due diligence

GFSC Handbook Requirements for Source of Wealth and Source of Funds

Sara Barclay AML/CTF, Compliance, Compliance Monitoring, Corporate Governance, Due diligence, Guernsey , , , , , , , , ,

The Guernsey Financial Services Handbook for Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (GFSC Handbook or Handbook)  sets forth comprehensive guidelines on how Guernsey financial institutions should address Source of wealth (SoW) and (SoF) as part of their customer due diligence (CDD) and enhanced due diligence (EDD) processes. These requirements are particularly stringent when dealing with high or higher-risk customers or complex transactions. Some of the key aspects include:

Collection of Information

Guernsey financial institutions must collect sufficient information about the client’s SoW and SoF  to properly assess the legitimacy of their customers financial activities and rationale for the use of the Bailiwick. As detailed in the GFSC Handbook this may involve:

  • Verifying employment income through pay slips, tax returns, or employer references confirming salary.
  • Confirming inheritance via probate or legal documentation.
  • Assessing investment income by reviewing dividend statements, property sales records, or portfolio valuations.

The Handbook stresses that for high-risk customers, Guernsey financial institutions must obtain more granular detail to fully understand the journey to and/or origin of wealth and funds of the person and/or business relationship.

Verification of Information

It is not enough to simply collect SoW and SoF information—institutions must also verify and document it! Verification can include independent checks through public databases, third-party documentation, and government records and the generation of a SoW and SoF memo or document comprising these information sources. 

The GFSC Handbook and the Thematic Review provide a clear roadmap for Guernsey Financial institutions to manage risks related to SoW and SoF effectively. By following these guidelines, institutions can enhance their Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (CFC,CTF,CPF) frameworks, protect their reputations, their third party suppliers and ensure good corporate governance while meeting domestic and internal regulatory obligations and requirements.

For higher and high-risk business relationships and scenarios, additional layers of verification are required, often involving more detailed documentation, such as bank statements, legal contracts, or public filings.

Ongoing Monitoring

SoW and SoF checks are not a one-off exercise. Institutions are required to monitor the source of wealth and funds on an ongoing basis, particularly when dealing with politically exposed persons (PEPs), high-net-worth individuals, or clients from jurisdictions with weaker CFC,CTF,CPF frameworks. If any red flags arise, institutions must investigate further and escalate the matter internally to their Money Laundering Reporting Officer (MLRO) who may externalise a report to the relevant authorities if necessary.

Record Keeping

Maintaining thorough records of all SoW and SoF inquiries, documentation, and verification processes is mandatory. These records are essential for audit trails and for satisfying GFSC’s requirements during compliance reviews or in the event of an on-site regulatory visit, thematic reviews, request for information from a regulatory or law enforcement authority and when making disclosures to the Guernsey FIU.

Insights from the Thematic Review: A Focus on Private Wealth Management

The Thematic Review conducted by the GFSC on Source of Funds and Source of Wealth in the private wealth management sector highlights several critical findings and areas for improvement within the Guernsey financial industry. This review provides deeper insight into how Guernsey financial institutions can bolster their compliance with SoW and SoF requirements.

Key Findings:

  • Insufficient Depth in SoW/SoF Information: The Thematic Review found that many institutions were not gathering enough detailed information on SoW and SoF, particularly for high-risk clients. A common issue was reliance on customer declarations without independent verification. The GFSC expects institutions to dig deeper, especially when there are signs of complexity or higher risk within a business relationship or transaction.
  • Lack of Independent Verification: While most institutions collected some form of SoW and SoF data, verification was often lacking. The GFSC stresses that for high-net-worth individuals, high-risk clients or clients with complex wealth structures, institutions must take extra steps to verify the authenticity of their SoW and SoF.
  • Inconsistent Risk-Based Approach: Many institutions had policies in place but did not apply them appropriately or consistently, particularly in identifying and managing higher and high-risk scenarios. The GFSC noted that this inconsistency poses a significant risk to effective of a Guernsey financial institutions CFC, CTF, CPF controls and the wider compliance with the Handbook’s corporate governance requirements.

