Corporate Governance

Enhancing Compliance: Navigating the GFSC Handbook and High Risk Requirements

Sara Barclay AML/CTF, Compliance, Corporate Governance, Due diligence, Guernsey , , , , , , , ,

In today’s fast-paced regulatory environment, Guernsey financial institutions must ensure they are not only compliant but also adaptive to ever-evolving domestic and international standards. The Guernsey Financial Services Commission (GFSC)Handbook provides a critical framework for ensuring Guernsey financial institutions uphold the highest standards of governance when countering financial crime, countering the financing of terrorism, and countering the Financing of Proliferation (CFC,CTF,CPF or Financial Crime) when undertaking their business activities. One of the most crucial sections, Chapter 8, delves into enhanced customer due diligence (ECDD) measures required for high-risk business relationships and situations. This blog will explore these ECDD measures and how organisations can align their operations and compliance frameworks with the Guernsey regulatory expectations set out in Chapter 8 of the GFSC Handbook.

Understanding the GFSC Handbook: A Regulatory Pillar

The GFSC Handbook is a guiding document that helps regulated entities in Guernsey comply with legislative and regulatory requirements, specifically around CFC, CTF, CPF and operational soundness to prevent and detect financial crime. By addressing both international and local standards, the Handbook covers areas such as:

  • Corporate governance
  • Risk management
  • Due diligence
  • Customer relationships
  • Transaction monitoring

However, when dealing with high-risk scenarios, standard measures are often insufficient. Chapter 8 is designed to mitigate risk in such situations through ECDD, enhanced monitoring, and enhanced reporting requirements to provide for effective corporate governance.

The Importance of Chapter 8: Enhanced Measures for High-Risk Situations

Chapter 8 of the GFSC Handbook specifically addresses scenarios where standard due diligence may not suffice to adequately mitigate risks of high risk business relationships. In such situations, Guernsey financial institutions and their directors and controllers are expected to employ ECDD measures to ensure robust risk management. These high-risk situations may arise from the following:

  • High-risk customers: Individuals or entities from jurisdictions with weaker CFC, CTF, CPF frameworks or with susceptibility to financing of terrorism or proliferation activities, politically exposed persons (PEPs), or clients involved in industries with higher susceptibility to financial crime.
  • Complex or unusual transactions: Large transactions that are inconsistent with the customer’s known profile or operations, or where the source of funds or rationale for the transaction is unclear.
  • Higher-risk products and services: Financial services that pose higher risks, such as correspondent banking, nominee services, and some services involving virtual assets.

Enhanced Customer Due Diligence (ECDD)

One of the critical components of Chapter 8 is ECDD, which goes beyond standard customer identification and verification processes. ECDD measures may include:

  • Additional documentation: Guernsey Financial institutions must collect more extensive documentation to verify the customer’s identity, business activities and rationale, and the source of their funds and wealth of their beneficial owners .
  • More in-depth investigations: Guernsey Financial institutions are required to dig deeper into a client’s background, including reviewing ownership structures, past transactions, and financial history (source of wealth and source of funds).
  • Regular updates: Ongoing due diligence must be performed more frequently, ensuring that any changes to the customer’s profile are promptly captured, investigated, and where required that documentation is obtained to confirm the continued legitimacy of the business relationship.

Key Requirements under Chapter 8 of the GFSC Handbook

To successfully implement Chapter 8, Guernsey Financial institutions need to address several critical areas:

  • Customer Due Diligence (CDD) and understanding and documenting the rationale of the business relationship and its components. 

Under Chapter 8, financial institutions must enhance their CDD and while documenting and clearing demonstration the rationale and purpose of the business relationship. This includes verifying the identity of beneficial owners, understanding the nature and purpose of business relationships, and ensuring continuous monitoring. For high-risk customers, ECDD measures require more rigorous background checks, additional verification, a deeper understanding of the client’s source of wealth and funds, and ensuring that it the take on and continuation of the business relationship is signed off by a higher level of authority and oversight.

  • Transaction Monitoring and Risk Profiling

Guernsey Financial institutions must implement more extensive and frequent transaction monitoring for high-risk clients. Chapter 8 mandates continuous monitoring of business relationships to detect suspicious activities promptly. This includes having lower thresholds for transaction monitoring, greater scrutiny and documentation of transactions, activity undertaken,  and their rationale, to flag unusual patterns or irregular transactions that might indicate money laundering, terrorist financing or proliferation activity.

  • Source of Funds and Wealth Verification, Documentation and Monitoring

Enhanced measures under Chapter 8 place significant emphasis on identifying and verifying the source of funds and wealth and holding up to date documentation on this area. This goes beyond just knowing where the money comes from; Guernsey Financial institutions need to understand how the funds were acquired, the activities that generated them, and ensure they are legitimate. For example, funds coming from high-risk jurisdictions for terrorism or industries require additional scrutiny to prevent bribery and corruption, or activities that may be linked to proliferation activities.

  • Enhanced Monitoring and Reporting

Monitoring business relationships is a continuous process of both day-to-day review of the transactions and verification subjects and more frequent periodic reviews of the business relationship, especially for high-risk clients. Chapter 8 requires Guernsey financial institutions to apply more scrutiny to transactions for high risk business relationships and escalate suspicious activities to the Money Laundering Reporting Officer and where necessary to the authorities, such as the Financial Intelligence Unitor for sanctions to the Guernsey Policy Council . Guernsey Financial Institutions must ensure they have robust internal mechanisms to report suspicious transactions regardless of monetary value, or sanctions while maintaining comprehensive documentation to support their findings.

  • Risk-Based Approach

Chapter 8 promotes a risk-based approach, where enhanced measures are applied based on the level of risk posed by the customer, transaction, service or product provider and any higher risk area identified. Institutions must create internal policies and procedures that reflect this principle, ensuring flexibility in responding to varying levels and types of risk.

