Guernsey’s Beneficial Ownership Register

tindalldawn-1-e1454075780950I have been a bit quiet recently having not blogged this year but today I have decided to use the same blog I have just published on my political website.  It is my speech about the approval yesterday for the introduction of a private, central register of beneficial ownership of legal entities here in Guernsey.

“Sir, I will be supporting the proposition to establish a register containing beneficial ownership information for all forms of legal person.  We need this because it is essential that our law enforcement is provided with the tools to access this information as quickly as possible so that we can comply with international standards, fight crime and support our finance and business services industries.  I stand to give my support but also to give the subject the weight it deserves.  This is such an important move to take in the times we live in.

The proposal is for the Register to be open to those who need it and not publicly accessible.  This is, in my view, a sensible proposal.   Whilst there are calls for such registers to be open to the public, this is not based on a need to follow international standards but because of calls from pressure groups and the media.

From my involvement with industry, it is clear that they want us to follow international standards but not excessively which would put Guernsey at a competitive disadvantage.  I do not think the proposals do so.  In fact, I think they are a positive move supporting our commitment to law enforcement.

The widely accepted international standard on the recording of beneficial ownership is the one developed by the Financial Action Task Force or FATF which was first published in 2003 and further strengthened in 2012.  It does not require a publicly accessible register only that countries should ensure that there is adequate, accurate and timely information on the beneficial ownership and control of legal persons that can be obtained or accessed in a timely fashion by competent authorities.

This international standard has also been incorporated into the Global Forum on Transparency and Exchange of Information for Tax Purposes and is also followed in principle under the 4th Money Laundering Directive coming into force on the 26th June 2017.  I say in principle because, whilst the EU are seeking a central register, it requires a more extensive list of those who can access it than the FATF recommendation although, interestingly, it does not require the register to be public it merely suggests it as an option.

Whilst we are obviously not in the EU, not complying with the Directive may affect our ability to work with EU countries in the future.  This is not addressed in this Policy Letter and I would like reassurance that this aspect will be considered.

It is also important to remember that there are, already, extensive regulations in place which require all local trust and company service providers and other prescribed businesses and individuals to know the identity of the beneficial owners of Guernsey entities.  Those regulations also require the same information to be obtained for owners of entities incorporated in any jurisdiction in the world.

The recent 2015 MoneyVal report was most complimentary about the regulatory regime here but indicated they felt there were insufficient measures in place where no such provider was involved and the proposals in this Policy Letter are intended to improve these measures.

We also have, under Company Law, the role of Resident Agent whose responsibility, amongst other things, is to collect the information about beneficial owners albeit they do not need to establish the underlying natural person unlike under the Anti Money Laundering and Countering the Financing of Terrorism or AML/CFT requirements although both have a percentage ownership value below which identification is not required.   Propositions 7 and 9 will strengthen their role and accordingly I support these Propositions.

With all these ways of collating the information on beneficial ownership, why should we consider a public register?  Some say this is the way forward and point at the UK who have established a register last year.  But they’d be wrong.  The UK MPs calling for us to have such a public register of beneficial ownership probably don’t realise that the new UK legislation has not created such a register.

According to FATF, a beneficial ownership register should identify the natural persons who ultimately have a controlling ownership interest in a legal person but the UK register does not do that.  It does not even create a register of those who have ultimate control.  It merely creates an unverified register of those who have immediate control of a particular entity.  In my view this doesn’t even comply with the international standards so, as I have said before, why should we follow the UK down yet another path going in the wrong direction?

As well as not being required internationally, there are good reasons for keeping the details of beneficial ownership private.  These include a fear of kidnap or commercial sensitivity.  Some investment strategies made public could be impaired if this information was made public.  And who will prevent abuse of the information?

Most importantly, we all are entitled to a basic human right – the respect for private and family life – this is not secrecy but privacy: confidentiality.  As we said in the debate on the P&R Plan, regulation should be appropriate and proportional and this is an occasion when regulation should be no more and no less than what the international standard requires. The papers by the FATF and the OECD to the G20 Finance Ministers late last year made it clear that the focus is not on revising the standard but on implementation of the existing standard.  So I say let the ones who need to have the information, the Bailiwick’s law enforcement, have that information as speedily as possible.

