The Art of Training (and not just GFAS)

Award in Education and Trainingtindalldawn-1-e1454075780950I passed!!

For those of you who don’t know, I have passed the exam “Award in Education and Training” and very pleased I am too.  I took the Award because I felt it was a great way of confirming my abilities to provide training on Anti-Money Laundering (amongst other compliance subjects) but it proved to be more valuable than I thought.  As well as giving me an insight into the way people learn, it also taught me a lot about the roles and responsibilities of teachers – a very topical subject.

When I mean topical I do not mean the Education Debate which is currently raging in Guernsey.  As this post is on my business website, I am looking at the subject from the perspective of the Commission’s training requirements.

As I am sure you noticed, the Commission’s Guidance on Training and Competency paper (originally issued on 11th November 2014) was amended again on the 16th May 2016.  The paper observes that, since 1st January 2015, Investment licensees, Insurance Managers and Intermediaries have been required to have a training and competency scheme for each employee.  It is made absolutely clear that these Schemes are not just for their Financial Advisers and Authorised Insurance Representatives but all of their employees.  Interestingly though, having trawled through the Commission’s website, I have not been able to find the same requirements for Banking and Fiduciary licensees although I am sure you would be roundly endorsed if you treated all your employees in the same way.

Each Scheme should be an easy to use means of assessing and monitoring an employee’s ongoing competence in their respective roles and identify individual training needs.   More importantly the licensee, the employee and the Commission should be able to clearly understand its aims and outcomes and, as usual, the Board is responsible for the effectiveness of any Scheme and have sufficient management information for effective monitoring and supervision.

The requirement for supervision of employees brings its own issues of course.  As well as a Scheme for their own role in the business, the person appointed as supervisor must also have a Scheme for this second role which ensures they have all the necessary skills to act as a competent supervisor.   This, of course, means that the individual needs to be technically knowledgeable with the required experience in both the subject and in the art of supervision.   

But how does a licensee work out the criteria and procedures for assessing whether an individual is competent in their respective role?  How do you make an initial assessment of a new employee’s level of competence?  How do you supervise the performance of employees?  More importantly, how do you deal with an employee who does not achieve the level of competence identified as required for the job?  As well as being a big ask, it also begs the question who assesses the assessor?  Also, after putting a great deal of effort into these Schemes, don’t forget to review all the policies and procedures regularly and when roles and people change.  We all know that a role changes depending on who is filling it.

Luckily there is some help at hand (and not just me or your HR team) – the Guernsey Training Agency have produced Training Matrices which can be found on their Services page under Advisory Groups and Qualification Pathways.  It is worth noting that the matrices deal mainly with qualifications and specifically do not cover experience.  Although the matrices (other than Investment) include a need for new entrants to have compliance knowledge, I am a little surprised they do not indicate that employees need an increasing level of knowledge of AML as their career progresses.  The preamble states that the matrix does not include compliance updates and one-off courses in anti-money laundering, but I would have thought a qualification in AML would be recommended for other employees not just those in the Compliance Department?  But then again that may be because of the nature of the qualifications available.

As to AML, the Regulations and Handbooks are clear on the requirements for training and so this will be part of a well-documented Scheme.  However, to finish with a warning, I understand that the Commission’s PRISM visits have shown that one area of concern is the lack of adequate AML training.  I suspect this is not just a reference to the standard annual update or one-off courses in anti-money laundering but also adequate training on your in-house procedures.   If I may, I suggest you check that this training is part of your Schemes and then review its content, its relevance, its effectiveness  ……..

 

Compliance – the Trusted Partner

tindalldawn-1-e1454075780950

As we all know, the Compliance function is now one of the most important tools in a firm’s fight to minimise risk.   It has been a bit of a battle to get Boards to realise that the Compliance Department should be treated as a trusted partner but, if its objectives are successfully integrated into all processes, it can be a partner which helps do business.  This is not least because of the possible reputational damage that can arise if there is non-compliance but also because there are, for example, benefits of having a smooth, efficient and speedy CDD collection service as it can enhance customer relationships.

However, as there are more and more areas a Compliance Department should be looking at, what is the role of Compliance now?

Compliance is defined as “the conformity in fulfilling official requirements” but considering the vast array of official requirements this could be so many things.  When I started my career in law in the late 1980’s, we did not think of compliance as a distinct department but just a general responsibility.  We had to comply with all necessary legislation no matter what law we were advising on and that included compliance in respect of, amongst other things, confidentiality and data protection, insurance, health and safety and employment.  It wasn’t until April 1994 when it started to be a question of whether we needed to see a client’s passport or not and that’s when to me the Compliance Department became a reality.

