GFSC

Enhancing Compliance: Navigating the GFSC Handbook and High Risk Requirements

Sara Barclay AML/CTF, Compliance, Corporate Governance, Due diligence, Guernsey , , , , , , , ,

In today’s fast-paced regulatory environment, Guernsey financial institutions must ensure they are not only compliant but also adaptive to ever-evolving domestic and international standards. The Guernsey Financial Services Commission (GFSC)Handbook provides a critical framework for ensuring Guernsey financial institutions uphold the highest standards of governance when countering financial crime, countering the financing of terrorism, and countering the Financing of Proliferation (CFC,CTF,CPF or Financial Crime) when undertaking their business activities. One of the most crucial sections, Chapter 8, delves into enhanced customer due diligence (ECDD) measures required for high-risk business relationships and situations. This blog will explore these ECDD measures and how organisations can align their operations and compliance frameworks with the Guernsey regulatory expectations set out in Chapter 8 of the GFSC Handbook.

Understanding the GFSC Handbook: A Regulatory Pillar

The GFSC Handbook is a guiding document that helps regulated entities in Guernsey comply with legislative and regulatory requirements, specifically around CFC, CTF, CPF and operational soundness to prevent and detect financial crime. By addressing both international and local standards, the Handbook covers areas such as:

  • Corporate governance
  • Risk management
  • Due diligence
  • Customer relationships
  • Transaction monitoring

However, when dealing with high-risk scenarios, standard measures are often insufficient. Chapter 8 is designed to mitigate risk in such situations through ECDD, enhanced monitoring, and enhanced reporting requirements to provide for effective corporate governance.

The Importance of Chapter 8: Enhanced Measures for High-Risk Situations

Chapter 8 of the GFSC Handbook specifically addresses scenarios where standard due diligence may not suffice to adequately mitigate risks of high risk business relationships. In such situations, Guernsey financial institutions and their directors and controllers are expected to employ ECDD measures to ensure robust risk management. These high-risk situations may arise from the following:

  • High-risk customers: Individuals or entities from jurisdictions with weaker CFC, CTF, CPF frameworks or with susceptibility to financing of terrorism or proliferation activities, politically exposed persons (PEPs), or clients involved in industries with higher susceptibility to financial crime.
  • Complex or unusual transactions: Large transactions that are inconsistent with the customer’s known profile or operations, or where the source of funds or rationale for the transaction is unclear.
  • Higher-risk products and services: Financial services that pose higher risks, such as correspondent banking, nominee services, and some services involving virtual assets.

Enhanced Customer Due Diligence (ECDD)

One of the critical components of Chapter 8 is ECDD, which goes beyond standard customer identification and verification processes. ECDD measures may include:

  • Additional documentation: Guernsey Financial institutions must collect more extensive documentation to verify the customer’s identity, business activities and rationale, and the source of their funds and wealth of their beneficial owners .
  • More in-depth investigations: Guernsey Financial institutions are required to dig deeper into a client’s background, including reviewing ownership structures, past transactions, and financial history (source of wealth and source of funds).
  • Regular updates: Ongoing due diligence must be performed more frequently, ensuring that any changes to the customer’s profile are promptly captured, investigated, and where required that documentation is obtained to confirm the continued legitimacy of the business relationship.

Key Requirements under Chapter 8 of the GFSC Handbook

To successfully implement Chapter 8, Guernsey Financial institutions need to address several critical areas:

  • Customer Due Diligence (CDD) and understanding and documenting the rationale of the business relationship and its components. 

Under Chapter 8, financial institutions must enhance their CDD and while documenting and clearing demonstration the rationale and purpose of the business relationship. This includes verifying the identity of beneficial owners, understanding the nature and purpose of business relationships, and ensuring continuous monitoring. For high-risk customers, ECDD measures require more rigorous background checks, additional verification, a deeper understanding of the client’s source of wealth and funds, and ensuring that it the take on and continuation of the business relationship is signed off by a higher level of authority and oversight.

  • Transaction Monitoring and Risk Profiling

Guernsey Financial institutions must implement more extensive and frequent transaction monitoring for high-risk clients. Chapter 8 mandates continuous monitoring of business relationships to detect suspicious activities promptly. This includes having lower thresholds for transaction monitoring, greater scrutiny and documentation of transactions, activity undertaken,  and their rationale, to flag unusual patterns or irregular transactions that might indicate money laundering, terrorist financing or proliferation activity.

  • Source of Funds and Wealth Verification, Documentation and Monitoring

Enhanced measures under Chapter 8 place significant emphasis on identifying and verifying the source of funds and wealth and holding up to date documentation on this area. This goes beyond just knowing where the money comes from; Guernsey Financial institutions need to understand how the funds were acquired, the activities that generated them, and ensure they are legitimate. For example, funds coming from high-risk jurisdictions for terrorism or industries require additional scrutiny to prevent bribery and corruption, or activities that may be linked to proliferation activities.