However, that information must be kept securely; an important consideration for all of us in this age of cyber insecurity as highlighted by Deputy Lowe yesterday morning.  I am pleased with the choice of the Guernsey Registry as it will not only have the appropriate mechanisms in place to ensure the information is kept securely but, unlike the Guernsey Financial Services Commission, it will not be subject to a potential conflict of interest.

We do also need to ensure there are suitable legal gateways for the sharing of that information with domestic and foreign authorities for specified purposes.  Part II of the Disclosure Law which was brought into force on the 17th December 2007 and updated in 2014 sets out these various purposes and include criminal investigations and proceedings in the Bailiwick and elsewhere. Again I support this approach.

We then have Proposition 5 – to agree that P&R and Economic Development can appoint the Registrar.  As there is no mention in the Propositions that the appointment will be the Registrar of Companies as indicated in the Policy Letter, please can I have the reassurance that the Committees will not change their mind and, say, appoint the Commission instead?

The remaining Propositions are sensible recommendations especially in respect of the Resident Agents and bearer instruments.  The introduction of a statutory definition of beneficial owner will also be useful as is the alignment, after suitable consultation, with the anti-money laundering regime.   Similarly, the introduction of the right of directors to ask the Resident Agent to provide the beneficial ownership information on request but this could be enhanced if the Agent also has to provide the verification of such information.  I also note there is no provision to deal with the record keeping requirements when Resident Agents change – should the previous Agent keep the records to show they had fulfilled their role or should the documents belong to the company but accessible to the Agent?

Then there is the continuation of the ability for a statement being made that no beneficial owner has been identified.  This is necessary due to the complicated nature of ownership but I would ask for consideration that an explanation of why the owner cannot be identified to also be provided.

I am also concerned about the funding of the Registry.  Why does it have to come from the Bond?  We heard earlier that the implementation of the waste strategy would be better funded by the Bond as otherwise it would be paid for by the taxpayer and it would be more expensive if a commercial loan obtained but the Registry is a success story with more than £9 million transferred to General Revenue in 2015 so why can’t the costs be paid from their profits rather than the Bond with the inherent costs associated with such a loan?  In fact, why can’t the £214,000 loan outstanding at the end of 2015 be repaid too?  Whilst the Policy Letter seems to justify this I am not satisfied that this is commercially sound and an explanation would be appreciated.

However, I have also raised several times through the consultations, my concern as to why we are not being innovative in this field.  Why we are not being ahead of the curve for what is already a FATF standard and will also be a requirement in the future?  That is the register of trusts and other legal arrangements.

Pascal Saint-Amans, head of tax at the Organisation for Economic Cooperation and Development or the OECD, has said existing efforts to improve the sharing of information between countries – championed by David Cameron – needs to go further.  In particular, he said countries should look again at new registers of company ownership as these registers should also show similar information for trusts.

The FATF Recommendations state that the information available for legal entities should also be available in a similar way for legal arrangements – including trusts – with a view to achieving appropriate levels of transparency.

The 4th Money Laundering Directive states that “In order to ensure a level playing field among the different types of legal forms, trustees should also be required to obtain, hold and provide beneficial ownership information”.

Although David Cameron championed the public beneficial ownership register for legal entities, he acknowledged the important differences between companies and trusts indicating his reservations on such a register.  I am sure there are some in industry who may be fearful of my suggestion however, we need to be realistic and acknowledge that FATF, MoneyVal, and the OECD will get their way so let’s be proactive and design a register that is fit for our purposes and not wait to be told what we should do.  Be told by those who understand our finance and business services industries least.

I also note that two days ago New Zealand approved the recommendations of a report to introduce a private register of foreign trusts – trusts without a New Zealand resident settlor.  However, they are implementing it by using a manual spreadsheet database – we of course could be more sophisticated than that.

I should add that we do most of the work already under the AML/CFT regime so it would not be a stretch to start giving due consideration now to the question of whether to provide beneficial information on trusts to a private central register.  I believe that there are opportunities for our businesses if we lead the way so let’s grasp them.

So, Sir, despite recording my concern that that the Registrar is not stated in the Policy Letter to be the Registrar of Guernsey Companies and my disappointment that we are not being more progressive, I ask members to support these propositions. By doing so, we can fulfil the promises we have made to follow international standards and show our finance and business services industries that we support them by introducing regulation that is proportionate and appropriate.”

For those of you who wish to find out more of my political views then please visit http://www.dawntindall.gg

NRA – World Bank or IMF?

fatf-nraNational Risk Assessments have again been the topic of the week for me in the AML/CFT world with presentations and discussions galore.