Implementing ECDD Measures: Best Practices

To successfully align with Chapter 8 and the broader GFSC Handbook requirements, organizations should consider the following best practices:

  • Comprehensive Risk Assessment: Conduct regular risk assessments to identify customers, products, and services that pose higher risks. This will help prioritize where ECDD measures are necessary.
  • Training and Awareness: Ensure that staff at all levels are trained to recognize high-risk scenarios and know when to apply ECDD measures and what ECDD measures are required.
  • Technological Integration: Utilize advanced technology such as automated sanction screening and transaction monitoring, to flag suspicious activity, and conduct more thorough and continuaous due diligence.
  • Documentation and Record-Keeping: Hold and maintain detailed records of all due diligence processes, transactions, and enhanced measures taken. This is crucial for regulatory reporting and audits.
  • Regular Reviews and Updates: Chapter 8 requires ongoing monitoring and re-assessment of business relationships inclusive of the verification subjects, so Guernsey financial institutions should regularly review their procedures, especially when regulatory changes occur or there are changes to the business plan and sphere of operation.

Conclusion: Staying Ahead of Compliance Obligations

Complying with Chapter 8 of the GFSC Handbook requires a proactive and well-structured approach by the Directors and relevant senior employees in managing high-risk scenarios. Guernsey financial institutions must be vigilant in applying enhanced customer due diligence, monitoring, and reporting, ensuring that all procedures meet the stringent regulatory requirements of the GFSC. By adopting best practices, leveraging technology, and promoting a culture of compliance, Guernsey financial institutions can better manage higher risks and maintain a strong relationship with regulators and stake holders in the Guernsey regualtory framework.

Staying compliant isn’t just about ticking boxes—it’s about detailing the approach to risk, applying the measures and documenting their effectiveness in protecting the local and international financial system from abuse in order to safeguard the reputation of your business and third-parties that provide services to you and your clients.

By carefully and proactively integrating the ECDD measures detailed in Chapter 8 of the Handbook, Guernsey financial institutions can navigate the financial crime risks posed successfully, maintain compliance with GFSC rules and regulations, reporting requirements, and better protect themselves from investigations, enforcement actions and financial crime while providing products and services to those business relationships and persons who are high risk.

Stay ahead of the curve—ensure your compliance regarding Enhanced Due Diligence and high risk business relationships are up to date!

Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place.

The Application of Enhanced Measures for Specific Business Relationships and Occasional Transactions (GFSC Handbook, Chapter 8, Paragraphs 102-125)

Sara Barclay AML/CTF, Compliance, Corporate Governance, Due diligence, Guernsey , , , , , , ,

For Guernsey financial services, enhanced measures are critical for mitigating risks related to money laundering, terrorist financing, and proliferation financing (Financial Crime). The Guernsey Financial Services Commission (GFSC) outlines when and how enhanced measures should be applied, particularly in certain high-risk and higher risk business relationships and occasional transactions. Chapter 8 of the GFSC Handbook, specifically paragraphs 102–125, provides detailed guidance for Guernsey financial institutions on applying these enhanced measures to manage higher-risk and high-risk scenarios.

This post focuses on the application of enhanced measures as they relate to:

  • Non-resident customers
  • Private banking services
  • Personal asset holding vehicles
  • Customers with nominee shareholders

Non-Resident Customers (Paragraphs 106–110)

A Guernsey Financial institution when dealing with a non-resident customer must look at the reasons for that customer using the Bailiwick, especially where the same services are offered in their own country or territory, as these customers, who wish to establish a business relationship or conduct occasional transactions, may present a heightened risk of Financial Crime. For non-resident customers, Guernsey financial institutions must adopt enhanced measures to mitigate these risks.

Enhanced Measures for Non-Resident Customers:

  • Understand the Customer’s Rationale: Firms should investigate why the customer, who is not resident in the Bailiwick, is seeking to establish a business relationship or carry out a transaction. Simply stating “tax planning” or “asset protection” is insufficient; firms must delve into the legitimate underlying reasons for the business relationship. This must also be verified by obtaining such documents or precise of such documents, explantions, from appropriate practicioners or external sources.
  • Leverage External Data: Firms should use external data sources to gather information about the customer’s country of residence and potential risks. This helps build a comprehensive risk profile, similar to what would be available for a resident customer. This can be from the Appendix I & H of the handbook and those identified risks must be mitigated.
  • Verify Source of Funds: Establishing the source of funds (SoF) that will be used or generated in the business relationship is critical. The firm must consider whether the origin of the funds aligns with its understanding of the customer’s risk profile and the rationale for the business relationship. This is especially important when funds come from countries with capital controls, high bribery and corruption risks or financial instability.

Private Banking Services (Paragraphs 111–115)

Private banking services, which involve high-value, non-standardized, and tailored services to high-net-worth individuals.  This is not just in respect of banking activities but could also involve the provision of services by an Investment licensee or a fiduciary Licensee except where the service is part of its duties as a trustee. The significant risks due to the complexity and cross-border nature of the transactions involved. Enhanced measures must be applied to mitigate these risks.

Enhanced Measures for Private Banking Services:

  • More frequent Review of Business Relationship: The firm should conduct more frequent reviews of the business relationship, ensuring that customer due diligence (CDD) measures are still appropriate. Transaction monitoring and thresholds should be adjusted as necessary to provide greater oversight.
  • Understand Source of Wealth and Source of Funds: Special attention must be given to understanding the source of the customer’s SoF and Source of Wealth (SoW) in line with the requirements of the GFSC Handbook and the GFSC Thematic. This is particularly important in private banking relationships where the risk of illicit activities is higher due to the large sums of money involved.
  • Tailored Monitoring: Given the bespoke nature of private banking services, enhanced monitoring and controls should be tailored to each customer’s specific circumstances and the nature of the use of the product and service. The firm should carefully scrutinize large or unusual transactions to ensure they meet the known and evidenced rationale.

Personal Asset Holding Vehicles (Paragraphs 116–121)

Personal asset holding vehicles (legal persons and legal arrangements), often used for holding investments, can obscure the true identity of the beneficial owner or the source of wealth and funds. Therefore, the use of such vehicles presents a higher risk of Financial Crime.

