Compliance – the Trusted Partner

tindalldawn-1-e1454075780950

As we all know, the Compliance function is now one of the most important tools in a firm’s fight to minimise risk.   It has been a bit of a battle to get Boards to realise that the Compliance Department should be treated as a trusted partner but, if its objectives are successfully integrated into all processes, it can be a partner which helps do business.  This is not least because of the possible reputational damage that can arise if there is non-compliance but also because there are, for example, benefits of having a smooth, efficient and speedy CDD collection service as it can enhance customer relationships.

However, as there are more and more areas a Compliance Department should be looking at, what is the role of Compliance now?

Compliance is defined as “the conformity in fulfilling official requirements” but considering the vast array of official requirements this could be so many things.  When I started my career in law in the late 1980’s, we did not think of compliance as a distinct department but just a general responsibility.  We had to comply with all necessary legislation no matter what law we were advising on and that included compliance in respect of, amongst other things, confidentiality and data protection, insurance, health and safety and employment.  It wasn’t until April 1994 when it started to be a question of whether we needed to see a client’s passport or not and that’s when to me the Compliance Department became a reality.

More than 20 years later, the Compliance Department has evolved from just looking at the AML requirements to looking at the many new threats and concerns which need to be addressed daily.  To mention a few issues, we have the EU General Data Protection Regulations, the OECD Common Reporting Standard for the exchange of tax information, and all the changes that may come along after the 23rd June with a possible BREXIT.

The EU General Data Protection Regulations come into force in 2018 and bring in the new concepts of the right to be forgotten, data portability and data breach notification.  As to the CRS, so far 55 countries have committed for the first exchange of information by 2017 and, of course, this includes the Crown Dependencies; Guernsey’s regulations came into force on the 1st December 2015.  If the UK decides to leave the EU, then Protocol 3 will need to be renegotiated and this may not be on such favourable terms.

But should it be the Compliance Department that is responsible or should other departments be dealing with the issues?  I think that depends on the model in your firm and the resources you have but, whatever they be, clear lines should be drawn to ensure each person and each department knows their responsibilities so nothing falls between the cracks.

To me, the most pressing and important area which must not fall foul of blurry lines of responsibility is the EU General Data Protection Regulations.  Whilst 2018 seems a long time away, due to the extent of its coverage, work must begin now.  Firms need to review their operations, risks and controls to be ready not only to protect themselves from threats but to stand out from the crowd.  The role of Compliance as a trusted partner, in my mind, is to get together as many other Departments as possible to discuss your firm’s response.   That’s, of course, if it hasn’t happened already.

There are opportunities and work has already begun in earnest to put Guernsey in a great position.  As PWC said in its 2015 report – let’s establish the Island as a ‘Trusted Location’ for international data.  Why not?  By having the right components in place it will enable the finance industry and Guernsey to embrace these opportunities.  And if successful, we will all see the benefits.

 

The Politics of Compliance

tindalldawn-1-e1454075780950Sitting here, as proud as punch to be elected as a Deputy and member of Guernsey’s States of Deliberation, the mind starts thinking of the compliance aspects of our success at the polls.

My first thought is AML – of course!  High risk I may be but am I a PEP?  Does the automatic requirement for enhanced due diligence apply to me because I am a Deputy?

For those of you who don’t know PEP stands for politically exposed person. The definition, which is the same in both sets of Regulations that apply in Guernsey, starts by saying that a politically exposed person means “a person who has, or has had at any time, a prominent public function or who has been elected or appointed to such a function in a country or territory other than the Bailiwick …” (My emphasis)

So, having read that, I see that it’s not me then ?  ….. Oh yes it is! Because, as always, it is never as simple as it seems.

As I have been elected to a political position in the Bailiwick, I am considered a “domestic” PEP and the extra due diligence does not automatically apply here.   However, if I want to open a bank account, say, in the UK, I am a “non-domestic” PEP and so caught by their Money Laundering Regulations 2007.  Their Regulation 14(5)(a)(i) states that a PEP “is an individual who is or has, at any time in the preceding year, been entrusted with a prominent public function by ..  a state other than the United Kingdom”.