  • Enhanced Monitoring and Reporting

Monitoring business relationships is a continuous process of both day-to-day review of the transactions and verification subjects and more frequent periodic reviews of the business relationship, especially for high-risk clients. Chapter 8 requires Guernsey financial institutions to apply more scrutiny to transactions for high risk business relationships and escalate suspicious activities to the Money Laundering Reporting Officer and where necessary to the authorities, such as the Financial Intelligence Unitor for sanctions to the Guernsey Policy Council . Guernsey Financial Institutions must ensure they have robust internal mechanisms to report suspicious transactions regardless of monetary value, or sanctions while maintaining comprehensive documentation to support their findings.

  • Risk-Based Approach

Chapter 8 promotes a risk-based approach, where enhanced measures are applied based on the level of risk posed by the customer, transaction, service or product provider and any higher risk area identified. Institutions must create internal policies and procedures that reflect this principle, ensuring flexibility in responding to varying levels and types of risk.

Implementing ECDD Measures: Best Practices

To successfully align with Chapter 8 and the broader GFSC Handbook requirements, organizations should consider the following best practices:

  • Comprehensive Risk Assessment: Conduct regular risk assessments to identify customers, products, and services that pose higher risks. This will help prioritize where ECDD measures are necessary.
  • Training and Awareness: Ensure that staff at all levels are trained to recognize high-risk scenarios and know when to apply ECDD measures and what ECDD measures are required.
  • Technological Integration: Utilize advanced technology such as automated sanction screening and transaction monitoring, to flag suspicious activity, and conduct more thorough and continuaous due diligence.
  • Documentation and Record-Keeping: Hold and maintain detailed records of all due diligence processes, transactions, and enhanced measures taken. This is crucial for regulatory reporting and audits.
  • Regular Reviews and Updates: Chapter 8 requires ongoing monitoring and re-assessment of business relationships inclusive of the verification subjects, so Guernsey financial institutions should regularly review their procedures, especially when regulatory changes occur or there are changes to the business plan and sphere of operation.

Conclusion: Staying Ahead of Compliance Obligations

Complying with Chapter 8 of the GFSC Handbook requires a proactive and well-structured approach by the Directors and relevant senior employees in managing high-risk scenarios. Guernsey financial institutions must be vigilant in applying enhanced customer due diligence, monitoring, and reporting, ensuring that all procedures meet the stringent regulatory requirements of the GFSC. By adopting best practices, leveraging technology, and promoting a culture of compliance, Guernsey financial institutions can better manage higher risks and maintain a strong relationship with regulators and stake holders in the Guernsey regualtory framework.

Staying compliant isn’t just about ticking boxes—it’s about detailing the approach to risk, applying the measures and documenting their effectiveness in protecting the local and international financial system from abuse in order to safeguard the reputation of your business and third-parties that provide services to you and your clients.

By carefully and proactively integrating the ECDD measures detailed in Chapter 8 of the Handbook, Guernsey financial institutions can navigate the financial crime risks posed successfully, maintain compliance with GFSC rules and regulations, reporting requirements, and better protect themselves from investigations, enforcement actions and financial crime while providing products and services to those business relationships and persons who are high risk.

Stay ahead of the curve—ensure your compliance regarding Enhanced Due Diligence and high risk business relationships are up to date!

Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place.

The Application of Enhanced Measures for Specific Business Relationships and Occasional Transactions (GFSC Handbook, Chapter 8, Paragraphs 102-125)

Sara Barclay AML/CTF, Compliance, Corporate Governance, Due diligence, Guernsey , , , , , , ,

For Guernsey financial services, enhanced measures are critical for mitigating risks related to money laundering, terrorist financing, and proliferation financing (Financial Crime). The Guernsey Financial Services Commission (GFSC) outlines when and how enhanced measures should be applied, particularly in certain high-risk and higher risk business relationships and occasional transactions. Chapter 8 of the GFSC Handbook, specifically paragraphs 102–125, provides detailed guidance for Guernsey financial institutions on applying these enhanced measures to manage higher-risk and high-risk scenarios.

This post focuses on the application of enhanced measures as they relate to:

  • Non-resident customers
  • Private banking services
  • Personal asset holding vehicles
  • Customers with nominee shareholders

Non-Resident Customers (Paragraphs 106–110)

A Guernsey Financial institution when dealing with a non-resident customer must look at the reasons for that customer using the Bailiwick, especially where the same services are offered in their own country or territory, as these customers, who wish to establish a business relationship or conduct occasional transactions, may present a heightened risk of Financial Crime. For non-resident customers, Guernsey financial institutions must adopt enhanced measures to mitigate these risks.