Enhanced Measures for Personal Asset Holding Vehicles:

  • Assess Rationale for the Vehicle: Firms must determine why the customer is using a personal asset holding vehicle rather than holding assets in their own name. The firm must ensure that the use of such a vehicle has a legitimate and genuine purpose. This must also be verified by obtaining such documents or precise of such documents, explantions, from appropriate practicioners or external sources.
  • Understand Source of Wealth and Source of Funds: Special attention must be given to understanding the source of the customer’s SoF and SoW in line with the requirements of the GFSC Handbook and the GFSC Thematic. This includes investigating the activities that generated the SoF and SoW, and any potential risks associated with transferring those funds to and from the Bailiwick.

Customers with Nominee Shareholders (Paragraphs 122–125)

The use of nominee shareholders can complicate the process of determining the true beneficial ownership of a legal person or arrangement, making it easier for customers to obscure their identity. Enhanced measures are necessary to mitigate the risks associated with such structures.

Enhanced Measures for Nominee Shareholders:

  • Determine the Purpose of Nominee Shareholders: Firms must investigate why a customer or a legal person that owns the customer is using nominee shareholders. The rationale should be legitimate and not solely for obscuring beneficial ownership and must be verified and documented.
  • Leverage External Data: To assess the risk posed by nominee shareholders, firms should utilize external data sources to check the fitness and propriety of the nominee shareholder, as well as the particular risks associated with the nominee’s jurisdiction.
  • CDD for Intermediaries: Where nominee shareholders are used in intermediary relationships, firms must follow the specific CDD measures laid out in the GFSC Handbook at Chapter 9, ensuring that appropriate controls are in place to mitigate the risk.

Conclusion

The application of enhanced measures is essential when dealing with higher-risk and  high-risk customers or transactions. Whether the customer is non-resident, utilizing private banking services, operating through a personal asset holding vehicle, or involving nominee shareholders, firms must conduct thorough due diligence to mitigate the potential higher risk of financial crime. By following the guidance outlined in Chapter 8 of the GFSC Handbook, having appropriate policies, procedures and controls,  firms can ensure they remain compliant, demonstrate good corporate governance, while protecting the integrity of their operations.

By carefully applying these enhanced measures, Guernsey financial institutions can better protect themselves from the risks associated with Financial Crime, while meeting the rigorous standards set by the GFSC.

Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. https://technicalspecialistpartners.com/home/

GFSC Handbook Requirements for Source of Wealth and Source of Funds

Sara Barclay AML/CTF, Compliance, Compliance Monitoring, Corporate Governance, Due diligence, Guernsey , , , , , , , , ,

The Guernsey Financial Services Handbook for Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (GFSC Handbook or Handbook)  sets forth comprehensive guidelines on how Guernsey financial institutions should address Source of wealth (SoW) and (SoF) as part of their customer due diligence (CDD) and enhanced due diligence (EDD) processes. These requirements are particularly stringent when dealing with high or higher-risk customers or complex transactions. Some of the key aspects include:

Collection of Information

Guernsey financial institutions must collect sufficient information about the client’s SoW and SoF  to properly assess the legitimacy of their customers financial activities and rationale for the use of the Bailiwick. As detailed in the GFSC Handbook this may involve:

  • Verifying employment income through pay slips, tax returns, or employer references confirming salary.
  • Confirming inheritance via probate or legal documentation.
  • Assessing investment income by reviewing dividend statements, property sales records, or portfolio valuations.

The Handbook stresses that for high-risk customers, Guernsey financial institutions must obtain more granular detail to fully understand the journey to and/or origin of wealth and funds of the person and/or business relationship.

Verification of Information

It is not enough to simply collect SoW and SoF information—institutions must also verify and document it! Verification can include independent checks through public databases, third-party documentation, and government records and the generation of a SoW and SoF memo or document comprising these information sources. 

The GFSC Handbook and the Thematic Review provide a clear roadmap for Guernsey Financial institutions to manage risks related to SoW and SoF effectively. By following these guidelines, institutions can enhance their Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (CFC,CTF,CPF) frameworks, protect their reputations, their third party suppliers and ensure good corporate governance while meeting domestic and internal regulatory obligations and requirements.

For higher and high-risk business relationships and scenarios, additional layers of verification are required, often involving more detailed documentation, such as bank statements, legal contracts, or public filings.

Ongoing Monitoring

SoW and SoF checks are not a one-off exercise. Institutions are required to monitor the source of wealth and funds on an ongoing basis, particularly when dealing with politically exposed persons (PEPs), high-net-worth individuals, or clients from jurisdictions with weaker CFC,CTF,CPF frameworks. If any red flags arise, institutions must investigate further and escalate the matter internally to their Money Laundering Reporting Officer (MLRO) who may externalise a report to the relevant authorities if necessary.

Record Keeping

Maintaining thorough records of all SoW and SoF inquiries, documentation, and verification processes is mandatory. These records are essential for audit trails and for satisfying GFSC’s requirements during compliance reviews or in the event of an on-site regulatory visit, thematic reviews, request for information from a regulatory or law enforcement authority and when making disclosures to the Guernsey FIU.

Insights from the Thematic Review: A Focus on Private Wealth Management

The Thematic Review conducted by the GFSC on Source of Funds and Source of Wealth in the private wealth management sector highlights several critical findings and areas for improvement within the Guernsey financial industry. This review provides deeper insight into how Guernsey financial institutions can bolster their compliance with SoW and SoF requirements.

Key Findings:

  • Insufficient Depth in SoW/SoF Information: The Thematic Review found that many institutions were not gathering enough detailed information on SoW and SoF, particularly for high-risk clients. A common issue was reliance on customer declarations without independent verification. The GFSC expects institutions to dig deeper, especially when there are signs of complexity or higher risk within a business relationship or transaction.
  • Lack of Independent Verification: While most institutions collected some form of SoW and SoF data, verification was often lacking. The GFSC stresses that for high-net-worth individuals, high-risk clients or clients with complex wealth structures, institutions must take extra steps to verify the authenticity of their SoW and SoF.
  • Inconsistent Risk-Based Approach: Many institutions had policies in place but did not apply them appropriately or consistently, particularly in identifying and managing higher and high-risk scenarios. The GFSC noted that this inconsistency poses a significant risk to effective of a Guernsey financial institutions CFC, CTF, CPF controls and the wider compliance with the Handbook’s corporate governance requirements.

