Today has been a lovely day in the coffee culture of St Peter Port, meeting and catching up with people, discussing contracts, plans and ideas, before returning home to work on some clients. Working from home allows me the time and space to not only work on engagements but also on ideas, while also being able to attend to the evening meal, taking breaks to collect fresh vegetables and herbs from the garden before slow cooking for the family. It suddenly struck me that a compliance framework is very similar to a recipe. You wouldn’t just throw random ingredients that look good into a pot and hope for the best — at least not if you wanted it to be edible and the same goes for compliance frameworks.
1. Ingredients (Policies & Procedures) Any recipe starts with a list of ingredients — the must-haves. In compliance, these are your policies, procedures, and controls that have been carefully designed to meet the expectations of regulators, clients, and stakeholders. Without them, you can’t “cook” a compliant organisation
2. Method (Processes & Workflows) The step-by-step instructions in a recipe are your workflows. They guide your team on how to use each ingredient in the right sequence — whether it’s onboarding clients, undertaking client transactions, or reporting breaches, complaints or suspicious activity. The method ensures consistency and clarity.
3. Measurements (Risk Appetite & Tolerances) A pinch of chilli adds flavour; too much overwhelms. Similarly, defining your risk appetite ensures the right balance between flexibility and control. While regulations set the boundaries, your organisation can tailor its approach to suit its unique palate.
4. Timing (Monitoring & Review) A good chef knows when to stir, when to simmer, and when to serve. In compliance, that’s your ongoing monitoring and periodic reviews to make sure the framework is still effective and the business can demonstrate its compliance to the regulatory framework and its appetite and objectives. It helps catch issues early, before they “burn” or for the sauce to curdle.
5. Presentation (Reporting & Audit) Even the tastiest meal needs to look appetising. Your reporting and audit trail present your compliance efforts clearly, demonstrating your compliance with the desired regulatory and business outcomes and your competence to regulators, stakeholders, and auditors.
The secret ingredient?Culture Without a shared commitment to doing the right thing — backed by the right resources, experience, and mindset, even the best-designed framework will fall flat. Culture binds it all together
If you’d like to chat about how to get the right ingredients or refine your recipe to make it more palatable for the Stakeholders and Regulator, feel free to reach out: sara@tspgsy.com and please have a look at our website https://technicalspecialistpartners.com/ and see what our menu can offer you.
In today’s fast-paced regulatory environment, Guernsey financial institutions must ensure they are not only compliant but also adaptive to ever-evolving domestic and international standards. The Guernsey Financial Services Commission (GFSC)Handbook provides a critical framework for ensuring Guernsey financial institutions uphold the highest standards of governance when countering financial crime, countering the financing of terrorism, and countering the Financing of Proliferation (CFC,CTF,CPF or Financial Crime) when undertaking their business activities. One of the most crucial sections, Chapter 8, delves into enhanced customer due diligence (ECDD) measures required for high-risk business relationships and situations. This blog will explore these ECDD measures and how organisations can align their operations and compliance frameworks with the Guernsey regulatory expectations set out in Chapter 8 of the GFSC Handbook.
Understanding the GFSC Handbook: A Regulatory Pillar
The GFSC Handbook is a guiding document that helps regulated entities in Guernsey comply with legislative and regulatory requirements, specifically around CFC, CTF, CPF and operational soundness to prevent and detect financial crime. By addressing both international and local standards, the Handbook covers areas such as:
Corporate governance
Risk management
Due diligence
Customer relationships
Transaction monitoring
However, when dealing with high-risk scenarios, standard measures are often insufficient. Chapter 8 is designed to mitigate risk in such situations through ECDD, enhanced monitoring, and enhanced reporting requirements to provide for effective corporate governance.
The Importance of Chapter 8: Enhanced Measures for High-Risk Situations
Chapter 8 of the GFSC Handbook specifically addresses scenarios where standard due diligence may not suffice to adequately mitigate risks of high risk business relationships. In such situations, Guernsey financial institutions and their directors and controllers are expected to employ ECDD measures to ensure robust risk management. These high-risk situations may arise from the following:
High-risk customers: Individuals or entities from jurisdictions with weaker CFC, CTF, CPF frameworks or with susceptibility to financing of terrorism or proliferation activities, politically exposed persons (PEPs), or clients involved in industries with higher susceptibility to financial crime.
Complex or unusual transactions: Large transactions that are inconsistent with the customer’s known profile or operations, or where the source of funds or rationale for the transaction is unclear.
Higher-risk products and services: Financial services that pose higher risks, such as correspondent banking, nominee services, and some services involving virtual assets.
Enhanced Customer Due Diligence (ECDD)
One of the critical components of Chapter 8 is ECDD, which goes beyond standard customer identification and verification processes. ECDD measures may include:
Additional documentation: Guernsey Financial institutions must collect more extensive documentation to verify the customer’s identity, business activities and rationale, and the source of their funds and wealth of their beneficial owners .
More in-depth investigations: Guernsey Financial institutions are required to dig deeper into a client’s background, including reviewing ownership structures, past transactions, and financial history (source of wealth and source of funds).
Regular updates: Ongoing due diligence must be performed more frequently, ensuring that any changes to the customer’s profile are promptly captured, investigated, and where required that documentation is obtained to confirm the continued legitimacy of the business relationship.