Enhanced Measures for Non-Resident Customers:

  • Understand the Customer’s Rationale: Firms should investigate why the customer, who is not resident in the Bailiwick, is seeking to establish a business relationship or carry out a transaction. Simply stating “tax planning” or “asset protection” is insufficient; firms must delve into the legitimate underlying reasons for the business relationship. This must also be verified by obtaining such documents or precise of such documents, explantions, from appropriate practicioners or external sources.
  • Leverage External Data: Firms should use external data sources to gather information about the customer’s country of residence and potential risks. This helps build a comprehensive risk profile, similar to what would be available for a resident customer. This can be from the Appendix I & H of the handbook and those identified risks must be mitigated.
  • Verify Source of Funds: Establishing the source of funds (SoF) that will be used or generated in the business relationship is critical. The firm must consider whether the origin of the funds aligns with its understanding of the customer’s risk profile and the rationale for the business relationship. This is especially important when funds come from countries with capital controls, high bribery and corruption risks or financial instability.

Private Banking Services (Paragraphs 111–115)

Private banking services, which involve high-value, non-standardized, and tailored services to high-net-worth individuals.  This is not just in respect of banking activities but could also involve the provision of services by an Investment licensee or a fiduciary Licensee except where the service is part of its duties as a trustee. The significant risks due to the complexity and cross-border nature of the transactions involved. Enhanced measures must be applied to mitigate these risks.

Enhanced Measures for Private Banking Services:

  • More frequent Review of Business Relationship: The firm should conduct more frequent reviews of the business relationship, ensuring that customer due diligence (CDD) measures are still appropriate. Transaction monitoring and thresholds should be adjusted as necessary to provide greater oversight.
  • Understand Source of Wealth and Source of Funds: Special attention must be given to understanding the source of the customer’s SoF and Source of Wealth (SoW) in line with the requirements of the GFSC Handbook and the GFSC Thematic. This is particularly important in private banking relationships where the risk of illicit activities is higher due to the large sums of money involved.
  • Tailored Monitoring: Given the bespoke nature of private banking services, enhanced monitoring and controls should be tailored to each customer’s specific circumstances and the nature of the use of the product and service. The firm should carefully scrutinize large or unusual transactions to ensure they meet the known and evidenced rationale.

Personal Asset Holding Vehicles (Paragraphs 116–121)

Personal asset holding vehicles (legal persons and legal arrangements), often used for holding investments, can obscure the true identity of the beneficial owner or the source of wealth and funds. Therefore, the use of such vehicles presents a higher risk of Financial Crime.

Enhanced Measures for Personal Asset Holding Vehicles:

  • Assess Rationale for the Vehicle: Firms must determine why the customer is using a personal asset holding vehicle rather than holding assets in their own name. The firm must ensure that the use of such a vehicle has a legitimate and genuine purpose. This must also be verified by obtaining such documents or precise of such documents, explantions, from appropriate practicioners or external sources.
  • Understand Source of Wealth and Source of Funds: Special attention must be given to understanding the source of the customer’s SoF and SoW in line with the requirements of the GFSC Handbook and the GFSC Thematic. This includes investigating the activities that generated the SoF and SoW, and any potential risks associated with transferring those funds to and from the Bailiwick.

Customers with Nominee Shareholders (Paragraphs 122–125)

The use of nominee shareholders can complicate the process of determining the true beneficial ownership of a legal person or arrangement, making it easier for customers to obscure their identity. Enhanced measures are necessary to mitigate the risks associated with such structures.

Enhanced Measures for Nominee Shareholders:

  • Determine the Purpose of Nominee Shareholders: Firms must investigate why a customer or a legal person that owns the customer is using nominee shareholders. The rationale should be legitimate and not solely for obscuring beneficial ownership and must be verified and documented.
  • Leverage External Data: To assess the risk posed by nominee shareholders, firms should utilize external data sources to check the fitness and propriety of the nominee shareholder, as well as the particular risks associated with the nominee’s jurisdiction.
  • CDD for Intermediaries: Where nominee shareholders are used in intermediary relationships, firms must follow the specific CDD measures laid out in the GFSC Handbook at Chapter 9, ensuring that appropriate controls are in place to mitigate the risk.

Conclusion

The application of enhanced measures is essential when dealing with higher-risk and  high-risk customers or transactions. Whether the customer is non-resident, utilizing private banking services, operating through a personal asset holding vehicle, or involving nominee shareholders, firms must conduct thorough due diligence to mitigate the potential higher risk of financial crime. By following the guidance outlined in Chapter 8 of the GFSC Handbook, having appropriate policies, procedures and controls,  firms can ensure they remain compliant, demonstrate good corporate governance, while protecting the integrity of their operations.