Best Practices for Strengthening SoW and SoF Compliance

To better align with the GFSC’s expectations and the findings of the Thematic Review, Guernsey financial institutions should adopt the following best practices:

  •  Implement a Robust Risk-Based Approach

A risk-based approach to SoW and SoF inquiries ensures that the level of investigation and verification matches the customer’s risk profile. High-risk clients, such as PEPs, those in or conducting transactions with high risk jurisdictions,  or those involved in complex financial arrangements, should undergo enhanced due diligence (EDD), which includes more thorough SoW and SoF checks.

  •  Increase Depth of Information Collection

Institutions must ensure that they gather comprehensive information about the client’s SoW and SoF. This includes not only basic facts but also deeper context, such as the history of wealth accumulation and the specific details behind large transactions. 

  •  Utilize Independent Sources for Verification

To avoid over-reliance on customer-provided information, institutions should use independent and reliable sources to verify SoW and SoF. This may involve using public records, financial databases, or independent experts.

  •  Enhance Staff Training and Awareness

Staff at all levels should be trained to understand the importance of SoW and SoF checks, and how to conduct these inquiries effectively. Training should also cover the red flags to watch for potentially risky transactions or clients that may trigger a suspicion to the MLRO.

  •  Ongoing Monitoring and Review

Regular reviews and continuous monitoring of client profiles and their transactions are vital. Institutions must be prepared to escalate any concerns about SoW or SoF to their MLRO , ensuring that these concerns are investigated and, if necessary, reported to the Guernsey FIU.

Conclusion: Ensuring Compliance and Mitigating Risk

Ensuring compliance with SoW and SoF requirements not only helps in meeting regulatory expectations but also plays a key role in maintaining the integrity of the Bailiwick and the global financial system.

For Guernsey financial institutions and those international firms wishing to set up in the Bailiwick, the message is clear: robust, well-documented, and verified SoW and SoF processes are critical for reducing exposure to financial crime risks and ensuring long-term success in the Guernsey Financial Sector for your business.

You can access the GFSC’s full Thematic Review on Source of Funds and Source of Wealth in the Private Wealth Management sector here .

Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com  to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. website link

Maximizing Safety and Minimizing Risk | Impact of Board Risk Assessment (BRA) on Financial Crime Prevention

Sara Barclay AML/CTF, Business Risk Assessment, Compliance, Corporate Governance, Guernsey , ,

I am still wild at heart, surfing, kayaking, and diving sometimes to extremes here on the Island. Every time I go into the water there is risk but also reward. The risks I face will vary on the day and the activity. While the rewards I will gain range from deep relaxation to extreme adrenaline rushes and highs. Each journey into the great blue needs differing skills, preparation and an appreciation of circumstances within myself and outside in the environment to ensure that the risks are managed and mitigated. It is more than just turning up to the coast with cool gear, superficially ticking the box of safety, but ensuring that I have the right flow of information, the tools, and skills to stay within my risk appetite and avoid injury or more. In a fluid environment to extract the maximum I must ensure that the information provided from external and internal sources is processed, considered and acted on to ensure safety. 

The Guernsey Framework has brought in the requirement that firms must assess their business of risks related to money laundering, terrorist financing. Alongside the recent focus on assessing the proliferation financing risks posed by the products and services that they provide to their customers.  This allows the level of risk that a business may face to be ascertained and for the board to then ensure that their policies, procedures, controls and the resources required are suitable and sufficient and remain within their risk appetite. A firm’s BRA must also look at the intrinsic risks of the firm as well as the external risks of the environment, which must be reviewed regularly or at least annually. Allowing the board to  take due consideration of these changes, the level of risk that may have changed to their own risk appetite, and to ensure that risks continue to be managed and mitigated. Preventing the business from being subjected to financial crime. 

The Guernsey regulatory framework sets out the areas that the board should be considering regularly, with suggested and meaningful questions to be considered, alongside a requirement that the board should consider other factors that are present in the business but not necessarily suggested in the framework. These questions or factors will change at different rates to the socio-political environment, the risk of the customers engaged by the business, and resources at hand to manage and mitigate the risks. The board needs to have up-to-date management information on the levels of risk of customers, the resources present, and the current and immediate future requirements. Allowing them to assess the risks and consider the suitability of its policies, procedures, and controls to protect the business and Guernsey.  

The issue becomes where the BRA is treated as a document used to meet the regulatory requirements. Shown through the demonstration of ticking the box of what is believed to be expected in the regulations, an ornament to be brought out, dusted off annually before being put back into its box. The failure to ensure that the BRA remains suitable and sufficient, with up-to-date management information being presented to the board regularly on the risks posed internally and externally inclusive of resources and financial crime issues faced by the firm. Which leads to mis-informed decisions and the higher potential of the failure of policies procedures and controls to prevent financial crime and regulatory intervention.

 It has always appeared odd to me that businesses require monthly management accounts to assess and control their business to its aims and objectives, but that financial crime risk is not considered in the same way. By ensuring that the financial risks are monitored with the resources required to manage and mitigate them a board is the best place to control the businesses exposure to risk, allow resources to be placed to risk, and allow early intervention to protect and preserve their business.  

The BRA is much more than a superficial document that shows compliance with the requirements, being instead a tool to allow board consideration of risks faced and posed on a regular on-going basis to ensure appropriate management and mitigation.  Allowing the board to ensure that resources are put to risks where required and that the direction of the business can be helmed effectively, they are able to handle the financial crime and regulatory squalls, overfalls, and rip currents that undoubtedly will be faced by the business. The BRA won’t stop financial crime but with up-to-date internal and external management information will assist the Business in reacting to risks, real or posed, take effective action by having the necessary resources, experience and skills to survive a storm and ensure the safety of the business by the minimisation of those risks. 

Therefore, much like constant reviewing of conditions and potential risks and rewards when partaking in surf kayaking, firms must continually review and follow the due processes to manage and mitigate  financial crime risks, protect the business endeavours and key stakeholders. 

