, and rip currents that undoubtedly will be faced by the business. The BRA won’t stop financial crime but with up-to-date internal and external management information will assist the Business in reacting to risks, real or posed, take effective action by having the necessary resources, experience and skills to survive a storm and ensure the safety of the business by the minimisation of those risks. 

Therefore, much like constant reviewing of conditions and potential risks and rewards when partaking in surf kayaking, firms must continually review and follow the due processes to manage and mitigate  financial crime risks, protect the business endeavours and key stakeholders.