By carefully applying these enhanced measures, Guernsey financial institutions can better protect themselves from the risks associated with Financial Crime, while meeting the rigorous standards set by the GFSC.

Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. https://technicalspecialistpartners.com/home/

GFSC Handbook Requirements for Source of Wealth and Source of Funds

Sara Barclay AML/CTF, Compliance, Compliance Monitoring, Corporate Governance, Due diligence, Guernsey , , , , , , , , ,

The Guernsey Financial Services Handbook for Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (GFSC Handbook or Handbook)  sets forth comprehensive guidelines on how Guernsey financial institutions should address Source of wealth (SoW) and (SoF) as part of their customer due diligence (CDD) and enhanced due diligence (EDD) processes. These requirements are particularly stringent when dealing with high or higher-risk customers or complex transactions. Some of the key aspects include:

Collection of Information

Guernsey financial institutions must collect sufficient information about the client’s SoW and SoF  to properly assess the legitimacy of their customers financial activities and rationale for the use of the Bailiwick. As detailed in the GFSC Handbook this may involve:

  • Verifying employment income through pay slips, tax returns, or employer references confirming salary.
  • Confirming inheritance via probate or legal documentation.
  • Assessing investment income by reviewing dividend statements, property sales records, or portfolio valuations.

The Handbook stresses that for high-risk customers, Guernsey financial institutions must obtain more granular detail to fully understand the journey to and/or origin of wealth and funds of the person and/or business relationship.

Verification of Information

It is not enough to simply collect SoW and SoF information—institutions must also verify and document it! Verification can include independent checks through public databases, third-party documentation, and government records and the generation of a SoW and SoF memo or document comprising these information sources. 

The GFSC Handbook and the Thematic Review provide a clear roadmap for Guernsey Financial institutions to manage risks related to SoW and SoF effectively. By following these guidelines, institutions can enhance their Countering Financial Crime, Countering Terrorist Financing and Countering Proliferation Financing (CFC,CTF,CPF) frameworks, protect their reputations, their third party suppliers and ensure good corporate governance while meeting domestic and internal regulatory obligations and requirements.

For higher and high-risk business relationships and scenarios, additional layers of verification are required, often involving more detailed documentation, such as bank statements, legal contracts, or public filings.

Ongoing Monitoring

SoW and SoF checks are not a one-off exercise. Institutions are required to monitor the source of wealth and funds on an ongoing basis, particularly when dealing with politically exposed persons (PEPs), high-net-worth individuals, or clients from jurisdictions with weaker CFC,CTF,CPF frameworks. If any red flags arise, institutions must investigate further and escalate the matter internally to their Money Laundering Reporting Officer (MLRO) who may externalise a report to the relevant authorities if necessary.

Record Keeping

Maintaining thorough records of all SoW and SoF inquiries, documentation, and verification processes is mandatory. These records are essential for audit trails and for satisfying GFSC’s requirements during compliance reviews or in the event of an on-site regulatory visit, thematic reviews, request for information from a regulatory or law enforcement authority and when making disclosures to the Guernsey FIU.

Insights from the Thematic Review: A Focus on Private Wealth Management

The Thematic Review conducted by the GFSC on Source of Funds and Source of Wealth in the private wealth management sector highlights several critical findings and areas for improvement within the Guernsey financial industry. This review provides deeper insight into how Guernsey financial institutions can bolster their compliance with SoW and SoF requirements.

Key Findings:

  • Insufficient Depth in SoW/SoF Information: The Thematic Review found that many institutions were not gathering enough detailed information on SoW and SoF, particularly for high-risk clients. A common issue was reliance on customer declarations without independent verification. The GFSC expects institutions to dig deeper, especially when there are signs of complexity or higher risk within a business relationship or transaction.
  • Lack of Independent Verification: While most institutions collected some form of SoW and SoF data, verification was often lacking. The GFSC stresses that for high-net-worth individuals, high-risk clients or clients with complex wealth structures, institutions must take extra steps to verify the authenticity of their SoW and SoF.
  • Inconsistent Risk-Based Approach: Many institutions had policies in place but did not apply them appropriately or consistently, particularly in identifying and managing higher and high-risk scenarios. The GFSC noted that this inconsistency poses a significant risk to effective of a Guernsey financial institutions CFC, CTF, CPF controls and the wider compliance with the Handbook’s corporate governance requirements.

