Client Due Diligence

The Sum of All the Parts

Lance Barclay AML/CTF, Compliance, Due diligence, Guernsey , , , , , ,

Compliance monkeyThe Guernsey Anti-Money Laundering and Countering Terrorist Financing (“AML/CTF”) framework has continually developed to take in to account good practice, external pressures, requests and recommendations of onshore governments, quangos and international organisations  to ensure that financial crime in all its guises is effectively tackled. The Commission have sought to and I would say that they have largely achieved a cohesive framework that effectively mitigates against the use by criminals of Guernsey as an international finance centre while not over burdening the Financial Service Business operating here.

This cohesive framework has been achieved over the course of the years by open dialogue with local industry bodies, licensees and working effectively and productively with those outside of Guernsey to achieve a proportionate approach for  the products and services that are provided to clients wishing to utilise the jurisdiction. Most notably in 2013 the AML/CTF framework in Guernsey changed extensively and this resulted in general insurance products being removed, but did it remove all the products and services that can classified as General Insurance?

With regard to the Insurance sector in Guernsey, a legal entity can be licensed for general business or for long-term business. Long term business is defined in the Insurance Business (Bailiwick of Guernsey) Law, 2002 as contracts on human life, human longevity, marriage and birth, linked long-term, permanent health, capital redemption, pension fund management and credit life assurance. Due to the nature and the requirements of some clients, an insurance licensee with a general business categorisation may want to offer some of these products to their clients to supplement the range of products and services they currently or can offer their clients, but without the need to be licensed for long-term business.  Section 2(4) of the Insurance Business (Bailiwick of Guernsey) Law, 2002 does allow for an Insurance licensee to elect that a contract for a term of not more than 18 months that may be regarded as a long-term business contract and can be deemed to be general business.

This would appear to allow a general insurer to fit such products into their licence requirements e.g. general insurance, without the requirements to adhere to the Guernsey AML/CTF framework as per the changes that were made to the Commission’s AML/CTF Handbook (” Commission’s Handbook”), in 2013.  It should be noted that the treatment of these products, though allowed to be done in certain circumstances by an Insurance licensee does not change the definition of those products in the Insurance Business (Bailiwick of Guernsey) Law, 2002.

In the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 at schedule 1 it states that a Financial Services Businesses for the purposes of the Regulations are detailed in part 1 of the schedule, except where they are incidental or are other activities as listed at Part 2 of the Schedule. Part 1 of the schedule includes the carrying on of “Long Term Business as defined by the Insurance Business (Bailiwick of Guernsey) Law, 2002 as being a Financial Services Business for the purposes of the Regulation and the Commission’s Handbook, it does not include any change in the treatment of an Insurance product by an Insurance Licensee. The Commission’s Handbook at section 4.8 specifically deals with the treatment of life or other investment linked insurance policies and as such these appear to directly fall in to the Guernsey AML/CTF regime. Effectively this is saying that if a product falls under the long-term definition stated in the Insurance Business (Bailiwick of Guernsey) Law, 2002 though a Licensee it may regard it as being General business they remain subject to the AML/CTF Regulations. Thus a licensee must adhere to the requirements of the Commission’s Handbook and AML/CTF framework when dealing with such products.

The sum of all these parts would indicate that an Insurance licensee effecting or carrying out life or other long-term products regardless of how a Licensee may be able to classify these products as general business under the Insurance Business (Bailiwick of Guernsey) Law, 2002, they would still fall under the AML/CTF regulations and Commission’s Handbook by way of the requirements of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2007 held at schedule 1. An Insurance Licensee regardless of how it treats such products under its licence would be required to have in place an effective AML/CTF framework.  A licensee must be able to evidence the suitability of its AML/CTF framework and compliance with the AML/CTF requirements pertaining to its business to the Commission.

An Insurance licensee must ensure that at all times they meet the requirements for the minimum criteria for licensing, schedule 4 of the Insurance Business (Bailiwick of Guernsey) Law, 2002. This includes a requirement to meet and adhere to any rules, codes, guidance, principles and instructions issued from time to time under any other enactment as may be applicable to the business, and this would also be inclusive of the Guernsey AML/CTF framework.