Key Requirements under Chapter 8 of the GFSC Handbook
To successfully implement Chapter 8, Guernsey Financial institutions need to address several critical areas:
Customer Due Diligence (CDD) and understanding and documenting the rationale of the business relationship and its components.
Under Chapter 8, financial institutions must enhance their CDD and while documenting and clearing demonstration the rationale and purpose of the business relationship. This includes verifying the identity of beneficial owners, understanding the nature and purpose of business relationships, and ensuring continuous monitoring. For high-risk customers, ECDD measures require more rigorous background checks, additional verification, a deeper understanding of the client’s source of wealth and funds, and ensuring that it the take on and continuation of the business relationship is signed off by a higher level of authority and oversight.
Transaction Monitoring and Risk Profiling
Guernsey Financial institutions must implement more extensive and frequent transaction monitoring for high-risk clients. Chapter 8 mandates continuous monitoring of business relationships to detect suspicious activities promptly. This includes having lower thresholds for transaction monitoring, greater scrutiny and documentation of transactions, activity undertaken, and their rationale, to flag unusual patterns or irregular transactions that might indicate money laundering, terrorist financing or proliferation activity.
Source of Funds and Wealth Verification, Documentation and Monitoring
Enhanced measures under Chapter 8 place significant emphasis on identifying and verifying the source of funds and wealth and holding up to date documentation on this area. This goes beyond just knowing where the money comes from; Guernsey Financial institutions need to understand how the funds were acquired, the activities that generated them, and ensure they are legitimate. For example, funds coming from high-risk jurisdictions for terrorism or industries require additional scrutiny to prevent bribery and corruption, or activities that may be linked to proliferation activities.
Enhanced Monitoring and Reporting
Monitoring business relationships is a continuous process of both day-to-day review of the transactions and verification subjects and more frequent periodic reviews of the business relationship, especially for high-risk clients. Chapter 8 requires Guernsey financial institutions to apply more scrutiny to transactions for high risk business relationships and escalate suspicious activities to the Money Laundering Reporting Officer and where necessary to the authorities, such as the Financial Intelligence Unit, or for sanctionsto the Guernsey Policy Council . Guernsey Financial Institutions must ensure they have robust internal mechanisms to report suspicious transactions regardless of monetary value, or sanctions while maintaining comprehensive documentation to support their findings.
Risk-Based Approach
Chapter 8 promotes a risk-based approach, where enhanced measures are applied based on the level of risk posed by the customer, transaction, service or product provider and any higher risk area identified. Institutions must create internal policies and procedures that reflect this principle, ensuring flexibility in responding to varying levels and types of risk.
Implementing ECDD Measures: Best Practices
To successfully align with Chapter 8 and the broader GFSC Handbook requirements, organizations should consider the following best practices:
Comprehensive Risk Assessment: Conduct regular risk assessments to identify customers, products, and services that pose higher risks. This will help prioritize where ECDD measures are necessary.
Training and Awareness: Ensure that staff at all levels are trained to recognize high-risk scenarios and know when to apply ECDD measures and what ECDD measures are required.
Technological Integration: Utilize advanced technology such as automated sanction screening and transaction monitoring, to flag suspicious activity, and conduct more thorough and continuaous due diligence.
Documentation and Record-Keeping: Hold and maintain detailed records of all due diligence processes, transactions, and enhanced measures taken. This is crucial for regulatory reporting and audits.
Regular Reviews and Updates: Chapter 8 requires ongoing monitoring and re-assessment of business relationships inclusive of the verification subjects, so Guernsey financial institutions should regularly review their procedures, especially when regulatory changes occur or there are changes to the business plan and sphere of operation.
Conclusion: Staying Ahead of Compliance Obligations
Complying with Chapter 8 of the GFSC Handbook requires a proactive and well-structured approach by the Directors and relevant senior employees in managing high-risk scenarios. Guernsey financial institutions must be vigilant in applying enhanced customer due diligence, monitoring, and reporting, ensuring that all procedures meet the stringent regulatory requirements of the GFSC. By adopting best practices, leveraging technology, and promoting a culture of compliance, Guernsey financial institutions can better manage higher risks and maintain a strong relationship with regulators and stake holders in the Guernsey regualtory framework.
Staying compliant isn’t just about ticking boxes—it’s about detailing the approach to risk, applying the measures and documenting their effectiveness in protecting the local and international financial system from abuse in order to safeguard the reputation of your business and third-parties that provide services to you and your clients.
By carefully and proactively integrating the ECDD measures detailed in Chapter 8 of the Handbook, Guernsey financial institutions can navigate the financial crime risks posed successfully, maintain compliance with GFSC rules and regulations, reporting requirements, and better protect themselves from investigations, enforcement actions and financial crime while providing products and services to those business relationships and persons who are high risk.
Stay ahead of the curve—ensure your compliance regarding Enhanced Due Diligence and high risk business relationships are up to date!
Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place.
The Guernsey Financial Services Handbook for Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (GFSC Handbook or Handbook) sets forth comprehensive guidelines on how Guernsey financial institutions should address Source of wealth (SoW) and (SoF) as part of their customer due diligence (CDD) and enhanced due diligence (EDD) processes. These requirements are particularly stringent when dealing with high or higher-risk customers or complex transactions. Some of the key aspects include:
Collection of Information
Guernsey financial institutions must collect sufficient information about the client’s SoW and SoF to properly assess the legitimacy of their customers financial activities and rationale for the use of the Bailiwick. As detailed in the GFSC Handbook this may involve:
Verifying employment income through pay slips, tax returns, or employer references confirming salary.