Best Practices for Strengthening SoW and SoF Compliance

To better align with the GFSC’s expectations and the findings of the Thematic Review, Guernsey financial institutions should adopt the following best practices:

  •  Implement a Robust Risk-Based Approach

A risk-based approach to SoW and SoF inquiries ensures that the level of investigation and verification matches the customer’s risk profile. High-risk clients, such as PEPs, those in or conducting transactions with high risk jurisdictions,  or those involved in complex financial arrangements, should undergo enhanced due diligence (EDD), which includes more thorough SoW and SoF checks.

  •  Increase Depth of Information Collection

Institutions must ensure that they gather comprehensive information about the client’s SoW and SoF. This includes not only basic facts but also deeper context, such as the history of wealth accumulation and the specific details behind large transactions. 

  •  Utilize Independent Sources for Verification

To avoid over-reliance on customer-provided information, institutions should use independent and reliable sources to verify SoW and SoF. This may involve using public records, financial databases, or independent experts.

  •  Enhance Staff Training and Awareness

Staff at all levels should be trained to understand the importance of SoW and SoF checks, and how to conduct these inquiries effectively. Training should also cover the red flags to watch for potentially risky transactions or clients that may trigger a suspicion to the MLRO.

  •  Ongoing Monitoring and Review

Regular reviews and continuous monitoring of client profiles and their transactions are vital. Institutions must be prepared to escalate any concerns about SoW or SoF to their MLRO , ensuring that these concerns are investigated and, if necessary, reported to the Guernsey FIU.

Conclusion: Ensuring Compliance and Mitigating Risk

Ensuring compliance with SoW and SoF requirements not only helps in meeting regulatory expectations but also plays a key role in maintaining the integrity of the Bailiwick and the global financial system.

For Guernsey financial institutions and those international firms wishing to set up in the Bailiwick, the message is clear: robust, well-documented, and verified SoW and SoF processes are critical for reducing exposure to financial crime risks and ensuring long-term success in the Guernsey Financial Sector for your business.

You can access the GFSC’s full Thematic Review on Source of Funds and Source of Wealth in the Private Wealth Management sector here .

Stay ahead of the curve—ensure your compliance is up to date! Join us at Technical Specialist Partners in fostering a culture of integrity and accountability by contacting us at hello@technicalspecialistpartners.com  to discuss your requirements and the services that we can provide. Together we can build a compliant and ethical work place. website link

Dear Board, don’t engage me to undertake your outsource compliance requirements until you have read this!

Sara Barclay Compliance, Corporate Governance, Guernsey , , , , , , , , ,

Compliance monkeyGuernsey has an amazing regulatory framework which has become quite a selling point with financial service businesses offering their products and services and those financial service businesses wanting to come and have operations here. Some will utilise outsource compliance professionals to assist them with the cost of set up, on-going costs,  ensuring their business can have knowledgeable and professional persons on-board while it establishes and grows its presence and offerings. Even established firms may need extra compliance support in their business to be able to ensure that they can at all times remain compliant with the Guernsey regulatory framework or ensure that remediation is appropriate and effective.

In the last year the use of outsource compliance professionals has come to the forefront of the regulatory radar, instances of their failure having been identified as contributing to businesses failing to adhere to the regulatory framework. There have been numerous communications from the Commission to the industry on the issues surrounding the requirements for utilising an outsourced compliance professional and failures where this has not been met, showing that the Commission are treating this seriously.

At the end of the day the responsibility for compliance to the regulatory framework is laid firmly at the feet of the Board and they are the first point of call when failings or regulatory deficiencies are identified by the Commission. The need to ensure a Licensee is meeting the regulatory requirements forms at the most basic level with the minimum criteria of licensing as well as being mentioned throughout the regulations, codes instructions, and guidance issued by the Commission.

So what needs to be considered by Boards? Here are some questions to be asked but at all times refer to the legislation regulations, rules,instruction and codes that pertain to your business and licence.

Prior to any engagement consider these points.

You wouldn’t employ anyone to undertake the role in a full-time capacity so why would you chose anyone to do your outsource function?

Prior to any engagement do your due diligence on the outsource company/ person, the person who will be your appointed compliance representative and the people who will be doing the work. At the very minimum the person who will be undertaking the work needs to be suitably qualified and knowledgeable of the area your business operates in and the regulatory rules that pertain to your licence.  You will need to ensure that you can evidence that they have been appropriately screened as you will be expected to have been as diligent with your provider as with your own staff!

You wouldn’t employ anyone who doesn’t have the time for your business?

Prior to any engagement you need to work out how much time will be required. This will change from the role that compliance professional will undertake, as an example an outsourced MLRO will have different time requirements to a compliance professional assisting with licensing.