Briefing note 002- Trust Company Business On-Site Examination Findings from Jersey

Lance Barclay AML/CTF, Business Risk Assessment, Compliance Monitoring, Corporate Governance , , , , , ,

Image

The Jersey Financial Services Commission (“JFSC”) has recently published its 2013 on-site regulatory examination findings in respect of Fiduciary business conducted in Jersey. These findings are pertinent to any financial service business, Compliance Officer and Money Laundering Reporting Officer (“MLRO”) in ensuring that they are adhering to the Guernsey regulatory framework. I believe that key points from the examination findings are as follows:

Evaluation of Suspicious Activity Report’s (“SAR’s”) and reporting to the Financial Intelligence Unit (“FIU”):

  • Delays in the acknowledgement of receipt of an internal SAR to the person disclosing.
  • Lack of detailed investigation by the MLRO to support the decision made.
  • Follow-up action resulting from internal reports not being undertaken or no evidence of follow-up action were noted.
  • Lack of autonomy by an MLRO and the decision to report to the FIU being made by Board rather than the MLRO.
  • Internal reports not being recorded accurately and being overlooked by the MLRO leading to late reporting to the FIU.

Corporate Governance:

  • Board discussions not being fully documented in some instances.
  • Concerns were identified in respect of the Board interaction, reporting lines and the functions of delegated risk committees of cross-divisional functions of a business.
  • Term’s of reference for delegated functions of the Board not being in place.

Business Risk Assessment (”BRA”) and Strategy:

  • Lacking details of the consideration of the following areas;
    • Organisational factors;
    • Jurisdiction of customers;
    • Underlying activities of Customers, including Politically Exposed Person risk;
    • Products and services specific to the business (third parties);
    • Delivery of those products and services;
    • Outsourcing risk to other branches or third parties and;
    • Not separating its BRA assessment from that of the Manager.

Conflicts of Interest:

  • No documented consideration of potential Conflicts of Interest where multiple licences are held and products are provided to customers who are common to both licenses.
  • Consideration and documentation of wider Conflicts of Interests, such as the investment in to customer structures by a Director.
  • Consideration of the risk where a significant shareholder of the business introduces customers.
  • Non-Executive Directors maintaining a direct relationship with a customer.
  • Conflicting roles of Compliance Officers the anti-money laundering function where the individuals also held a primary customer facing role.
  • Consideration of the impact of close staff relationships particularly at a senior level e.g. husband and wife.
  • Policies and procedures for declaring and monitoring were identified.

Compliance Function:

  • Inconsistent attendance at Board meetings by the Compliance Officer.
  • No separate reports in respect of Compliance and the anti-money laundering and combatting terrorist financing (“AML/CTF”) function.
  • Reports not containing the following;
    • Regulatory updates;
    • Progress of compliance monitoring;
    • Updated position on compliance registers, and;
    • Information on periodic reviews and accounting records.
  • In some cases there was a lack of documenting of matters brought to the attention of the Board.

Compliance Resourcing:

  • Back logs in periodic review cycle.
  • Delays in compliance monitoring
  • Not undertaking action in respect of regulatory updates.
  • Out of date policies and procedures
  • Ongoing projects and remedial work not completed.
  • Concerns in respect of the investigation and determination of SAR’s.
  • Meeting the day-to-day requirements of the compliance role, where the Compliance Officer or MLRO held other roles within the business.

Compliance Monitoring:

  • Compliance Monitoring Programme’s (“CMP’s”) task orientated rather than a schedule of testing of the operational procedures.
  • CMP’s not being seen or approved by the Board.
  • Ineffective reporting of the progress or completion of the CMP and of the remediation of compliance findings.
  • Compliance testing of the areas of the business lacking in detail.
  • Ineffective mapping of the business to the regulatory framework.

Business Acceptance Systems and Controls:

  • Procedures not being specific regarding the prescribed due diligence required for higher risk customers and business relationships.
  • Undertaking transactions prior to the acceptance of the customer by the Business.
  • The delay of obtaining verification documents and undertaking risk rating prior to the undertaking of customer transactions.

Customer Risk Management Systems and Controls:

  • Customer risk assessments not capturing fully the risks associated with customers or as detailed by the regulatory framework.
  • Customer risk assessment not capturing the risks identified by the business in the BRA.
  • Customer risk assessments not taking into account adverse information identified on the customer.
  • Weighting scores for risks not being appropriate to elevate overall the risk to high where required.
  • Lack of guidance to assist staff in the completion of the customer risk profile.

Customer Profile

  • Vague customer profiles not capturing the expected pattern and frequency of expected transactions.
  • Customer information held in various places rather than centrally.
  • Where the rationale for the business relationship was recorded as tax planning or mitigation, Licensee’s did not hold the relevant tax advice.