Confirming inheritance via probate or legal documentation.
Assessing investment income by reviewing dividend statements, property sales records, or portfolio valuations.
The Handbook stresses that for high-risk customers, Guernsey financial institutions must obtain more granular detail to fully understand the journey to and/or origin of wealth and funds of the person and/or business relationship.
Verification of Information
It is not enough to simply collect SoW and SoF information—institutions must also verify and document it! Verification can include independent checks through public databases, third-party documentation, and government records and the generation of a SoW and SoF memo or document comprising these information sources.
The GFSC Handbook and the Thematic Review provide a clear roadmap for Guernsey Financial institutions to manage risks related to SoW and SoF effectively. By following these guidelines, institutions can enhance their Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (CFC,CTF,CPF) frameworks, protect their reputations, their third party suppliers and ensure good corporate governance while meeting domestic and internal regulatory obligations and requirements.
For higher and high-risk business relationships and scenarios, additional layers of verification are required, often involving more detailed documentation, such as bank statements, legal contracts, or public filings.
Ongoing Monitoring
SoW and SoF checks are not a one-off exercise. Institutions are required to monitor the source of wealth and funds on an ongoing basis, particularly when dealing with politically exposed persons (PEPs), high-net-worth individuals, or clients from jurisdictions with weaker CFC,CTF,CPF frameworks. If any red flags arise, institutions must investigate further and escalate the matter internally to their Money Laundering Reporting Officer (MLRO) who may externalise a report to the relevant authorities if necessary.
Record Keeping
Maintaining thorough records of all SoW and SoF inquiries, documentation, and verification processes is mandatory. These records are essential for audit trails and for satisfying GFSC’s requirements during compliance reviews or in the event of an on-site regulatory visit, thematic reviews, request for information from a regulatory or law enforcement authority and when making disclosures to the Guernsey FIU.
Insights from the Thematic Review: A Focus on Private Wealth Management
The Thematic Review conducted by the GFSC on Source of Funds and Source of Wealth in the private wealth management sector highlights several critical findings and areas for improvement within the Guernsey financial industry. This review provides deeper insight into how Guernsey financial institutions can bolster their compliance with SoW and SoF requirements.
Key Findings:
Insufficient Depth in SoW/SoF Information: The Thematic Review found that many institutions were not gathering enough detailed information on SoW and SoF, particularly for high-risk clients. A common issue was reliance on customer declarations without independent verification. The GFSC expects institutions to dig deeper, especially when there are signs of complexity or higher risk within a business relationship or transaction.
Lack of Independent Verification: While most institutions collected some form of SoW and SoF data, verification was often lacking. The GFSC stresses that for high-net-worth individuals, high-risk clients or clients with complex wealth structures, institutions must take extra steps to verify the authenticity of their SoW and SoF.
Inconsistent Risk-Based Approach: Many institutions had policies in place but did not apply them appropriately or consistently, particularly in identifying and managing higher and high-risk scenarios. The GFSC noted that this inconsistency poses a significant risk to effective of a Guernsey financial institutions CFC, CTF, CPF controls and the wider compliance with the Handbook’s corporate governance requirements.
Best Practices for Strengthening SoW and SoF Compliance
To better align with the GFSC’s expectations and the findings of the Thematic Review, Guernsey financial institutions should adopt the following best practices:
Implement a Robust Risk-Based Approach
A risk-based approach to SoW and SoF inquiries ensures that the level of investigation and verification matches the customer’s risk profile. High-risk clients, such as PEPs, those in or conducting transactions with high risk jurisdictions, or those involved in complex financial arrangements, should undergo enhanced due diligence (EDD), which includes more thorough SoW and SoF checks.
Increase Depth of Information Collection
Institutions must ensure that they gather comprehensive information about the client’s SoW and SoF. This includes not only basic facts but also deeper context, such as the history of wealth accumulation and the specific details behind large transactions.
Utilize Independent Sources for Verification
To avoid over-reliance on customer-provided information, institutions should use independent and reliable sources to verify SoW and SoF. This may involve using public records, financial databases, or independent experts.
Enhance Staff Training and Awareness
Staff at all levels should be trained to understand the importance of SoW and SoF checks, and how to conduct these inquiries effectively. Training should also cover the red flags to watch for potentially risky transactions or clients that may trigger a suspicion to the MLRO.
Ongoing Monitoring and Review
Regular reviews and continuous monitoring of client profiles and their transactions are vital. Institutions must be prepared to escalate any concerns about SoW or SoF to their MLRO , ensuring that these concerns are investigated and, if necessary, reported to the Guernsey FIU.
Conclusion: Ensuring Compliance and Mitigating Risk
Ensuring compliance with SoW and SoF requirements not only helps in meeting regulatory expectations but also plays a key role in maintaining the integrity of the Bailiwick and the global financial system.
For Guernsey financial institutions and those international firms wishing to set up in the Bailiwick, the message is clear: robust, well-documented, and verified SoW and SoF processes are critical for reducing exposure to financial crime risks and ensuring long-term success in the Guernsey Financial Sector for your business.
You can access the GFSC’s full Thematic Review on Source of Funds and Source of Wealth in the Private Wealth Management sector here .
Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. website link
International Finance Centres are known for their effective and efficient environment for undertaking cross border trade and the provision of products and services to assist and enhance business operations as well as the preserving of the generated wealth for the families and businesses that use them. Unfortunately we are still seen in the same vein as the wolves of Wall Street in a climate of greed is good and to hell with environmental impact. Is it time that this perception was changed?
In the last decade, if not longer, there has been an undercurrent of change from beneficial owners and of businesses, whereby they have sought to be conscientious and use their wealth generated in the International Finance Centres for wider charitable purposes and causes close to their hearts inclusive of combating climate change. The same could be said about financial services businesses, though this has been for more local causes rather than world wide. Are we really utilising the innovations, products and services we have at our finger tips to their full potential to meet the environmental concerns of our clients, stakeholders and the wider world?
Regulators are also updating their regulatory frameworks to require that financial service businesses consider their impact in respect of climate change, as seen in Guernsey by the updates to the Finance sector Code of Corporate Governance. I would argue that this goes further than just making sure the office lights are turned off, recycling is undertaken and employees use more environmentally friendly forms of transport. Boards I believe should be looking at the business areas they are involved in and mitigating the effect these have on climate change world wide rather than just attending to their local footprint. This should not be in isolation, but in partnership with clients providing them with opportunities and innovations to assist them in ensuring that the impact of their business activities on the environment can also be mitigated.
While business activities may be legal they may not be environmentally friendly, Boards of financial services businesses should look at their ethics and environmental risk appetite when engaging with clients that are in sectors that are higher risk for climate change. Where clients do engage in sectors that have a higher risk of environmental damage the Board should be aware of the issues relevant to climate change in that sector and should seek assurance that best practices and international standards are applied to mitigate that effect. Boards should set out their environmental risk appetite and receive sufficient management information to assess the impact the financial service business has by providing products and services to these clients for their business activities.
It is not just about the here and now impact of climate change but also the future and not all mitigations will produce net emissions or zero impact. Protecting against the effects of climate change should be looked at with a long term view and in the similar way that financial services businesses have provided for the preservation and enhancement of wealth over the years. This may be by allowing opportunities and investment in green technologies, the setting up green funds or in providing products and services that allow for the philanthropic support of education, innovation, research in understanding how to combat climate change and providing support for the communities that are most vulnerable. This allows for Boards of financial services business to show that they are meeting their obligations under the Finance Sector Code of Corporate Governance and their clients are able demonstrate that they are attending to their environmental responsibilities.
Good corporate governance assists in enhancing reputation allowing people to see that international finance centres, their stake holders and users are more than part of a greed is good culture, looking after their own self interests. It allows for clear evidence that demonstrates that they undertake their responsibilities seriously with a wider world appreciation. Climate change may just be being felt on our shores but it is certainly knocking at our door.
Some times there are some things that are more important than Compliance, and that is now and it’s YOU.
We find ourselves in a reality that was unthinkable at the start of 2020 and our best laid plans for the year have disappeared in the tempest that is Covid 19. Many of us are now working from home which adds new stresses and strains that we were not prepared for, and that we are now having to deal with. As someone who has worked remotely for several years I wanted to share some tips to help you stay productive motivated and most importantly safe and well.
Firstly define your work and down time hours and try to stick to them. You need to be flexible but don’t let work take over from your need for down time and self care. Make sure that your colleagues know when you are working and when not to disturb you. Once you finish for the day turn your email off, it can wait till tomorrow and if urgent your firm will be able to contact you.
Ease yourself into your day, have a morning routine to prepare yourself for work. I take the time to make a cup of tea, have breakfast and catch up on the news, but be careful of the media overload and anxiety it can cause. I take my tea and either look or sit outside enjoying the dawn, breathing and just centring myself, sometimes with a quick yoga or Kayak session.
Make sure that you have a separate and dedicated workspace and that it doesn’t invade your personal space.
Have a plan for the day and stick to it but stay flexible and adaptive in your approach. I start by reading through emails and prioritising tasks and jobs to ensure that my plan for the day is as good as it can be. Once done I like to send an email to my colleagues letting them know I am online and can be contacted.
Make sure you schedule breaks throughout the day, I normally take 5 minute breaks every hour or so. This allows you to give your mind a break and recover and refocus. This is the same as any physical training where breaks from activity are needed to refresh the muscles and keep performance up. Your work space at home may not be conveniently designed for prolonged periods of computer work. Get up and move, stretch and get a drink or snack, lessen the strain on your body as well as your mind.
Have lunch, you need this to refuel and switch off completely, try to do this away from your work space to negate your work taking over this personal time. I often try to include an element of physical exercise outside as well as experimenting with recipes and varying my lunch from day to day. Lately I have got back in to sea swimming which is energising and refreshing, but do what makes you feel good and takes your mind off work and any negativity, it is about what is good for you and what is needed to leave your refreshed and motivated.
Have an end of the day routine to ease yourself in to your personal time. Try to finish your tasks and don’t start a new task if you won’t be able to complete it by the end of the day. I finish the day by catching up on emails and notifications and start to plan for tomorrow. Let your colleagues know that you have finished for the day. Review what you did during the day, try not to be overly self critical of your performance, you can’t change what has been, focus on tomorrow and be kind to yourself.
Then turn off, put your work away and start your personal time. By all means relax with a glass of wine or beer but don’t let it take over your personal time. Alcohol is a depressant and can lead to increasing your anxieties and worries, you also need to be fresh and motivated for tomorrow. If you do find that alcohol is starting to take over your life recognise that it is, take steps to regain control over it and seek help if needed.