Best Practices for Strengthening SoW and SoF Compliance

To better align with the GFSC’s expectations and the findings of the Thematic Review, Guernsey financial institutions should adopt the following best practices:

  •  Implement a Robust Risk-Based Approach

A risk-based approach to SoW and SoF inquiries ensures that the level of investigation and verification matches the customer’s risk profile. High-risk clients, such as PEPs, those in or conducting transactions with high risk jurisdictions,  or those involved in complex financial arrangements, should undergo enhanced due diligence (EDD), which includes more thorough SoW and SoF checks.

  •  Increase Depth of Information Collection

Institutions must ensure that they gather comprehensive information about the client’s SoW and SoF. This includes not only basic facts but also deeper context, such as the history of wealth accumulation and the specific details behind large transactions. 

  •  Utilize Independent Sources for Verification

To avoid over-reliance on customer-provided information, institutions should use independent and reliable sources to verify SoW and SoF. This may involve using public records, financial databases, or independent experts.

  •  Enhance Staff Training and Awareness

Staff at all levels should be trained to understand the importance of SoW and SoF checks, and how to conduct these inquiries effectively. Training should also cover the red flags to watch for potentially risky transactions or clients that may trigger a suspicion to the MLRO.

  •  Ongoing Monitoring and Review

Regular reviews and continuous monitoring of client profiles and their transactions are vital. Institutions must be prepared to escalate any concerns about SoW or SoF to their MLRO , ensuring that these concerns are investigated and, if necessary, reported to the Guernsey FIU.

Conclusion: Ensuring Compliance and Mitigating Risk

Ensuring compliance with SoW and SoF requirements not only helps in meeting regulatory expectations but also plays a key role in maintaining the integrity of the Bailiwick and the global financial system.

For Guernsey financial institutions and those international firms wishing to set up in the Bailiwick, the message is clear: robust, well-documented, and verified SoW and SoF processes are critical for reducing exposure to financial crime risks and ensuring long-term success in the Guernsey Financial Sector for your business.

You can access the GFSC’s full Thematic Review on Source of Funds and Source of Wealth in the Private Wealth Management sector here .

Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com  to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. website link

Reflections of 2016

Sara Barclay AML/CTF, Compliance, Compliance Monitoring, Corporate Governance, Due diligence, Guernsey , , ,

Compliance monkeyAs the sun gets lower, the evenings longer and we get closer to the end of a year I cannot help but think what a year it has been and begin to reflect.  For me personally it has been a year that has been full of hard work, assistance and resolution of problems and all this led me to the beautiful Island of Bermuda to undertake a contract for a client.  Not only a fantastic opportunity to show case my skills and knowledge but a joy to work for some fantastic people and meet old and new friends as well as to experience another regulatory culture. While I would rather be pondering the last year and this post from a pool in Bermuda instead of next to a fire on a brisk cold day, Guernsey still very much holds my heart, though Bermuda is a close second.

In looking to the challenges of the future and what the next year may hold for us is it time to reflect on the past year, the regulatory framework and what is needed to ensure that our business moves forward, prospers and continues to uphold the regulatory standards and meet future challenges, and there is no better way to do this than look back over the last year.

There have unfortunately been instances where the Guernsey Financial Services Commission (GFSC) has had to take enforcement action in 2016, never an easy decision but essential in today’s world to assist in the safeguarding and continual success of our international reputation and prosperity.  I do not think it is right to dissect these cases as these are disclosed on the GFSC website but rather look at what lessons can be learnt to avoid a repeat to our businesses and to protect the Directors and Stakeholders.