One of the highlights was listening to Richard Walker at the GACO presentation discussing Guernsey’s NRA in more detail. Richard, who is the Director of Financial Crime and Regulatory Policy for the Policy & Resources Committee and an excellent speaker, was able to provide a very interesting update.  As some of you were not able to attend, I thought I would summarise the bits I found most illuminating.

Unlike the IMF and MoneyVal visits, the NRA is considered to be a different type of evaluation of a country’s AML/CFT risks and controls and it is up to the country to decide how best to complete the task.  Guernsey has chosen to ask the IMF to support the process unlike other jurisdictions who may have chosen to go it alone or use the World Bank.  Richard then proceeded to explain why it had been agreed that either the World Bank or the IMF’s involvement was necessary and then why the decision had been made to chose the IMF.

Whilst there is enough experience in the jurisdiction to decide upon the risks, it was felt that there would be disagreement on the methodology which should be used.  It was also felt that, as we will be under a great deal of external scrutiny to show the NRA was not open to bias, an independent evaluator would do the trick.  So, rather than spend too much time on the question of who does what, it was agreed that either the IMF or the World Bank would be asked to help.

The IMF was chosen despite the extra initial expense because it was felt the World Bank’s methodology was not suited to a jurisdiction like Guernsey but more suited to the bigger countries where corruption was the main concern. Whilst the World Bank model could and was adapting to be relevant to the type of business we have on Guernsey, the IMF’s methodology was already able to deal with trust and company services, cross border issues and e-gaming to name a few.

Richard went on to say that the World Bank’s methodology did not separate the three elements of risk – threat, vulnerability and consequence – so not clearly dealing with the impact.  The IMF methodology is considered much simpler and more structured and we are advised that it already has resulted in the need to spend less time on the work in Guernsey reducing its cost.

Having amassed a great deal of information from many sources such as annual returns, MLAs and STRs, the process moves from the on-island agencies to the completion of a survey by 65 firms.   Those being asked to participate are from a broad cross-section of business and international NPOs whose activity is funded in the Bailiwick.  The surveys are completed on an online platform used by the IMF and anonymous.  The pattern of the responses has been analysed and already the results have proved interesting.  Richard gave the example that the survey is saying that businesses think there is a threat from the UK, US and Russia yet up until now information had only indicated a high level of business from Russia but not an equivalent level of threat.  It is felt that, using the IMF, is showing that an independent evaluation methodology is proving its worth.

The survey is not an easy task – apparently some have said it is impossible to complete.  However, using  Francis Galton’s 1906 proposition of collective wisdom, Richard believed that, overall, the survey will be a useful measure of Guernsey’s AML/CFT risk.

So after the survey and the analysis will be further discussions and IMF workshops with authorities.  It is hoped that there will be two separate NRAs, one looking at the risks of money laundering and one at terrorist financing, and they will be issued in the autumn of 2017.   The reports will also include an annual statistical digest and will need to be reviewed every few years.

To be of value, it is essential that those risks identified in the NRAs filter down into the business and relationship risk assessments completed by firms.  Together with the new combined Handbook due out for consultation later in the year, it will result in a large body of work for you and your compliance teams.  That work can start now as the basis for the changes are already in the public domain.  As I have said, understanding the FATF Recommendations, reading the EU 4MLD and knowing your own business and customers thoroughly will be half, if not most, of the battle.

The Regulator’s Regulator?

tindalldawn-1-e1454075780950Next week, the States of Guernsey will be asked to note the annual report and accounts of the Guernsey Financial Services Commission for the year ended 31st December, 2015.  Under Rule 3(24) of the Rules of Procedure this means I will not be asked to agree or disagree with the contents of the Report as “to note” is construed as a neutral motion neither approving or disapproving.  So, having read the Report and wanting to make a few comments on its contents, I thought I’d put some thoughts down in my blog as the role of Regulator is such an important function for our industry.

What struck me initially was not their stated objectives; it was what was not  – the Commission does not seek to run a zero-failure regime. To quote the Director General, William Mason,

“Were we to set ourselves up to run a zero failure regime we would unduly constrain innovation, limit growth and seek to act in a risk averse fashion which would ultimately ensure little other than the impoverishment of the people of the Bailiwick as the financial services sector became a shadow of its former self.”