Changing Climate in Corporate Governance

Sara Barclay Compliance, Corporate Governance, Guernsey , , ,

International Finance Centres are known for their effective and efficient environment for undertaking cross border trade and the provision of products and services to assist and enhance business operations as well as the preserving of the generated wealth for the families and businesses that use them. Unfortunately we are still seen in the same vein as the wolves of Wall Street in a climate of greed is good and to hell with environmental impact. Is it time that this perception was changed? 

In the last decade, if not longer, there has been an undercurrent of change from beneficial owners and of businesses, whereby they have sought to be conscientious and use their wealth generated in the International Finance Centres for wider charitable purposes and causes close to their hearts inclusive of combating climate change. The same could be said about financial services businesses, though this has been for more local causes rather than world wide. Are we really utilising the innovations, products and services we have at our finger tips to their full potential to meet the environmental concerns of our clients, stakeholders and the wider world?

Regulators are also updating their regulatory frameworks to require that financial service businesses consider their impact in respect of climate change, as seen in Guernsey by the updates to the Finance sector Code of Corporate Governance. I would argue that this goes further than just making sure the office lights are turned off, recycling is undertaken and employees use more environmentally friendly forms of transport. Boards I believe should be looking at the business areas they are involved in and mitigating the effect these have on climate change world wide rather than just attending to their local footprint. This should not be in isolation, but in partnership with clients providing them with opportunities and innovations to assist them in ensuring that the impact of their business activities on the environment can also be mitigated. 

While business activities may be legal they may not be environmentally friendly, Boards of financial services businesses should look at their ethics and environmental risk appetite when engaging with clients that are in sectors that are higher risk for climate change. Where clients do engage in sectors that have a higher risk of environmental damage the Board should be aware of the issues relevant to climate change in that sector and should seek assurance that best practices and international standards are applied to mitigate that effect.  Boards should set out their environmental risk appetite and receive sufficient management information to assess the impact the financial service business has by providing products and services to these clients for their business activities. 

It is not just about the here and now impact of climate change but also the future and not all mitigations will produce net emissions or zero impact. Protecting against the effects of climate change should be looked at with a long term view and in the similar way that financial services businesses have provided for the preservation and enhancement of wealth over the years. This may be by allowing opportunities and investment in green technologies, the setting up green funds or in providing products and services that allow for the philanthropic support of education, innovation, research in understanding how to combat climate change and providing support for the communities that are most vulnerable. This allows for Boards of financial services business to show that they are meeting their obligations under the Finance Sector Code of Corporate Governance and their clients are able demonstrate that they are attending to their environmental responsibilities.

Good corporate governance assists in enhancing reputation allowing people to see that international finance centres, their stake holders and users are more than part of a greed is good culture, looking after their own self interests. It allows for clear evidence that demonstrates that they undertake their responsibilities seriously with a wider world appreciation.  Climate change may just be being felt on our shores but it is certainly knocking at our door.      

Paradise Papers – Seeing the Wood for the Trees

Sara Barclay Compliance, Compliance Monitoring, Corporate Governance , , , , , , , , , ,

The now infamous “Paradise Papers” contain personal data obtained from Appleby’s Bermuda office via an illegal hack. This data in part details the utilisation of International Finance Centres (IFC), by high net worth persons and corporates, for tax mitigation purposes. This post makes no comment on the legality or otherwise of using such data. Nor, is it a commentary about tax havens vs IFCs, the ethical considerations of society, and the freedoms for legal persons to engage in trade or invest in or through an IFC. Our focus instead is the failings that Trustees, Foundation Officials, Directors and Employees in Financial Services Businesses (FSB) must learn from in the wake of this saga. We do not purport to be a tax experts and so have not commented on the validity or otherwise of any advice given whether regarding tax or structuring. Our intention is to look at the compliance and “good business practice” considerations at the heart of good corporate governance. With offices in Guernsey, Jersey and having experience of working in Bermuda we believe analysis of legal and regulatory frameworks by jurisdiction offers a less valuable insight than a clear understanding of the general principles and terms of good corporate governance.

Tax Advice
In order for Trustees, Foundation Officials and Directors to fulfil their responsibility and work in the best interest of their clients they must understand and follow the professional tax advice received. They must evidence that they are compliant with this advice and periodically, depending on the type of arrangement they are administering or controlling, ensure that they have up-to-date tax advice on file. They must also evidence that these arrangements remain legal and all tax liabilities are settled when due. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Legal arrangements over time becoming tax non-compliant;
• Legal arrangements set up with draft tax advice without the advice ever being formalised;
• Legal arrangements undertaking new activities outside the scope of the original tax advice;
• Failure to follow tax advice fully, e.g. the non-repayment of a commercial loan arrangement;
• Tax advice provided by those who are not appropriately qualified;
• Tax advice held by the client but never shown to the Trustees, Foundation Officials and Directors.

Control
To ensure tax and legal compliance the Trustees, Foundation Officials and Directors must exert control. Here again to fulfil their responsibilities they must clearly document evidence that they have overarching control of the activities of the legal arrangement. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Beneficiaries committing the legal arrangement to a business arrangement without due consideration and approval of the Trustees, Foundation Officials and Directors in the first instance;
• Those responsible acting without due consideration;
• Those responsible committing the legal arrangement to business activities which do not accord with the arrangement’s rationale;
• Those responsible lack sufficient independence from the client;
• Those responsible are unable to evidence their control of the assets and/or activities of the arrangement.

Investments
The Paradise Papers have also raised questions regarding the suitability and legality of investments undertaken by legal entities. Trustees, Foundation Officials and Directors must ensure that the investments or business activities undertaken by the entity are in line with its intended purpose. Those responsible must also ensure the legality of any investment or business activity does not breach any international sanctions. Though investments or business activities do not require due diligence to the same standard of beneficial ownership due diligence, sufficient research and evidence must be attained to ensure such activity is in the best interest and in line with the objective of the legal arrangement. At the same time sufficient checks must be undertaken to ensure legal compliance and suitability with its objectives both at initiation and on an on-going basis thereafter. The following are instances where those responsible may find that they have failed to attain an appropriate standard:

• Investing or engaging in a business relationship with legal entities related to a sanction regime or jurisdiction;
• Not undertaking sufficient due diligence to ensure that the investment or business engagement does not involve sanctioned legal persons or sanctions breaches;
• Investing or business relationships that are out of line with the entity’s purpose.