Working from home is all about communication and as you are not in the office or able to see visual cues you need to over communicate. Communicating with your colleagues is not just to let them know when you are online but also let them know what you are working on and towards. If you need help or think you may need help ask for it, make time to understand what your colleagues have planned and are working on, and where you may be able to assist or help. We are remote and isolated but we have never been more electronically connected, use technology to interact, have video meetings and arrange team meetings where you can all interact.
Try to engage with your colleagues as you would normally do in the office. We all have that down time when we catch up on non-work related topics such as sports or television, remember keep things positive and try to avoid gossip, adding to anxieties and toxic conversations about colleagues, you may not have the whole picture and you won’t know how they are feeling or what they are dealing with. Try to schedule these conversations and interactions for your scheduled breaks as you are still on the firm’s time and should not abuse this.
You may find that a colleague uses this time to open up to you or leans on you for support. As you would do in the office make the time to hear your colleague but let others know you are unavailable and not to be contacted. Be empathetic to your colleague, what may seem trivial to you could be their whole world, support them and let them talk.
If you have concerns about a colleague let your Human Resources department know, they have the skills, training and resources to help and assist, try not to take the problems of others on your shoulders as that will also weigh you down and add to your stresses and strains. If you don’t have an Human Resources Department speak with a senior manger about your concerns, a problem shared is a problem halved, encourage and support your colleague to seek help that is out there.
Be aware of cues that may indicate someone is struggling such as them being withdrawn or making mistakes, maybe they just don’t seem like themselves. Ask them gently if there is something you can help with, strike up the conversation with them but respect their privacy, in some cases just let them know you are there and check in on them more regularly.
If you or anyone of your colleagues is struggling please know it is not a sign of weakness or failure. There are no prizes or bonuses for struggling through, you and your colleagues are part of team and together you are strong, can accomplish amazing feats and will succeed and get through this. Please remember that we are all in this together and it is OK and normal to have a bad day, feel down, anxious or frustrated. You are amazing, be kind to yourself and your colleagues, we can weather this storm together.
Stay safe, stay well and stay home.
I would be grateful to hear or have comments from readers for their tips on working from home or dealing with the day to day stresses and strains of our new day to day normality.
The now infamous “Paradise Papers” contain personal data obtained from Appleby’s Bermuda office via an illegal hack. This data in part details the utilisation of International Finance Centres (IFC), by high net worth persons and corporates, for tax mitigation purposes. This post makes no comment on the legality or otherwise of using such data. Nor, is it a commentary about tax havens vs IFCs, the ethical considerations of society, and the freedoms for legal persons to engage in trade or invest in or through an IFC. Our focus instead is the failings that Trustees, Foundation Officials, Directors and Employees in Financial Services Businesses (FSB) must learn from in the wake of this saga. We do not purport to be a tax experts and so have not commented on the validity or otherwise of any advice given whether regarding tax or structuring. Our intention is to look at the compliance and “good business practice” considerations at the heart of good corporate governance. With offices in Guernsey, Jersey and having experience of working in Bermuda we believe analysis of legal and regulatory frameworks by jurisdiction offers a less valuable insight than a clear understanding of the general principles and terms of good corporate governance.
Tax Advice
In order for Trustees, Foundation Officials and Directors to fulfil their responsibility and work in the best interest of their clients they must understand and follow the professional tax advice received. They must evidence that they are compliant with this advice and periodically, depending on the type of arrangement they are administering or controlling, ensure that they have up-to-date tax advice on file. They must also evidence that these arrangements remain legal and all tax liabilities are settled when due. The following are instances where those responsible may find that they have failed to attain an appropriate standard:
• Legal arrangements over time becoming tax non-compliant;
• Legal arrangements set up with draft tax advice without the advice ever being formalised;
• Legal arrangements undertaking new activities outside the scope of the original tax advice;
• Failure to follow tax advice fully, e.g. the non-repayment of a commercial loan arrangement;
• Tax advice provided by those who are not appropriately qualified;
• Tax advice held by the client but never shown to the Trustees, Foundation Officials and Directors.
Control
To ensure tax and legal compliance the Trustees, Foundation Officials and Directors must exert control. Here again to fulfil their responsibilities they must clearly document evidence that they have overarching control of the activities of the legal arrangement. The following are instances where those responsible may find that they have failed to attain an appropriate standard:
• Beneficiaries committing the legal arrangement to a business arrangement without due consideration and approval of the Trustees, Foundation Officials and Directors in the first instance;
• Those responsible acting without due consideration;
• Those responsible committing the legal arrangement to business activities which do not accord with the arrangement’s rationale;
• Those responsible lack sufficient independence from the client;
• Those responsible are unable to evidence their control of the assets and/or activities of the arrangement.
Investments
The Paradise Papers have also raised questions regarding the suitability and legality of investments undertaken by legal entities. Trustees, Foundation Officials and Directors must ensure that the investments or business activities undertaken by the entity are in line with its intended purpose. Those responsible must also ensure the legality of any investment or business activity does not breach any international sanctions. Though investments or business activities do not require due diligence to the same standard of beneficial ownership due diligence, sufficient research and evidence must be attained to ensure such activity is in the best interest and in line with the objective of the legal arrangement. At the same time sufficient checks must be undertaken to ensure legal compliance and suitability with its objectives both at initiation and on an on-going basis thereafter. The following are instances where those responsible may find that they have failed to attain an appropriate standard:
• Investing or engaging in a business relationship with legal entities related to a sanction regime or jurisdiction;
• Not undertaking sufficient due diligence to ensure that the investment or business engagement does not involve sanctioned legal persons or sanctions breaches;
• Investing or business relationships that are out of line with the entity’s purpose.