From an AML perspective, this means that, with the Commission using PRISM’s risk based approach to supervision, there will still be attempts by criminals to misuse the financial system.  Naturally, therefore, it is for businesses to follow the requirements of the legislation and the Handbooks to ensure those attempts fail.

It is good to hear that innovation is very much being encouraged by the GFSC and their open-door policy is often complimented especially when talking FinTech.  However, there is still the grumble in the AML world that there is insufficient consistency in the application of CDD requirements.  So, whilst there is a focus on providing data management to collate a customer’s identification information for KYC and CRS purposes, there is still a lack of clarity of how to get the documents which verify the customer’s identity such that they satisfy not only the different country regimes but the requirements of different institutions within each country.

Some companies seek to comply with the standard which satisfies the most respected country regimes which is a good starting point.  However, I found that, when submitting the documents, the approaches of institutions varied so much that the easiest way was to deal with each institution and get agreement on what they will accept.  Quite often they asked for more than their own country’s requirements resulting in me firmly pointing out that they were not complying with their own country’s legislation, that their policies were not based on that legislation and that they should vary their requirements to accept a consistent standard in line with FATF requirements.  I am pleased to say that this proved successful on all but one occasion and that failure was with a London branch of a Swiss bank with whom I had already had success.  The branch was not for seeing the light!

You might well say – and I would agree with you – that this was a time consuming method of getting a customer’s verification documents accepted.  However, the main theme with the client facing teams I dealt with was they wanted to ask their customers to provide only one set of documents and not to have to keep going back to the client for more information just because each different institution wanted something else.  So whilst you can collate in accordance with the main countries’ requirements, there will always be differences in interpretation until we have common standards for AML.

To compliment my approach, I always thought it best to advise our clients on the expense of certain relationships before willingly embarking on a painful account opening process.  Instead, client relationship managers should recommend going with those institutions which take a pragmatic approach with whom the firm has had a good relationship and saving their client’s money (and your time!).  I also believe a comprehensive checklist covering all the information and verification required which is fully complied with, checked for accuracy and, most importantly, not signed-off until it is complete in all respects should do the trick.

Some also say that the GFSC does not adhere to such common standards quoting other countries’ different rules as being more lenient.  My response is always that, in my experience, other countries apply the FATF common standards (almost) but do not enforce those standards to the same extent the GFSC does.  So results this misunderstanding. People believe the GFSC requires higher standards than others, higher than required by FATF but actually I believe it just has the right standards (well almost) but the difference is that they are fully enforced.  As such enforcement means we received a superb MoneyVal evaluation which brings in business, the argument that we should be more lax with those requirements is, in my mind, counter-productive.

The review of the Handbooks should iron out some of those annoying differences and should bring clarity to ambiguities that exist but leniency in respect of the requirements I do not agree with as, after all, getting it right is not that difficult if you are conversant with all the legislation and guidance and take advice as appropriate.

 

Link to the annual report and accounts of the Guernsey Financial Services Commission for the year ended 31st December, 2015 is   https://www.gov.gg/CHttpHandler.ashx?id=102816&p=0

Compliance – the Trusted Partner

tindalldawn-1-e1454075780950

As we all know, the Compliance function is now one of the most important tools in a firm’s fight to minimise risk.   It has been a bit of a battle to get Boards to realise that the Compliance Department should be treated as a trusted partner but, if its objectives are successfully integrated into all processes, it can be a partner which helps do business.  This is not least because of the possible reputational damage that can arise if there is non-compliance but also because there are, for example, benefits of having a smooth, efficient and speedy CDD collection service as it can enhance customer relationships.

However, as there are more and more areas a Compliance Department should be looking at, what is the role of Compliance now?

Compliance is defined as “the conformity in fulfilling official requirements” but considering the vast array of official requirements this could be so many things.  When I started my career in law in the late 1980’s, we did not think of compliance as a distinct department but just a general responsibility.  We had to comply with all necessary legislation no matter what law we were advising on and that included compliance in respect of, amongst other things, confidentiality and data protection, insurance, health and safety and employment.  It wasn’t until April 1994 when it started to be a question of whether we needed to see a client’s passport or not and that’s when to me the Compliance Department became a reality.

More than 20 years later, the Compliance Department has evolved from just looking at the AML requirements to looking at the many new threats and concerns which need to be addressed daily.  To mention a few issues, we have the EU General Data Protection Regulations, the OECD Common Reporting Standard for the exchange of tax information, and all the changes that may come along after the 23rd June with a possible BREXIT.