When you actually look at it, if you have a compliance professional for two hours a week it would take them eighteen weeks to achieve one thirty-six hour working week in your business! Obviously cost is a major factor in this assessment and knowledge and experience never come cheap. The time any compliance professional spends on your business must be commensurate to the size, complexity and nature of your business and the role undertaken.

You need to be aware that a compliance professional will also be working for other firms, there is obviously a risk regarding resources. If their clients require more time or the outsource provider or person undertaking the role has issues with resources will you be affected? You need to ensure that there are controls in place or a plan B to mitigate these risk.

You wouldn’t have any old agreement?

You need to ensure that the outsource agreement meets the requirement of the Guernsey regulatory framework and is legally binding. The Board cannot discharge its responsibilities only delegate the work, it is often a good idea to have a Guernsey Advocate firm look over any agreement, especially if the Board are not familiar with Guernsey Law or this area.

During any engagement consider these points.

You wouldn’t want to be assessed by any old criteria, what criteria is the business or business area being assessed to?

Again this depends on the role you are utilising the outsourced compliance professional for, but you need to know how they are monitoring you and to what standard.  The Board must make sure that it can evidence and satisfy itself and the Commission that the Guernsey regulatory framework requirements have been met.

You wouldn’t want any report, do the reports provided give the full picture of the work being undertaken?

The reports that are provided to the Board must be meaningful and contain accurate management information. This allow the Board to see the whole picture of their business or the area that the outsourced provided has been contracted to service and assess the level of compliance to the regulatory framework. If areas or remediation work have been identified are the Board kept appropriately up to date?

You wouldn’t want to keep on anyone who isn’t performing, is the outsource provider performing to the required standards?

Throughout any engagement the Board must consistently monitor and evidence its monitoring of the outsource provider and/or those undertaking the work for the Licensee. Is the Board satisfied with the work undertaken, is the monitoring of the business meeting the requirements of the Guernsey regulatory framework, has the business changed in its complexity, nature or size and is the person doing the role still suitable?

The most important aspect to any outsource relationship is that you have the right person/firm, they add something to your business, provide you with the accurate management information, they get on with you and are honest to you regarding their business and yours. By hopefully considering and evidencing these requirements a Board will be able to show that they have acted to ensure that their business meets the requirements of the Guernsey regulatory framework. In the unfortunate case where things have not worked out the Board will be able to evidence that they were aware of the issues at the earliest opportunity and have acted to mitigate any non-compliance and remediate the situation.

Introducer Certificates the Pro’s and Con’s

Sara Barclay Introducer Certificates , , , , , , , , ,

Does anyone else find it so frustrating to constantly provide client due diligence when accessing financial services products or even when accessing legal services?  Is this constant due diligence treadmill stopping us and potentially our clients from accessing products and services?  I personally feel that this is unfortunately the case and in some cases I am aware that this has caused clients to utilise other jurisdictions or miss out on investment or business opportunities.  I believe that there is a solution to this which could add to the attraction of Guernsey as a place to do business as well as allowing clients greater access to the products and services that can be offered.

The current solution is that the regulated or registered business can if the introducer meets the requirements of an Appendix C business, utilise the introducer regime as stipulated by the Guernsey Financial Services Commissions (GFSC).  This allows the registered or regulated business to rely on a certificate confirming identity while promising that the due diligence they hold and maintain meets the Guernsey requirements and will be provided when requested from the regulated or registered business.  The regulated or registered business then has to test the introducer throughout the life of the business relationship, to ensure that the introducer can meet the obligations of the introducer certificate and that the due diligence does meets the Guernsey standards. The unfortunate downfall of this system is that sometimes an introducer won’t adhere to the obligations of the introducer certificate or requirements of the rules governing due diligence in Guernsey leaving the regulated or registered business with quite a headache, and remedial work to undertake.

Where an introducer provides clients to regulated or registered business by the use of introducer certificate, for example an IFA providing 300 clients to invest in various Funds at a Guernsey Fund provider, the introducer can become disillusioned with Guernsey and the regulated or registered business when year on year they receive requests to provide the copies of due diligence for a selection of these clients introduced by them.  This is a burdensome process for the introducer, taking them away from their business, only to provide documentation for which they can not necessarily recover the cost from their client.  Unfortunately some will not want to or be willing to keep their obligations, leading to problems for the regulated or registered business.  The solution to this problem is to undertake a 100% testing programme where copies are provided to the receiving regulated or registered business with the introducer form.  There is only the need to periodically on a risk based approach go back to the introducer to confirm that the clients details have not changed during the life of the business relationship, such as the address, and if the details have changed that the copies of the updated due diligence are provided.  Undertaking this approach allows the regulated or registered business potentially less risk as the due diligence will already have been assessed and deemed suitable at the start of the business relationship and less risk of the introducer not subsequently meeting or adhering to their obligations by not providing the required due diligence. This allows for beneficial relationships to develop between the regulated or registered business and the enhancement of Guernsey as a place to do business.