Source of Wealth and Funds
Trustees, Foundation Officials and Directors must ensure that they have sufficient understanding and evidence of their clients’ Source of Wealth and Funds (commensurate with their risk classification) to prevent and detect criminality and terrorist financing. Understanding the origin of assets and their usage assists those responsible in forming a picture of the true beneficial ownership, intention and nature of the relationship. This also allows those responsible to have sufficient transparency and enable effective reporting required by international regulatory and legal bodies.
Ethics of Doing Business
Those responsible must ensure that they have given ethical consideration to the activities of any legal arrangement. Ethical considerations must accord with the documented risk appetite and it must be understood that legal arrangements engaged in aggressive tax mitigation or higher risk industries pose a higher reputational risk to the Trustees, Foundation Officials and Directors, their business and those of the jurisdictions in which they are active. As such, these relationships must be properly understood and documented as they may be open to future challenge.
The ethics of doing business must also consider whether sufficient knowledge, qualifications and experience are inherent in those responsible. Trustees, Foundation Officials and Directors must document and evidence their consideration of whether a business relation, either new or continuing is within their realm of knowledge, understanding and experience. Where this is not the case they should remove themselves from responsible positions or obtain suitably experienced individuals as their replacement.
The integrity and professional actions of those responsible will ultimately be assessed by the authorities to ensure that the best interests of stakeholders have been met at all times. This responsibility includes timely reporting of non-compliance with appropriate authorities.
Compliance
While the Trustees, Foundation Officials and Directors remain responsible and accountable for both and their own and the legal arrangements activities, a suitably resourced compliance function is required to assist and advise. Compliance must be a proactive force within a FSB rather than merely a tick box exercise. It must assist in ensuring that the business has attained appropriate tax and legal advice as well as ensuring it is understood and followed. Those responsible must demonstrate the required control and oversight of activities undertaken for and on behalf of the legal arrangement. Findings and recommendations must be reported back to those responsible and any remediation must be tracked to ensure that the business can demonstrate compliance, integrity and appropriate levels of knowledge and understanding of the entity’s activities.
Data Security
The Paradise Papers also clearly highlight the importance of implementing suitable and sufficient data security controls to protect stakeholders. These controls are not just IT system-focussed and must include effective staff training to reduce the risk of an unintentional data leak. Data security systems and processes must be monitored, tested and kept up-to-date. It goes without saying that failure to implement an efficient and effective control environment may lead to a catastrophic loss of data with disastrous reputational consequences for all stakeholders. FSB’s must also be aware and ensure that any 3rd parties who hold data do so effectively and have the necessary safeguards and review processes.
Conclusion
IFCs adhere to international standards and best practice. While recent data hacks have revealed that there are practitioners out there who have not abided by these requirements, the vast majority are conscientious and highly professional.
However, the current political backdrop is unfavourable to offshore jurisdictions and we should expect greater scrutiny in our professional activities for the foreseeable future. Applying the highest standards of corporate governance is our best path to a successful future.
If you have any concerns or would like to know more please either contact myself
Guernsey has an amazing regulatory framework which has become quite a selling point with financial service businesses offering their products and services and those financial service businesses wanting to come and have operations here. Some will utilise outsource compliance professionals to assist them with the cost of set up, on-going costs, ensuring their business can have knowledgeable and professional persons on-board while it establishes and grows its presence and offerings. Even established firms may need extra compliance support in their business to be able to ensure that they can at all times remain compliant with the Guernsey regulatory framework or ensure that remediation is appropriate and effective.
In the last year the use of outsource compliance professionals has come to the forefront of the regulatory radar, instances of their failure having been identified as contributing to businesses failing to adhere to the regulatory framework. There have been numerous communications from the Commission to the industry on the issues surrounding the requirements for utilising an outsourced compliance professional and failures where this has not been met, showing that the Commission are treating this seriously.
At the end of the day the responsibility for compliance to the regulatory framework is laid firmly at the feet of the Board and they are the first point of call when failings or regulatory deficiencies are identified by the Commission. The need to ensure a Licensee is meeting the regulatory requirements forms at the most basic level with the minimum criteria of licensing as well as being mentioned throughout the regulations, codes instructions, and guidance issued by the Commission.
So what needs to be considered by Boards? Here are some questions to be asked but at all times refer to the legislation regulations, rules,instruction and codes that pertain to your business and licence.
Prior to any engagement consider these points.
You wouldn’t employ anyone to undertake the role in a full-time capacity so why would you chose anyone to do your outsource function?
Prior to any engagement do your due diligence on the outsource company/ person, the person who will be your appointed compliance representative and the people who will be doing the work. At the very minimum the person who will be undertaking the work needs to be suitably qualified and knowledgeable of the area your business operates in and the regulatory rules that pertain to your licence. You will need to ensure that you can evidence that they have been appropriately screened as you will be expected to have been as diligent with your provider as with your own staff!
You wouldn’t employ anyone who doesn’t have the time for your business?