The EU General Data Protection Regulations come into force in 2018 and bring in the new concepts of the right to be forgotten, data portability and data breach notification.  As to the CRS, so far 55 countries have committed for the first exchange of information by 2017 and, of course, this includes the Crown Dependencies; Guernsey’s regulations came into force on the 1st December 2015.  If the UK decides to leave the EU, then Protocol 3 will need to be renegotiated and this may not be on such favourable terms.

But should it be the Compliance Department that is responsible or should other departments be dealing with the issues?  I think that depends on the model in your firm and the resources you have but, whatever they be, clear lines should be drawn to ensure each person and each department knows their responsibilities so nothing falls between the cracks.

To me, the most pressing and important area which must not fall foul of blurry lines of responsibility is the EU General Data Protection Regulations.  Whilst 2018 seems a long time away, due to the extent of its coverage, work must begin now.  Firms need to review their operations, risks and controls to be ready not only to protect themselves from threats but to stand out from the crowd.  The role of Compliance as a trusted partner, in my mind, is to get together as many other Departments as possible to discuss your firm’s response.   That’s, of course, if it hasn’t happened already.

There are opportunities and work has already begun in earnest to put Guernsey in a great position.  As PWC said in its 2015 report – let’s establish the Island as a ‘Trusted Location’ for international data.  Why not?  By having the right components in place it will enable the finance industry and Guernsey to embrace these opportunities.  And if successful, we will all see the benefits.

 

The Politics of Compliance

tindalldawn-1-e1454075780950Sitting here, as proud as punch to be elected as a Deputy and member of Guernsey’s States of Deliberation, the mind starts thinking of the compliance aspects of our success at the polls.

My first thought is AML – of course!  High risk I may be but am I a PEP?  Does the automatic requirement for enhanced due diligence apply to me because I am a Deputy?

For those of you who don’t know PEP stands for politically exposed person. The definition, which is the same in both sets of Regulations that apply in Guernsey, starts by saying that a politically exposed person means “a person who has, or has had at any time, a prominent public function or who has been elected or appointed to such a function in a country or territory other than the Bailiwick …” (My emphasis)

So, having read that, I see that it’s not me then ?  ….. Oh yes it is! Because, as always, it is never as simple as it seems.

As I have been elected to a political position in the Bailiwick, I am considered a “domestic” PEP and the extra due diligence does not automatically apply here.   However, if I want to open a bank account, say, in the UK, I am a “non-domestic” PEP and so caught by their Money Laundering Regulations 2007.  Their Regulation 14(5)(a)(i) states that a PEP “is an individual who is or has, at any time in the preceding year, been entrusted with a prominent public function by ..  a state other than the United Kingdom”.

As we have many banks here that are branches of UK banks or, indeed, branches of other countries’ banks, their approach needs to be considered.  Their policies and procedures may require that the highest standard of AML which applies in the jurisdictions in which they operate is followed or they may not even differentiate between “domestic” and “non-domestic” PEP.   So whilst we are not caught by the legislation which applies to those branches, which is the Guernsey legislation, we are probably caught by the policies imposed on them by “head office”.

As Guernsey intends to update its legislation and the Handbooks to follow the FATF (Financial Action Task Force) Recommendations 2012, that distinction should no longer be as relevant and I will have PEP status both here and abroad … but not yet.

Whether or not we are automatically PEPs does not mean the story ends there.  As I have said, it is highly likely that, if we are not treated as PEPs, the business relationships or occasional transactions we undertake will be assessed as high risk anyway under the firm’s policy and procedures.

However, whilst the definition of PEP in legislation invariably includes the PEP’s immediate family and close associates as it does in Guernsey, what is interesting to note is that the FATF Recommendations do not call these people PEPs.  All that the Recommendations state is that “the requirements for all types of PEP should also apply to family members or close associates of such PEPs.” (My emphasis again).

So whatever you want to call us, come Tuesday, I expect businesses to be queuing up at the doors of new Deputies’ for those extra pieces of information or documentation to comply with the Handbooks.

If you have not checked (or had not even thought to check) your database to see if we (or our family members or close associates) are your clients, then may I politely suggest you contact me.  I can help you review your procedures to make sure you don’t miss anyone’s change of status which results in the need to undertake further enhanced due diligence.