Where clients have a business relationship with a regulated or registered business that is over a period of years, rather than a one off legal transaction where the business relationship is only for a matter of days or weeks.  If the introducer sells these clients during the course of the business relationship to another provider or is taken over, new introducer certificates will have to be obtained by the registered or regulated business or the clients will need to provide due diligence in order that the rules of the GFSC can be met.  Therefore I would always recommend for these longer term business relationships that due diligence is obtained rather than relying on the introducer certificate.

The rules issued by the GFSC state that clients who are introduced cannot then be introduced again by the regulated or registered business e.g. no introducer chains.  This can lead to the issues of a regulated or registered business unknowingly becoming involved in an introducer chain and having then to obtain the client due diligence, which can have an adverse effect on the business relationship with the client and the relationship with the introducer.  This also has the potential for higher cost to the client or loss of earnings by not being able to access an investment product to take advantage of price and in the worst case scenario the client may miss the investment opportunity altogether.

But what if Guernsey could offer a due diligence depository overseen by a regulating authority subject to stringent audits? Just think if clients provided their due diligence to this depository who then ensured that it met the regulatory standards, could this avoid altogether the need to obtain copies of due diligence or have a testing programme?  This depository could then provide registered or regulated businesses with an introducer certificate which would be more reliable and there would be less potential of unknowingly becoming part of an introducer chain or finding out the introducer was unable to meet its obligations. Could this reduce compliance cost to a regulated business and make Guernsey more competitive, the Jurisdiction of choice? Clients would be able to access products and services offered by other regulated or registered business with ease and certainty without suffering from the due diligence treadmill. Why stop at just offering this service to local registered and regulated businesses why not take an international approach and service other jurisdictions.  This could then lead to an enhancing of our economy while diversifying it at the same time.  We have all the right ingredients in Guernsey to undertake this opportunity we just need the political want to do this. But until my utopia happens please think carefully about the use of introducer certificates, sometimes it is actually easier and more beneficial for a registered or regulated business to get original due diligence and can save time money and cost in man hours to undertake the monitoring and any remedial work.

Getting the right fit for the BRA

Sara Barclay Business Risk Assessment, Compliance Monitoring , , , , , ,

Being the holiday season its time to sit back relax and take stock of all that has happened in 2013. Time for any Compliance professional to take stock of the year and to review the key business documents of a licensee and assess if they remain fit for purpose or need to be enhanced.

One such document that requires to be reviewed at least annually is the Business Risk Assessment (BRA) to ensure it is fit for the regulatory framework and the Licensee.  The BRA though is a document  that licensees struggle with and the Guernsey Financial Services Commission (Commission) constantly find as deficient. What lessons can we learn that will allow our 2014 BRA’s to be fit for the licensee and for the rules and regulations?

Essentially the BRA is a high level overarching document that the Board of a licensee must have in place. It evidences what the business is about, identifies the risks associated with its products and services, clients and the jurisdictions that it undertakes business in or through. The Commission have commented on how these documents tend to fall short of the mark, being generic, over simplified and not representative of the licensee.

Whenever I re-draft or assist a licensee with a BRA I take the approach of creating a document that tells the story of the licensee ensuring that it flows into the policies, procedures and forms. I use the BRA to create the framework from which the licensee’s policies and the procedures enlarge upon and stipulate the full requirements of the licensee requirements and the regulatory framework.

My BRA’s look at what the licensee business plan is, the Money Laundering, Bribery and Corruption and Terrorist Financing (ML/BC/TF) risks that the business is exposed to from following its business plan. I then look at how the licensee will mitigate the risks by the implementation of its policies, periodic reviews and training. How it will differentiate its high risk’s from its low risk’s to ensure that a risk based approach can be applied successfully and cost effectively. My BRA’s look at how the Board will be kept informed of the ML/BC/TF risks and what their responsibilities are, from ensuring policies and staff are sufficient to  how they will review the existing and new business.

Licensees often complain that I am stating the obvious in my BRA’s, that the BRA will not stop a criminal or terrorist and so add little to no value to a business. The BRA is not about stopping criminals but assisting in their identification and prevention of a licensee being an unwitting conduit for them, criminals will always seek to abuse the financial system to their own ends. Unfortunately though licensees will be unknowingly utilised by criminals and they, their clients and insurers may suffer reputation loss and in the worst cases material loss. A licensee can never negate these risks in all cases, though the BRA does allow a business to protect itself, and so adds value.