More than 20 years later, the Compliance Department has evolved from just looking at the AML requirements to looking at the many new threats and concerns which need to be addressed daily.  To mention a few issues, we have the EU General Data Protection Regulations, the OECD Common Reporting Standard for the exchange of tax information, and all the changes that may come along after the 23rd June with a possible BREXIT.

The EU General Data Protection Regulations come into force in 2018 and bring in the new concepts of the right to be forgotten, data portability and data breach notification.  As to the CRS, so far 55 countries have committed for the first exchange of information by 2017 and, of course, this includes the Crown Dependencies; Guernsey’s regulations came into force on the 1st December 2015.  If the UK decides to leave the EU, then Protocol 3 will need to be renegotiated and this may not be on such favourable terms.

But should it be the Compliance Department that is responsible or should other departments be dealing with the issues?  I think that depends on the model in your firm and the resources you have but, whatever they be, clear lines should be drawn to ensure each person and each department knows their responsibilities so nothing falls between the cracks.

To me, the most pressing and important area which must not fall foul of blurry lines of responsibility is the EU General Data Protection Regulations.  Whilst 2018 seems a long time away, due to the extent of its coverage, work must begin now.  Firms need to review their operations, risks and controls to be ready not only to protect themselves from threats but to stand out from the crowd.  The role of Compliance as a trusted partner, in my mind, is to get together as many other Departments as possible to discuss your firm’s response.   That’s, of course, if it hasn’t happened already.

There are opportunities and work has already begun in earnest to put Guernsey in a great position.  As PWC said in its 2015 report – let’s establish the Island as a ‘Trusted Location’ for international data.  Why not?  By having the right components in place it will enable the finance industry and Guernsey to embrace these opportunities.  And if successful, we will all see the benefits.

 

The Politics of Compliance

tindalldawn-1-e1454075780950Sitting here, as proud as punch to be elected as a Deputy and member of Guernsey’s States of Deliberation, the mind starts thinking of the compliance aspects of our success at the polls.

My first thought is AML – of course!  High risk I may be but am I a PEP?  Does the automatic requirement for enhanced due diligence apply to me because I am a Deputy?

For those of you who don’t know PEP stands for politically exposed person. The definition, which is the same in both sets of Regulations that apply in Guernsey, starts by saying that a politically exposed person means “a person who has, or has had at any time, a prominent public function or who has been elected or appointed to such a function in a country or territory other than the Bailiwick …” (My emphasis)

So, having read that, I see that it’s not me then ?  ….. Oh yes it is! Because, as always, it is never as simple as it seems.

As I have been elected to a political position in the Bailiwick, I am considered a “domestic” PEP and the extra due diligence does not automatically apply here.   However, if I want to open a bank account, say, in the UK, I am a “non-domestic” PEP and so caught by their Money Laundering Regulations 2007.  Their Regulation 14(5)(a)(i) states that a PEP “is an individual who is or has, at any time in the preceding year, been entrusted with a prominent public function by ..  a state other than the United Kingdom”.

As we have many banks here that are branches of UK banks or, indeed, branches of other countries’ banks, their approach needs to be considered.  Their policies and procedures may require that the highest standard of AML which applies in the jurisdictions in which they operate is followed or they may not even differentiate between “domestic” and “non-domestic” PEP.   So whilst we are not caught by the legislation which applies to those branches, which is the Guernsey legislation, we are probably caught by the policies imposed on them by “head office”.

As Guernsey intends to update its legislation and the Handbooks to follow the FATF (Financial Action Task Force) Recommendations 2012, that distinction should no longer be as relevant and I will have PEP status both here and abroad … but not yet.

Whether or not we are automatically PEPs does not mean the story ends there.  As I have said, it is highly likely that, if we are not treated as PEPs, the business relationships or occasional transactions we undertake will be assessed as high risk anyway under the firm’s policy and procedures.

However, whilst the definition of PEP in legislation invariably includes the PEP’s immediate family and close associates as it does in Guernsey, what is interesting to note is that the FATF Recommendations do not call these people PEPs.  All that the Recommendations state is that “the requirements for all types of PEP should also apply to family members or close associates of such PEPs.” (My emphasis again).

So whatever you want to call us, come Tuesday, I expect businesses to be queuing up at the doors of new Deputies’ for those extra pieces of information or documentation to comply with the Handbooks.

If you have not checked (or had not even thought to check) your database to see if we (or our family members or close associates) are your clients, then may I politely suggest you contact me.  I can help you review your procedures to make sure you don’t miss anyone’s change of status which results in the need to undertake further enhanced due diligence.