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 3

In Part 1, I noted the three reoccurring themes why the GFSC took enforcement action against these three firms.  In Part 2, I discussed the first theme namely risk assessments.  In this Part, I will consider the question of ongoing and effective monitoring and enhanced due diligence for high risk relationships.

I will start with enhanced due diligence the meaning of which is set out in Regulation 5. The Regulation contains a list setting out what steps you should take but is it really that simple in practice?

For example, the first two actions require senior management approval for establishing a business relationship or occasional transaction or continuing a PEP relationship.  This seems straightforward, however, most businesses involve senior management in approving new relationships so what should they do to demonstrate a different method? It is important that whatever is chosen, perhaps involving more than one member of senior management or a director, provides for a greater scrutiny of the relationship.

If it is important, when taking the extra EDD steps, to have different treatment between high and medium risks then, when it comes to source of wealth (SOW) and source of funds (SOF), why has this recently been blurred?  I am, of course, referring again to the recent MoneyVal report and also the GFSC endorsement of the good practice in establishing SOW and SOF for both such risk rated relationships.  Perhaps, if a difference is needed, it will be in how the SOW and SOF is evidenced?

The last requirement in Regulation 5 is, I believe, the least understood.  As part of CDD, it is only prudent to obtain all necessary identification data, to verify that data and to understand the nature and purpose of the business relationship.  So what more can be done?  Often this is not obvious but, to comply with the Regulation, it is essential to document what action is appropriate to that business relationship and, most importantly, take that action.

Ongoing and effective monitoring was the third theme and, if EDD applies, it must be undertaken more frequently and extensively.  Monitoring includes the review of CDD, transactions or activity.  However, no matter how often or to what extent this is undertaken, the relevance of the CDD or whether a transaction is complex or unusual must be understood.  The only way to do that is to have given the business relationship the correct risk rating in the first place and kept the risk profile and assessment up to date.

In my view, the cautionary tale of the enforcement action is that it highlights the interdependence of all the policies, procedures and controls required by the Handbooks.  It is so important that all are appropriate and they are implemented as how else can they be effective and the Board fulfil its duty?

 

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 2

In Part 1, I noted there seemed to be three reoccurring themes why the GFSC took enforcement action against these three firms namely:

  • risk assessments
  • ongoing and effective monitoring
  • enhanced due diligence for high risk relationships.

 

In this Part, I am looking at risk assessments.Pyramid

Assessments come in various forms but there are three main ones for AML/CFT purposes: the National Risk Assessment (NRA), the Business Risk Assessment (BRA) and the Relationship Risk Assessment.  I believe each one builds upon the other.

In the first of FATF’s 2012 Recommendations, it states that “countries should identify, assess and understand the money laundering and terrorist financing risks for the country”.  Whilst the UK issued their NRA in October 2015, Guernsey proposes to issue their NRA this year, having received the IMF’s model and had industry input.

The idea of the NRA is that it informs the next level namely the BRA or business risk assessment.  Guernsey’s Regulations require businesses to “carry out and document a suitable and sufficient money laundering and terrorist financing business risk assessment which is specific to the … business”.  The GFSC issued a detailed answer to FAQs on its website in September 2014 advising that the BRA “should identify the potential financial crime risks to which the business could be exposed”.  They also reiterated that it is best practice to review the BRA whenever changes to the business or financial crime risks occur and at least on an annual basis.  Due to the multitude of changes in these areas, the BRA is, therefore, a living document needing almost constant review.

The third level of assessment is the relationship risk assessment which is also made up of three stages – the risk profile, the risk assessment and the risk rating.  The risk profile should set out the information regarding the specific relationship with the customer noting all financial crime risk indicators which include those that are compulsory, inherent, high or, if none, low.  The risk assessment is the method by which a business assesses the profile, considering all the risks identified including the accumulation of those risks.  If the high risk indicators are not compulsory ones, the business can decide not to assess the overall risk as high because of strong and compelling mitigating factors identified and documented.

The third step is to give the relationship a risk rating and apply the appropriate level of CDD.

MoneyVal (sorry to mention them again!) reiterated the problem highlighted by the IMF that, because non-resident customers, private banking and trusts and companies holding personal assets are not compulsory high risks in Guernsey, insufficient CDD in some instances is applied.  Whilst the GFSC noted the evaluation recommendation for these new compulsory high risks, they pointed out that many businesses already include them as best practice.

Do you?  Are your risk ratings correct?  Without effective CDD and EDD will you fall into the trap of Willow, Confiànce and Provident?