Source of Wealth and Funds
Trustees, Foundation Officials and Directors must ensure that they have sufficient understanding and evidence of their clients’ Source of Wealth and Funds (commensurate with their risk classification) to prevent and detect criminality and terrorist financing. Understanding the origin of assets and their usage assists those responsible in forming a picture of the true beneficial ownership, intention and nature of the relationship. This also allows those responsible to have sufficient transparency and enable effective reporting required by international regulatory and legal bodies.

Ethics of Doing Business
Those responsible must ensure that they have given ethical consideration to the activities of any legal arrangement. Ethical considerations must accord with the documented risk appetite and it must be understood that legal arrangements engaged in aggressive tax mitigation or higher risk industries pose a higher reputational risk to the Trustees, Foundation Officials and Directors, their business and those of the jurisdictions in which they are active. As such, these relationships must be properly understood and documented as they may be open to future challenge.

The ethics of doing business must also consider whether sufficient knowledge, qualifications and experience are inherent in those responsible. Trustees, Foundation Officials and Directors must document and evidence their consideration of whether a business relation, either new or continuing is within their realm of knowledge, understanding and experience. Where this is not the case they should remove themselves from responsible positions or obtain suitably experienced individuals as their replacement.

The integrity and professional actions of those responsible will ultimately be assessed by the authorities to ensure that the best interests of stakeholders have been met at all times. This responsibility includes timely reporting of non-compliance with appropriate authorities.

Compliance
While the Trustees, Foundation Officials and Directors remain responsible and accountable for both and their own and the legal arrangements activities, a suitably resourced compliance function is required to assist and advise. Compliance must be a proactive force within a FSB rather than merely a tick box exercise. It must assist in ensuring that the business has attained appropriate tax and legal advice as well as ensuring it is understood and followed. Those responsible must demonstrate the required control and oversight of activities undertaken for and on behalf of the legal arrangement. Findings and recommendations must be reported back to those responsible and any remediation must be tracked to ensure that the business can demonstrate compliance, integrity and appropriate levels of knowledge and understanding of the entity’s activities.

Data Security
The Paradise Papers also clearly highlight the importance of implementing suitable and sufficient data security controls to protect stakeholders. These controls are not just IT system-focussed and must include effective staff training to reduce the risk of an unintentional data leak. Data security systems and processes must be monitored, tested and kept up-to-date. It goes without saying that failure to implement an efficient and effective control environment may lead to a catastrophic loss of data with disastrous reputational consequences for all stakeholders. FSB’s must also be aware and ensure that any 3rd parties who hold data do so effectively and have the necessary safeguards and review processes.

Conclusion Compliance monkey

IFCs adhere to international standards and best practice. While recent data hacks have revealed that there are practitioners out there who have not abided by these requirements, the vast majority are conscientious and highly professional.

However, the current political backdrop is unfavourable to offshore jurisdictions and we should expect greater scrutiny in our professional activities for the foreseeable future. Applying the highest standards of corporate governance is our best path to a successful future.
If you have any concerns or would like to know more please either contact myself

Reflections of 2016

Sara Barclay AML/CTF, Compliance, Compliance Monitoring, Corporate Governance, Due diligence, Guernsey , , ,

Compliance monkeyAs the sun gets lower, the evenings longer and we get closer to the end of a year I cannot help but think what a year it has been and begin to reflect.  For me personally it has been a year that has been full of hard work, assistance and resolution of problems and all this led me to the beautiful Island of Bermuda to undertake a contract for a client.  Not only a fantastic opportunity to show case my skills and knowledge but a joy to work for some fantastic people and meet old and new friends as well as to experience another regulatory culture. While I would rather be pondering the last year and this post from a pool in Bermuda instead of next to a fire on a brisk cold day, Guernsey still very much holds my heart, though Bermuda is a close second.

In looking to the challenges of the future and what the next year may hold for us is it time to reflect on the past year, the regulatory framework and what is needed to ensure that our business moves forward, prospers and continues to uphold the regulatory standards and meet future challenges, and there is no better way to do this than look back over the last year.

There have unfortunately been instances where the Guernsey Financial Services Commission (GFSC) has had to take enforcement action in 2016, never an easy decision but essential in today’s world to assist in the safeguarding and continual success of our international reputation and prosperity.  I do not think it is right to dissect these cases as these are disclosed on the GFSC website but rather look at what lessons can be learnt to avoid a repeat to our businesses and to protect the Directors and Stakeholders.

Risk, Identification and Verification

Most of these incidents reported by the Commission are in respect of Anti-Money Laundering and Counter Terrorist Financing (AML/CTF) within businesses.  That is not to say that all these incidents related to actual financial crime but rather that businesses were not meeting the standards and expectation imposed by our regulatory framework to ensure that verification documentation mitigated the risk of the Island being utilised by criminals.

The identification and verification of customers and controllers to a business relationship is a continuing matter that is reported by the GFSC.  In many cases business’s application of a “risk based approach” had failed to ensure that the due diligence and enhanced due diligence for customers and required parties to a business relationship or occasional transaction, had been obtained and met the standards required by the regulatory framework, inclusive of rules and guidance issued by the GFSC for certification and the suitability of certifiers. It must be remembered that wherever you are licensed you must meet that jurisdictions regulatory requirements as a minimum!

Monitoring and Sanctions

Periodic monitoring of customers was another area where businesses struggled.  It was found in some cases that this monitoring was not undertaken or if undertaken did not meet the regulatory requirements. It was found that risk assessments were inadequate and not reviewed as required by a business’s policy and procedures to meet the obligations of the GFSC, especially where customers had been assessed as high risk.  The review of the rationale for the business relationship and transactions undertaken was found to missing or inadequate, leading to the GFSC questioning whether appropriate and effective policies and procedures were in place inclusive of suspicious activity reporting.