We live in a contentious and litigious society, it is now not the case that a crime has to have been committed, but has a licensee done enough to reduce the possibility of a crime occurring or to protect against being a conduit in a crime as required by the regulatory framework.  The Commission whether on a regulatory visit or dare I say it, when things have gone wrong and Lawyers and Advocates are involved they will review the BRA intently to assess if a licensee has acted recklessly by not assessing or identifying the risks posed by their business. It goes without saying that a licensee who has considered in-depth the risks posed by the business activities and the preventative measures that they have employed (stating the obvious) is going to be treated more sympathetically than a business who did not evidence their consideration of the risks that they faced.

There have been numerous regulatory cases over the last few years that were not about ML/BC/TF having occurred but that licensee’s did not have suitable and sufficient policies or information at hand for the Board or the MLRO to consider and mitigate the risks posed and inherent in their business.  If you need help in assessing or redrafting your BRA the Commission has guidance on what they deem are the minimum requirements. You can ask Consultants to review your BRA and provide suggestions if required. You can simply ask around your fellow peers to see if they can assist or provide guidance.

It must be remembered that the Board of a licensee must take full responsibility and can’t contract out of their responsibility for having a suitable BRA. The Board and the MLRO must ensure that the BRA is fit for purpose and identifies and mitigates the risks while evidencing the preventative measures, and most importantly meets the regulatory requirements. The Compliance professional is only there to suggest what they believe is suitable in how the Licensee has evidence the consideration of the risks that it faces.

Over the course of 2013 a licensee’s business, the risks posed by clients,  products and services it offers inclusive of the jurisdiction that they are associated with or their clients are associated with will have changed.  Now is the perfect time to take stock of the current status of the licensee, its future intentions and go forward in to 2014 with the risk duly considered and mitigated.

Merry Christmas one and all.

The Dark Art

Sara Barclay Compliance Monitoring , , ,

To the uninitiated the Compliance officer is an alchemist who from his Compliance Monitoring Programme (CMP) allows a licensee to reach a gold standard. It is essential that a licensee understands their status in the regulatory framework and environment at anytime in order to protect client, investor and themselves. What are the elements of this dark art of compliance monitoring? How can such a programme assist a licensee achieve a gold standard without the process becoming resource and cost intensive?

From the recent Guernsey Financial Services Commission (GFSC) industry presentations there was a theme running through that for Boards to achieve high standards of Corporate Governance and regulatory compliance had to be aware of the risks that they faced. The detecting of breaches of regulation needed to be identified at the earliest opportunity and appropriate action taken to remediate. The tool to identify the risks and detect the breaches is the CMP.

The Jersey Financial Services Commission (JFSC)has released this week a “Dear CEO” letter that details the benefits and requirements of an effective CMP.  Though there are many documents and articles on how to create an effective Compliance Monitoring Programme though I believe the guidance as issued by the JFSC  would benefit any licensee in Guernsey.

The Compliance Officer when undertaking the creation or review of their CMP must ensure that all the applicable rules and regulation that the licensee must be compliant with are identified.  The controls of the licensee then need to be matched to these rules and the regulations. It is essential that a licensee can evidence that they can manage the risk of non-compliance by having suitable controls that meet its identified regulatory framework.

The Compliance Officer needs to assess the impact and the probability of non compliance with the regulatory framework.  From this assessment the frequency of testing the licensee’s controls to the identified regulatory framework can be established.   It goes without saying that what is assessed as high impact and has a  high probability must be reviewed more often, allowing the Compliance Officer to effectively place resources to the risk of non-compliance.

It is essential that the Board review the CMP and if satisfied of its suitability formally adopt it.  The Board should periodically assess the suitability of the programme to its applicable regulatory framework to ensure its continued suitability.

In undertaking the monitoring process utilising the CMP the Compliance Officer must not place over reliance on verbal assertions, reports or assurances from other business units.  The Compliance Officer must find the evidence that the controls are satisfactory and that the applicable regulatory framework applicable to the licensee is being met.  The findings of the monitoring must be recorded and the supporting evidence to the findings documented in the CMP.

The results of the CMP findings must be reported to relevant persons at the Licensee and also the Board.   The findings must be presented to the Board and relevant persons in a concise and effective manner confirming the compliance status, areas where enhancements are required and the details of any remedial actions.  This will allow the licensee to assess and consider where areas of non-compliance are identified the seriousness of the non-compliance, remedial action to be undertaken and whether the GFSC should be notified.

The CMP process is cyclical allowing the effective monitoring and risk based monitoring while adapting to the changing regulatory framework. The CMP helps to establish a culture of compliance and assists in providing the gold standard that any client, investor or regulator will want to see.  Not necessarily a dark art but one, when done well will certainly add value to any licensee while providing comfort and assurance to any board allowing them to continually work to a gold standard.