Risk, Identification and Verification

Most of these incidents reported by the Commission are in respect of Anti-Money Laundering and Counter Terrorist Financing (AML/CTF) within businesses.  That is not to say that all these incidents related to actual financial crime but rather that businesses were not meeting the standards and expectation imposed by our regulatory framework to ensure that verification documentation mitigated the risk of the Island being utilised by criminals.

The identification and verification of customers and controllers to a business relationship is a continuing matter that is reported by the GFSC.  In many cases business’s application of a “risk based approach” had failed to ensure that the due diligence and enhanced due diligence for customers and required parties to a business relationship or occasional transaction, had been obtained and met the standards required by the regulatory framework, inclusive of rules and guidance issued by the GFSC for certification and the suitability of certifiers. It must be remembered that wherever you are licensed you must meet that jurisdictions regulatory requirements as a minimum!

Monitoring and Sanctions

Periodic monitoring of customers was another area where businesses struggled.  It was found in some cases that this monitoring was not undertaken or if undertaken did not meet the regulatory requirements. It was found that risk assessments were inadequate and not reviewed as required by a business’s policy and procedures to meet the obligations of the GFSC, especially where customers had been assessed as high risk.  The review of the rationale for the business relationship and transactions undertaken was found to missing or inadequate, leading to the GFSC questioning whether appropriate and effective policies and procedures were in place inclusive of suspicious activity reporting.

The review of customers to Sanction lists was also noted as an area of concern. While this may be undertaken at the start of a relationship and periodically is it suitable just to wait for these trigger events?  Is the review of transactions subject to sanction screening to ensure that sanctioned legal persons or those entities that they control are not financed? It may be that the GFSC believe terrorist financing to be a low risk to the Bailiwick but this will do nothing to deter terrorist financiers if they find a gap in our defences.  A definite area I think the GFSC will look to assess when conducting on-site examinations and through thematic reviews in 2017, so be warned!

Corporate Governance

Corporate Governance has also come to the forefront not only in the AML/CTF area but also in more prudential assessments of a business.  In all cases enforced by the GFSC the findings go back to the corporate governance requirements of the regulatory framework with the accusation that directors failed to ensure that they acted to ensure that the business could meet the Guernsey regulatory requirements.  THE GFSC also in some cases questioned the independence and integrity of directors due to the regulatory failings identified.  Not only will this area come more to forefront with shareholder activist and the spotlight of international bodies but also from the GFSC to ensure that Directors are suitable and safeguarding Stakeholders and the business.

With the Guernsey regulatory framework changing to meet the international requirements which are evolving it is difficult for any Director to ensure that their Business remains compliant.  Businesses in this ever-changing environment are at risk of falling behind the times.  While only minor infringements of the regulatory framework may be the result, if these infringements are many, systemic and material they may require to be reported to the GFSC.  By the Board bringing these issues to the GFSC, in some cases, remediation without the threat of enforcement can be undertaken, it is after all in the GFSC interest that businesses remediate and enhance themselves to meet the regulatory framework.  It is best to be able to show and have evidence that the Board have discussed the issues affecting the business and the action to be undertaken rather than hearsay in any regulatory inquiry!

Reflections

So, reflect on this year, look at the enforcement cases to ensure that you do not fall foul of history, review your business plans and business assessments to make sure you have the policies and procedures in place to meet the regulatory framework and the requirements of the Business.  Review the Compliance function is it suitable and sufficient? Consider its independence or whether there needs to be independent oversight or outside assistance?  Does the compliance monitoring facilitate management information that is required for Directors to undertake their duties and safeguard the business and stakeholders?  Look outside of your own regulatory regime to other sectors as if something is happening in one there is a good chance that those developments will feed in to your own sector’s regulatory requirements.  Look outside to other jurisdictions as developments there may impact on the regulatory framework where you are.

If you have a last Board meeting of 2016 or even an early 2017 Board meeting set the agenda to reflect on 2016 ensuring that history does not repeat itself. If you do find that you are not in compliance, please ensure that you have the issues and remediation documented whether you consider it material or not to report to the GFSC.