Prior to any engagement you need to work out how much time will be required. This will change from the role that compliance professional will undertake, as an example an outsourced MLRO will have different time requirements to a compliance professional assisting with licensing.
When you actually look at it, if you have a compliance professional for two hours a week it would take them eighteen weeks to achieve one thirty-six hour working week in your business! Obviously cost is a major factor in this assessment and knowledge and experience never come cheap. The time any compliance professional spends on your business must be commensurate to the size, complexity and nature of your business and the role undertaken.
You need to be aware that a compliance professional will also be working for other firms, there is obviously a risk regarding resources. If their clients require more time or the outsource provider or person undertaking the role has issues with resources will you be affected? You need to ensure that there are controls in place or a plan B to mitigate these risk.
You wouldn’t have any old agreement?
You need to ensure that the outsource agreement meets the requirement of the Guernsey regulatory framework and is legally binding. The Board cannot discharge its responsibilities only delegate the work, it is often a good idea to have a Guernsey Advocate firm look over any agreement, especially if the Board are not familiar with Guernsey Law or this area.
During any engagement consider these points.
You wouldn’t want to be assessed by any old criteria, what criteria is the business or business area being assessed to?
Again this depends on the role you are utilising the outsourced compliance professional for, but you need to know how they are monitoring you and to what standard. The Board must make sure that it can evidence and satisfy itself and the Commission that the Guernsey regulatory framework requirements have been met.
You wouldn’t want any report, do the reports provided give the full picture of the work being undertaken?
The reports that are provided to the Board must be meaningful and contain accurate management information. This allow the Board to see the whole picture of their business or the area that the outsourced provided has been contracted to service and assess the level of compliance to the regulatory framework. If areas or remediation work have been identified are the Board kept appropriately up to date?
You wouldn’t want to keep on anyone who isn’t performing, is the outsource provider performing to the required standards?
Throughout any engagement the Board must consistently monitor and evidence its monitoring of the outsource provider and/or those undertaking the work for the Licensee. Is the Board satisfied with the work undertaken, is the monitoring of the business meeting the requirements of the Guernsey regulatory framework, has the business changed in its complexity, nature or size and is the person doing the role still suitable?
The most important aspect to any outsource relationship is that you have the right person/firm, they add something to your business, provide you with the accurate management information, they get on with you and are honest to you regarding their business and yours. By hopefully considering and evidencing these requirements a Board will be able to show that they have acted to ensure that their business meets the requirements of the Guernsey regulatory framework. In the unfortunate case where things have not worked out the Board will be able to evidence that they were aware of the issues at the earliest opportunity and have acted to mitigate any non-compliance and remediate the situation.
Does anyone else find it so frustrating to constantly provide client due diligence when accessing financial services products or even when accessing legal services? Is this constant due diligence treadmill stopping us and potentially our clients from accessing products and services? I personally feel that this is unfortunately the case and in some cases I am aware that this has caused clients to utilise other jurisdictions or miss out on investment or business opportunities. I believe that there is a solution to this which could add to the attraction of Guernsey as a place to do business as well as allowing clients greater access to the products and services that can be offered.
The current solution is that the regulated or registered business can if the introducer meets the requirements of an Appendix C business, utilise the introducer regime as stipulated by the Guernsey Financial Services Commissions (GFSC). This allows the registered or regulated business to rely on a certificate confirming identity while promising that the due diligence they hold and maintain meets the Guernsey requirements and will be provided when requested from the regulated or registered business. The regulated or registered business then has to test the introducer throughout the life of the business relationship, to ensure that the introducer can meet the obligations of the introducer certificate and that the due diligence does meets the Guernsey standards. The unfortunate downfall of this system is that sometimes an introducer won’t adhere to the obligations of the introducer certificate or requirements of the rules governing due diligence in Guernsey leaving the regulated or registered business with quite a headache, and remedial work to undertake.
Where an introducer provides clients to regulated or registered business by the use of introducer certificate, for example an IFA providing 300 clients to invest in various Funds at a Guernsey Fund provider, the introducer can become disillusioned with Guernsey and the regulated or registered business when year on year they receive requests to provide the copies of due diligence for a selection of these clients introduced by them. This is a burdensome process for the introducer, taking them away from their business, only to provide documentation for which they can not necessarily recover the cost from their client. Unfortunately some will not want to or be willing to keep their obligations, leading to problems for the regulated or registered business. The solution to this problem is to undertake a 100% testing programme where copies are provided to the receiving regulated or registered business with the introducer form. There is only the need to periodically on a risk based approach go back to the introducer to confirm that the clients details have not changed during the life of the business relationship, such as the address, and if the details have changed that the copies of the updated due diligence are provided. Undertaking this approach allows the regulated or registered business potentially less risk as the due diligence will already have been assessed and deemed suitable at the start of the business relationship and less risk of the introducer not subsequently meeting or adhering to their obligations by not providing the required due diligence. This allows for beneficial relationships to develop between the regulated or registered business and the enhancement of Guernsey as a place to do business.
Where clients have a business relationship with a regulated or registered business that is over a period of years, rather than a one off legal transaction where the business relationship is only for a matter of days or weeks. If the introducer sells these clients during the course of the business relationship to another provider or is taken over, new introducer certificates will have to be obtained by the registered or regulated business or the clients will need to provide due diligence in order that the rules of the GFSC can be met. Therefore I would always recommend for these longer term business relationships that due diligence is obtained rather than relying on the introducer certificate.