The review of customers to Sanction lists was also noted as an area of concern. While this may be undertaken at the start of a relationship and periodically is it suitable just to wait for these trigger events?  Is the review of transactions subject to sanction screening to ensure that sanctioned legal persons or those entities that they control are not financed? It may be that the GFSC believe terrorist financing to be a low risk to the Bailiwick but this will do nothing to deter terrorist financiers if they find a gap in our defences.  A definite area I think the GFSC will look to assess when conducting on-site examinations and through thematic reviews in 2017, so be warned!

Corporate Governance

Corporate Governance has also come to the forefront not only in the AML/CTF area but also in more prudential assessments of a business.  In all cases enforced by the GFSC the findings go back to the corporate governance requirements of the regulatory framework with the accusation that directors failed to ensure that they acted to ensure that the business could meet the Guernsey regulatory requirements.  THE GFSC also in some cases questioned the independence and integrity of directors due to the regulatory failings identified.  Not only will this area come more to forefront with shareholder activist and the spotlight of international bodies but also from the GFSC to ensure that Directors are suitable and safeguarding Stakeholders and the business.

With the Guernsey regulatory framework changing to meet the international requirements which are evolving it is difficult for any Director to ensure that their Business remains compliant.  Businesses in this ever-changing environment are at risk of falling behind the times.  While only minor infringements of the regulatory framework may be the result, if these infringements are many, systemic and material they may require to be reported to the GFSC.  By the Board bringing these issues to the GFSC, in some cases, remediation without the threat of enforcement can be undertaken, it is after all in the GFSC interest that businesses remediate and enhance themselves to meet the regulatory framework.  It is best to be able to show and have evidence that the Board have discussed the issues affecting the business and the action to be undertaken rather than hearsay in any regulatory inquiry!

Reflections

So, reflect on this year, look at the enforcement cases to ensure that you do not fall foul of history, review your business plans and business assessments to make sure you have the policies and procedures in place to meet the regulatory framework and the requirements of the Business.  Review the Compliance function is it suitable and sufficient? Consider its independence or whether there needs to be independent oversight or outside assistance?  Does the compliance monitoring facilitate management information that is required for Directors to undertake their duties and safeguard the business and stakeholders?  Look outside of your own regulatory regime to other sectors as if something is happening in one there is a good chance that those developments will feed in to your own sector’s regulatory requirements.  Look outside to other jurisdictions as developments there may impact on the regulatory framework where you are.

If you have a last Board meeting of 2016 or even an early 2017 Board meeting set the agenda to reflect on 2016 ensuring that history does not repeat itself. If you do find that you are not in compliance, please ensure that you have the issues and remediation documented whether you consider it material or not to report to the GFSC.

Dear Board, don’t engage me to undertake your outsource compliance requirements until you have read this!

Sara Barclay Compliance, Corporate Governance, Guernsey , , , , , , , , ,

Compliance monkeyGuernsey has an amazing regulatory framework which has become quite a selling point with financial service businesses offering their products and services and those financial service businesses wanting to come and have operations here. Some will utilise outsource compliance professionals to assist them with the cost of set up, on-going costs,  ensuring their business can have knowledgeable and professional persons on-board while it establishes and grows its presence and offerings. Even established firms may need extra compliance support in their business to be able to ensure that they can at all times remain compliant with the Guernsey regulatory framework or ensure that remediation is appropriate and effective.

In the last year the use of outsource compliance professionals has come to the forefront of the regulatory radar, instances of their failure having been identified as contributing to businesses failing to adhere to the regulatory framework. There have been numerous communications from the Commission to the industry on the issues surrounding the requirements for utilising an outsourced compliance professional and failures where this has not been met, showing that the Commission are treating this seriously.

At the end of the day the responsibility for compliance to the regulatory framework is laid firmly at the feet of the Board and they are the first point of call when failings or regulatory deficiencies are identified by the Commission. The need to ensure a Licensee is meeting the regulatory requirements forms at the most basic level with the minimum criteria of licensing as well as being mentioned throughout the regulations, codes instructions, and guidance issued by the Commission.

So what needs to be considered by Boards? Here are some questions to be asked but at all times refer to the legislation regulations, rules,instruction and codes that pertain to your business and licence.

Prior to any engagement consider these points.

You wouldn’t employ anyone to undertake the role in a full-time capacity so why would you chose anyone to do your outsource function?

Prior to any engagement do your due diligence on the outsource company/ person, the person who will be your appointed compliance representative and the people who will be doing the work. At the very minimum the person who will be undertaking the work needs to be suitably qualified and knowledgeable of the area your business operates in and the regulatory rules that pertain to your licence.  You will need to ensure that you can evidence that they have been appropriately screened as you will be expected to have been as diligent with your provider as with your own staff!

You wouldn’t employ anyone who doesn’t have the time for your business?

Prior to any engagement you need to work out how much time will be required. This will change from the role that compliance professional will undertake, as an example an outsourced MLRO will have different time requirements to a compliance professional assisting with licensing.

When you actually look at it, if you have a compliance professional for two hours a week it would take them eighteen weeks to achieve one thirty-six hour working week in your business! Obviously cost is a major factor in this assessment and knowledge and experience never come cheap. The time any compliance professional spends on your business must be commensurate to the size, complexity and nature of your business and the role undertaken.

You need to be aware that a compliance professional will also be working for other firms, there is obviously a risk regarding resources. If their clients require more time or the outsource provider or person undertaking the role has issues with resources will you be affected? You need to ensure that there are controls in place or a plan B to mitigate these risk.

You wouldn’t have any old agreement?

You need to ensure that the outsource agreement meets the requirement of the Guernsey regulatory framework and is legally binding. The Board cannot discharge its responsibilities only delegate the work, it is often a good idea to have a Guernsey Advocate firm look over any agreement, especially if the Board are not familiar with Guernsey Law or this area.

During any engagement consider these points.