Politically Exposed Persons:

  • PEP’s being declassified contrary to the regulatory framework.
  • Immediate family members and close associates not being designated as PEP’s

In conclusion Licensees and the Boards must ensure that they have up to date compliance procedures, their functions are staffed and resourced appropriately and ensuring that they have suitable and sufficient management information for their compliance status being provided in a timely manner to them.  The role of the MLRO is coming more into focus with Regulators especially its assessment by the Board.  The MLRO function needs to be adequately resourced with a suitable and autonomous person, it is my opinion that this role will become more of a focus of regulatory visits and evidence of its review and suitability will required to be documented.  I would always advise that a separate compliance report and MLRO report is provided to the Board to ensure that matters are easily identifiable to the Board.  Conflicts of interest must be recorded and the risks assessed appropriately.   The BRA must take into account the risks that customers pose to the business and also the AML/CTF risks detailed by the regulatory framework and where they are not applicable they should be noted as such. What I believe is the most important finding to come out is, ensuring customer risk assessments and profiles are detailed and maintained ensuring that all risks are covered in the BRA.  I would advise that you assess your business to these findings and if any matters are found a remedial programme is put in place and signed off by the Board ensuring appropriate timescales and reporting is in place.

.

Briefing Note: Jersey Financial Services Commission Onsite Examination Findings.

Lance Barclay AML/CTF, Compliance Monitoring, Corporate Governance , , ,

Compliance monkey

The Jersey Financial Services Commission (“JFSC”) conducted an onsite examination of one of its fiduciary licensee’s which has resulted in a public statement being issued. The findings provide an insight in to the areas that our sister Island regulator is focusing on and the regulatory action they are taking in respect of their findings. I believe that the key points of the onsite examination are as follows;

Anti-Money Laundering and Combatting Financing of Terrorism (“AML/CTF”)

The key points made in respect of the examination of the area of AML/CFT noted the following areas as failure to comply with the AML/CFT regulatory requirements:

  • Out of date CDD.
  • Lack of sufficient evidencing of source of funds and source of wealth.
  • Lack of evidence to demonstrate that CDD had been sufficiently evaluated.
  • Inadequate evidence of EDD having been undertaken on High Risk customers
  • Inadequate evidence of the review of risk assessments.
  • Providing registered office only business and the issuance of Powers of Attorney with little control of the risks and oversight expected to be applied to these products.

 

An investigation was also undertaken into a customer entity that had received funds that may have been connected to a fraud. The investigation found the following matters of concern:

  • Mind and management not with the Jersey appointed Directors but with the beneficial owners.
  • Lack of questioning and properly understanding the activities of the customer entity.
  • Allowing payments to be made by the Customer entity without knowing or assessing whether adequate funds would be available to complete transactions.
  • Over reliance on the ultimate beneficial owners instructions and did not challenge the rationale for acquiring assets.
  • Receiving loans which did not have formal loan agreements and were from entities that had the same beneficial owners.
  • Failing to understand the source of funds through the customer entity.
  • Failing to consider adverse information made available to it regarding the source of funds received by the customer’s entity.
  • Receiving funds without knowledge of the remitter and paying them out the next day.
  • Failing to keep adequate books and records for the customer entity
  • Being re-active instead of pro-active in the management of the customer entity.

 

Breaches of the Code of Conduct of Trust Company Business

The key points that led to breaches of the Jersey regulatory framework and principles for the conduct of Trust Company Business were as follows:

  • Failing to act with skill, care and diligence.
  • Failing to evidence in writing decisions made.
  • Failing to identify conflicts of interests.
  • Failing to ensure adequate review procedures were implemented to monitor Trust Company Business.
  • Failing to maintain adequate internal systems and controls.
  • Failing to exercise an adequate level of Corporate Governance.

These failures led to remedial action having to be implemented as follows:

  • Directors stepping down and the appointment of new local Directors and a new Non-Executive Chairperson.
  • Review in conjunction with an external resource of the processes and procedures of the business to effect changes to strengthen its systems and controls.
  • Initiation of a review process of customer files to remedy customer due diligence deficiencies.
  • Remediation programme has been put in place to rectify issues identified by the investigation.

In conclusion I believe that a robust compliance function and a compliance monitoring programme encompassing the regulatory framework would have alerted the business to its deficiencies and assisted in the evidencing of areas of concern that required remedial action that were subsequently identified by the JFSC .  I recommend that the points raised are taken in to account in any Financial Regulated or Registered Business and assessed against its current compliance framework. If you do find that you have issues of concern or that you cannot adequately evidence compliance to the regulatory framework my advice is to form a remediation plan and inform the Commission as soon as practical. A problem shared is a problem halved, I cannot give any guarantees that you will not face regulatory sanction but being open and honest has the potential to reduce or negate the use of regulatory sanctions, as William Mason Director General, mentioned in his December 2013 address to the Industry.  If the regulator in our sister Island is looking at these areas I believe that the Guernsey Commission will also be.