The rules issued by the GFSC state that clients who are introduced cannot then be introduced again by the regulated or registered business e.g. no introducer chains. This can lead to the issues of a regulated or registered business unknowingly becoming involved in an introducer chain and having then to obtain the client due diligence, which can have an adverse effect on the business relationship with the client and the relationship with the introducer. This also has the potential for higher cost to the client or loss of earnings by not being able to access an investment product to take advantage of price and in the worst case scenario the client may miss the investment opportunity altogether.
But what if Guernsey could offer a due diligence depository overseen by a regulating authority subject to stringent audits? Just think if clients provided their due diligence to this depository who then ensured that it met the regulatory standards, could this avoid altogether the need to obtain copies of due diligence or have a testing programme? This depository could then provide registered or regulated businesses with an introducer certificate which would be more reliable and there would be less potential of unknowingly becoming part of an introducer chain or finding out the introducer was unable to meet its obligations. Could this reduce compliance cost to a regulated business and make Guernsey more competitive, the Jurisdiction of choice? Clients would be able to access products and services offered by other regulated or registered business with ease and certainty without suffering from the due diligence treadmill. Why stop at just offering this service to local registered and regulated businesses why not take an international approach and service other jurisdictions. This could then lead to an enhancing of our economy while diversifying it at the same time. We have all the right ingredients in Guernsey to undertake this opportunity we just need the political want to do this. But until my utopia happens please think carefully about the use of introducer certificates, sometimes it is actually easier and more beneficial for a registered or regulated business to get original due diligence and can save time money and cost in man hours to undertake the monitoring and any remedial work.
A topic of conversation that often comes up is about “how compliance has become a monster”, sapping the dynamism of a business while slowly choking the new business streams by making the business over compliant. Has the compliance function gone too far and are they now holding Boards and Directors to a compliance and regulatory ransom leading to a loss in commerciality of the Guernsey Finance Sector?
Directors constantly berate me about having board packs that have compliance reports running to some 40 pages or more, how they spend more resources on compliance matters then on the direction of the business and that the compliance function does not assist them in achieving their business objectives. To my mind there is a balance that needs redressing in order that businesses can achieve high standards of compliance, while also achieving the businesses purpose and providing products and services to their clients that are competitive in cost with other jurisdictions.
The relationship between the Board and the compliance function must be one that is symbiotic, both assisting and nurturing one another. The compliance function must undertake suitable and sufficient monitoring of its business and report its findings effectively and efficiently to the Board. This is normally done by either an exception report or in a traditional report style over 40 pages and both have their own benefits and problems.
While using an exception reporting format this allows for immediate notifications of compliance and regulatory issues to the Board. The exception report though can fail to provide the assurance to the Board that the compliance function is suitable or sufficient due to its lack of content and oversight of the business.
The traditional compliance report of 40 pages or more will ensure that the Board can assess the suitability of its monitoring programme and compliance function. The problem with the traditional Compliance report is that its size may lead to regulatory or compliance issues being lost in the pages of the document. I am also aware that in some cases the traditional report format provided so much content but actually lacked the substance required to be provided to the Board in assessing the compliance status and function, a failing for the compliance function and a regulatory failing for the Board.
The compliance function must ensure that it has a suitable and sufficient Compliance Monitoring Programme and the Board must review this document annually to ensure that they are satisfied that it meets the Business and the regulatory requirements for the risks of the business being undertaken. The Compliance Monitoring Programme is the working paper of the compliance function, it shows the testing and findings of the compliance function and allows for suitable and informative compliance reports to be generated for the Board. The compliance report’s to the Board need to be a hybrid version of the traditional report and the exception report becoming more a précis of the Compliance Monitoring Programme, allowing the Board to see the matters of concern while also being assured of the compliance status of the Business.
The compliance function is the adviser to the Board in respect of the regulatory framework, providing advice and solutions to the Board in order that they can achieve the chosen business direction. This is where the business can become choked and the dynamism and competitiveness lost due to the gold plating of a business’s policies and procedures. The compliance function must always remember that it is the Board who decide the level of risk that they are satisfied to work with and that the compliance function is there to mitigate the risk by insuring that suitable and sufficient policies are in place. The compliance function must assess the regulatory requirements applicable to the business being undertaken and ensure that the Business is meeting these minimum requirements. The compliance function must never seek to direct the Board or the Business but to inform the Board what is required and expected of them in respect of the risks that the Board have deemed as acceptable.
I do believe that in some cases the compliance function has gone too far and seeks to control the business due to their own personal views or prejudices. It must always be remembered by all stakeholders in the finance industry in Guernsey that without the business there is no compliance function and without a compliance function there can be no business. It is vital that the compliance function is able to provide the required regulatory information to the Board in a succinct and effective manner in order that the Board can discharge their regulatory duties effectively and efficiently.
It is important that the compliance function provide the Board with first class regulatory advice that is free from their own personal prejudices. This is required in order that the Board can ascertain what the minimum regulatory requirements are and how best they can meet these requirements and make business decisions that will not endanger the Business or its clients. The Board must assess on an annual basis the suitability of its compliance function, if it is not providing the Board with the required information or are making the business lack commerciality by over compliance of the policies and procedures the Board must address these matters as they are ultimately responsible for the compliance function and its suitability and effectiveness.
Technical Specialists 