You wouldn’t want to be assessed by any old criteria, what criteria is the business or business area being assessed to?

Again this depends on the role you are utilising the outsourced compliance professional for, but you need to know how they are monitoring you and to what standard.  The Board must make sure that it can evidence and satisfy itself and the Commission that the Guernsey regulatory framework requirements have been met.

You wouldn’t want any report, do the reports provided give the full picture of the work being undertaken?

The reports that are provided to the Board must be meaningful and contain accurate management information. This allow the Board to see the whole picture of their business or the area that the outsourced provided has been contracted to service and assess the level of compliance to the regulatory framework. If areas or remediation work have been identified are the Board kept appropriately up to date?

You wouldn’t want to keep on anyone who isn’t performing, is the outsource provider performing to the required standards?

Throughout any engagement the Board must consistently monitor and evidence its monitoring of the outsource provider and/or those undertaking the work for the Licensee. Is the Board satisfied with the work undertaken, is the monitoring of the business meeting the requirements of the Guernsey regulatory framework, has the business changed in its complexity, nature or size and is the person doing the role still suitable?

The most important aspect to any outsource relationship is that you have the right person/firm, they add something to your business, provide you with the accurate management information, they get on with you and are honest to you regarding their business and yours. By hopefully considering and evidencing these requirements a Board will be able to show that they have acted to ensure that their business meets the requirements of the Guernsey regulatory framework. In the unfortunate case where things have not worked out the Board will be able to evidence that they were aware of the issues at the earliest opportunity and have acted to mitigate any non-compliance and remediate the situation.

F1- Team Guernsey

Sara Barclay Compliance Monitoring, Corporate Governance , ,

Singapore F1The excitement of the Singapore Grand Prix has only be heightened by the restriction on what information can be passed to the Drivers. This addition to the regulations has come about as a result of what the fans and the controllers of Formula 1 believe is the driving of the car from the pit wall rather than the Driver actually driving and racing. To me, though the cars are complex, it is the Drivers who have the best perspective and the feel of what is going on around them in order to make the winning or best decisions, as we saw with Hamilton in Monza, who then capitalised on the situation and went on to win the race.

I don’t think it can be questioned that Guernsey is racing in the Formula 1 of Financial Centres globally, or that it has developed a high standard of regulation to be adhered to, while flexible enough to allow businesses to develop and have an advantage over other competing jurisdictions. One of the concerns that I am spoken to about and have previously posted on is whether the Directors and Partners of our Financial Service Businesses are becoming controlled by Compliance Officers and departments, and that essential business decisions are being curtailed and taken out of the hands of these Drivers.

The Board or Partners of a business must work to achieve the aims and objectives that have been set down. To do this they must obtain suitable and sufficient management information to assess whether opportunities are able to be taken. This information does not just come from the compliance department or officer but from a whole host of potential reports from committees and operational units.  They are listening, analysing and digesting all this information in much the same way that a racing driver pre-race will do with his team.  The strategies will be discussed and engineers and technicians will provide reams of information to allow the drivers to realise their strengths and weaknesses and those of the opposition. Drivers must also be aware of the regulations and where the track limits are and what is acceptable and what will be punished and penalised.

It then comes down to the race. Though the reports from the data sources are important to the team and must be continually analysed to ensure that the engines and electrical systems are performing as well as identifying and managing potential issues as they happen. The most important feedback though comes from the Drivers, who feel the track, the car and can see the tyres and the degradation, while eyeing the competition, corners and hazards.  The Directors and Partners are the drivers seeing through their visors the race as it develops, more than a compliance officer, the operational staff and support services, who remain in the pits or the pit wall, working hard behind the scenes and preparing for any eventuality that may occur and ensuring the strategy remains on track. This is why there is a need to have effective management information that is relevant, short and succinct for the Drivers who are racing.

At the end of the day it is up for the drivers to decide how to use the information they receive, some will push too hard and end up in the barriers, blow their engines or destroy their tyres. Blowing the engine or planting yourself into a barrier ensures that the race is over and for a financial service business it potentially means a total rebuild of the business, legal expenses and a loss of reputation. If the Directors or Partners act recklessly or with a cavalier attitude why would an investor or customer place their money or assets with the business? Destroying your tyres means that the driver can continue the race but they will be slower and need to pit stop more, allowing the competitors to seize the advantage, potentially the sponsors as well if the poor performance continues.  We have already seen this year in F1 how sponsors and investors have left or sold their holdings as well as the threats of doing so due to legal proceedings relating to the sport.

By over controlling the drivers or providing them with excessive information or information that is not succinct there are two possible outcomes.

  • The Driver cannot race effectively and take advantage of the opportunities as they arise with the potential of not seeing the hazards ahead or;
  • The Driver does not understand the severity of what they are being told or chooses to ignore the information, acting recklessly they or the team are penalised.

For the Directors and Partners this has the potential of substandard performance to potential legal and regulatory action against them and the business.

2014 SingaporeAs Sterling Moss said before the 2014 Singapore Grand Prix “to win the race you must be the first home”, and to do this the Drivers must have the freedom to race while also respecting the information that they are receiving. For any Director or Partner to have the right information delivered at the right time will assist them in driving the race to their full potential and to bring the race home, while minimising regulatory and legal exceptions or issues that may inhibit them being the first home. Drivers need to have the trust in their teams to continually advance the car to the changing regulations.  The team must provide the Driver with appropriate and effective information so that they can run to the regulations.

The trust developed between the compliance function as well as the other functions of the Business with the Directors and Partners is essential and will assist in the development of the business and the achieving of the Businesses aims and objectives in and effective and efficient manner. Undoubtedly in any season there will be set backs, but for any Driver to have trust and respect of their team reciprocated means that these setbacks can be overcome, potentially without detriment to their championship hopes. Most importantly this cohesiveness will allow the team to focus on the future, perfecting their car to ensure that they remain competitive providing the best outcome for their sponsors and greatest potential to win points and achieve the rewards, Team Guernsey must aspire to this.  Failure to let the Driver race can lose you the race or race advantage the same as the Driver not accurately analysing the right information provided succinctly to manage the car.