In Part 3, I will consider the question of ongoing and effective monitoring and enhanced due diligence for high risk relationships.

MoneyVal – The Road Ahead

tindalldawn-1-e1454075780950

GUERNSEY’S MONEYVAL REPORT … AGAIN

 

 

After a very informative seminar last week, I thought I would set out the timetable identified by the FIU, the GFSC and the Policy Council of the work they need to do to implement some of the recommendations of the MoneyVal Evaluation.  It also gives an idea when we can expect our workloads to be affected.

  • Spring 2016 – Publication of the FIS Annual Report for 2015 (and possibly from previous years as it was last published in 2009)
  • May 2016 – Consultation on amendments to the Wire Transfer legislation
  • September 2016 – Policy Letter to the Guernsey States of Deliberation to obtain approval for the changes to the primary AML/CFT legislation
  • Autumn 2016 – Upon receipt of the IMF model for a National Risk Assessment, Guernsey’s version will be compiled with help from industry in order to comply with the FATF 2012 Recommendations.  Recommendation 1 requires Guernsey to identify, assess and understand the money laundering and terrorist financing risks it faces, such an assessment informing a firm’s business risk assessment.
  • End of 2016 – Consultation with industry on the changes to the Handbooks for Financial Services Businesses and Prescribed Businesses
  • End of 2016 – Completion of the review of Guernsey Terrorist Financing legislation
  • 2016 or 2017 – Approval of the amendments to the Sanctions legislation to close the gap between UN designations and the EU designations
  • January or Easter 2017 – Approval of Sark Chief Pleas of amendments to primary legislation
  • September 2017 – Progress Report to MoneyVal

Richard Walker, the Director of Financial Crime and Regulatory Policy of the Policy Council, continued the list with the following work streams:

  • consideration of the inclusion of manumitted organisations on the Register of Non Profit Organisations but taking into account the treatment of trusts with long stop charitable beneficiaries
  • discussions with GAT to follow up on the recommendation of both the IMF and MoneyVal to include the requirement for non-professional trustees to maintain information on beneficial ownership
  • review of corruption and confiscation legislation.

A long list – good luck!

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 1

When reading the summaries issued by the GFSC on the enforcement action taken against these three firms, there are three reoccurring themes that jump out at you.   These are failures in respect of:

  • risk assessments
  • ongoing and effective monitoring
  • enhanced due diligence for high risk relationships.

These failures were compounded for Confiance and Provident as the issues had been raised by the GFSC at a previous visit and had not been effectively rectified.

It is very important to ensure the remediation identified by the GFSC has been implemented and I am sure much effort has been put into doing so but is it appropriate and effective?  Sometimes you can read and re-read the GFSC’s letters from the last visit and hope you’ve understood what they mean.  Although you have considered the remedial action identified, you’ve reviewed your procedures and you think it has all been covered, how can you be sure the changes will be effective?

It’s never too late, either, to ensure those Instructions have been followed. Like all compliant firms, you will have reviewed your files when the Instructions where issued in 2009 and 2010.  However, having taken on many business relationships since then, why not take this opportunity to review your files to ensure you could confirm once again that you have continued to apply the requirements in those Instructions?

You know where I am if you need help.

In Part 2, I will look at the three themes in more detail.

MoneyVal – Something For Everyone

tindalldawn-1-e1454075780950

GUERNSEY’S MONEYVAL REPORT IS OUT!

MoneyVal have finally issued the 4th Round Evaluation of Guernsey and, whilst everyone pats themselves on the back (and why not – Guernsey has done very well) there is still some aspects of concern for all licensees, the regulator and the FIU.
The headlines below could be the future…..

If you’re bad, you’ll pay more … if your suspicious and don’t report, you will be punished … no more simplified or reduced CDD for many low risk relationships … EDD compulsory for many more FSB relationships … lawyers and accountants no longer Appendix C businesses … independent audit functions needed to test compliance ….

But then the good news for FSBs …..

  • Will trusts need to have a Guernsey registered agent or TCSP trustee?
  • Will TCSPs be needed for all Guernsey companies?
  • The AGCC should provide additional guidance particularly CDD measures.
  • The FIU should provide more information in public reports.

This is just my view of the Summary and, as we know, the devil is in the detail. But I am sure we have the time to read the 322 page report whilst we wait with interest to see what the GFSC will do – looking forward to the 11th February and their Industry Presentation on the Moneyval Report Feedback.