Is Client Due Diligence there to stop Criminals and Criminality?

Lance Barclay AML/CTF , , , , ,

ImageOver the last few years of training people in the weird and wonderful world of AML/CTF I have noticed that people have become despondent with the subject.  I will be the first to admit that it can be a pretty dry subject if not put across well.  One of the areas of despondency that Licensees and their employees have with AML/CTF comes from the task of collecting Client Due Diligence (“CDD”).  Will the collation of CDD actually stop criminals utilising the Bailiwick?  Does this process have any effect on stopping criminality? With some Licensees believing that this burdensome exercise acts as a detriment to business, is this really the case or a misunderstanding?

Stopping criminality and criminals using the Bailiwick by obtaining a passport and utility bill is improbable. It is very unlikely that on production of these documents that they will inform you that they are a criminal and will be using your services and products for their criminality (I have only ever had one unsuccessful drug importer inform me what he was up to when stopped, but that’s another story). These documents are provided to criminals by Government agencies and Utility firms, legitimately, as it is the criminal’s human right after all to be able to live and travel and many do have legitimate incomes.  Criminals will sometimes use fraudulent documents which I’m afraid are prevalent in today’s society.  Fraudulent documents are cheap and easy to obtain and in today’s world of computer technology easy to produce to a very good standard, just look at the print quality of documents that you produce in your office on a day-to-day basis!  Criminals have access to the same if not better technology. Criminals in my experience are only different from ourselves through their moral and ethical values. Ethical and moral values change throughout a person’s life due to the situations they find themselves in and therefore a legitimate customer at a start of a business relationship may change in to a criminal. Unfortunately a passport or utility bill will not tell you if your customer will become a criminal at a later stage.

We are an International Finance Centre respected worldwide for our professionalism and the quality of our products and services and this will naturally be attractive to our customers and potential customers as well as criminals.  Our regulatory framework requires us to identify and verify our customers by obtaining CDD and in my opinion this is not only for us to know our clients and undertake checks to identify any adverse information on them but it also assists Regulators and Law Enforcement Agencies in preventing and detecting criminality and identifying the perpetrators.  By obtaining the required level of CDD when international requests for assistance in investigations are received by either our Regulator or Law Enforcement Agency, it will allow a licensee to react effectively and efficiently, searching their client database to establish if there is any connection or potential connection.

Our Law Enforcement Agency and the Regulator receive requests for assistance from overseas agencies and from my experience the requests are not always the most detailed or extensive and sometimes not totally accurate, this is not the fault of the overseas agency as they are only as good as the intelligence they receive from their sources.  From my time in the Financial Intelligence Service it has never ceased to amaze me that with a little information provided to our Licensees they are able to quickly identify if there is a connection or a potential connection to an enquiry, this is a credit to the professionalism of their employees and commitment in not allowing criminals to prosper.

In one case I dealt with the request for assistance was received from an overseas Law Enforcement Agency who could only provide the suspected person’s name which was very common and a potential address. Not expecting a lot I was surprised to get a phone call from a local financial institution that had a possible match on the suspected person. Relaying this information back to the overseas Law Enforcement Agency their amazement was evident. With a bit more investigative work and liaising between the parties involved it transpired that the local financial institution did have the person the overseas Law Enforcement Agency believed to be involved in criminality, an exercise made easier due to the financial institution having obtained the required CDD which also led to further details being discovered.

I have also been told on occasions by overseas agencies that they always like dealing with the Bailiwick as they are able to establish quickly if there is a connection to their suspect.   This greatly assists them in directing and managing their case and also any potential prosecution. Something positive for all stakeholders in our financial industry to take away with them!

We can safely say that the CDD documents we obtain will not stop criminals utilising the Bailiwick but as you can see they do act as a deterrent.  These documents won’t stop criminality but they will assist in the fight to detect and identify effectively and efficiently suspected criminals when we receive requests from our Law Enforcement Agency or Regulators. The assistance we give to the international community allows the Bailiwick to hold its head up high while discrediting the view held by some out there that we are a safe haven for criminals and their ill-gotten gains, and we do have our supporters out there.

Explaining my view on the necessity to collate these documents, Licensee’s and their employees are able understand the vital importance that they and these documents play in deterring criminals and assisting the international community in the prevention and detection of crime. I hope I have removed the perception that the CDD collation exercise is worthless and burdensome to a business, while demonstrating that it is a worthwhile and a necessary part of doing business in a moral and ethical way. It is interesting to note the recent developments in the on-shore world to pass regulations in respect of identifying ultimate beneficial owners, something we have had in or regulatory framework and have been undertaking for a very long time!