As we have many banks here that are branches of UK banks or, indeed, branches of other countries’ banks, their approach needs to be considered.  Their policies and procedures may require that the highest standard of AML which applies in the jurisdictions in which they operate is followed or they may not even differentiate between “domestic” and “non-domestic” PEP.   So whilst we are not caught by the legislation which applies to those branches, which is the Guernsey legislation, we are probably caught by the policies imposed on them by “head office”.

As Guernsey intends to update its legislation and the Handbooks to follow the FATF (Financial Action Task Force) Recommendations 2012, that distinction should no longer be as relevant and I will have PEP status both here and abroad … but not yet.

Whether or not we are automatically PEPs does not mean the story ends there.  As I have said, it is highly likely that, if we are not treated as PEPs, the business relationships or occasional transactions we undertake will be assessed as high risk anyway under the firm’s policy and procedures.

However, whilst the definition of PEP in legislation invariably includes the PEP’s immediate family and close associates as it does in Guernsey, what is interesting to note is that the FATF Recommendations do not call these people PEPs.  All that the Recommendations state is that “the requirements for all types of PEP should also apply to family members or close associates of such PEPs.” (My emphasis again).

So whatever you want to call us, come Tuesday, I expect businesses to be queuing up at the doors of new Deputies’ for those extra pieces of information or documentation to comply with the Handbooks.

If you have not checked (or had not even thought to check) your database to see if we (or our family members or close associates) are your clients, then may I politely suggest you contact me.  I can help you review your procedures to make sure you don’t miss anyone’s change of status which results in the need to undertake further enhanced due diligence.

The Finance Industry – Confidence in Money?

tindalldawn-1-e1454075780950

As you know, I have been out canvassing and talking to people about the future of Guernsey. During these chats I have been hit by one particular message – a lack of confidence.  This is not just in the finance sector but in most aspects of life.  Whilst this is disappointing, it is not that surprising and something clearly needs to be done.

An upturn in the world economy will, of course, increase confidence as perhaps will a new set of Deputies but what can be done about confidence in the finance industry?

James Madison, Jr., the fourth President of the United States and political theorist, once said “the circulation of confidence is better than the circulation of money” – however in our industry we need both.

Diversification is at the top of most people’s agenda – we’ve seen the introduction of an aircraft registry and image rights legislation.  Also, the Digital Greenhouse, in my view, is a beacon of light for innovation having hosted some fascinating discussions on how we can promote Guernsey.

William Mason, Director General of the Guernsey Financial Services Commission, in his speech to the Industry in November 2015, having analysed other financial centres, concluded “that we match the most competitive countries in a large number of areas and that we still possess many key success factors.”  I agree.

Having worked in the Fiduciary sector, I was also pleased to see KPMG’s Strategic Review of the Guernsey fiduciary industry which confirms that “[t]he fiduciary industry is a material contributor to the local economy and island.” However, as my interest is in the AML/CFT perspective, the report discusses the need to investigate centralising and streamlining the CDD and KYC processes for on-boarding of clients across Guernsey.  KPMG concluded that “any opportunity to make this easier from a client perspective would be welcomed.”  I think this is really important although, in my view, if we can get clients and certifiers to follow the certification instructions first time it would be a massive bonus.

The Report goes on to say “[m]eeting these challenges will require clear direction and monitoring”.  Direction can come from a variety of sources: the Board, the management, the customers and the politicians and our regulator.

If elected, I hope to be one of those politicians providing clear direction and monitoring to increase the circulation of both confidence and money.

It’s Election Time in Guernsey

tindalldawn-1-e1454075780950

IT’S ELECTION TIME!

For those of you who haven’t noticed, I have registered to stand for election as People’s Deputy in St Peter Port South.

As not all of you are interested in politics or, indeed, registered to vote, I won’t bore you with my policies – for those who are interested my website is http://www.dawntindall.gg.

Suffice is to say, it has been my ambition to be a politician since I was 6 when my Mother got me leafleting for a candidate standing for the then Liberal Party in the UK.  Having studied politics then law and, more importantly, moved to Guernsey, I am now in a position to fulfill that ambition.  I am very much looking forward to canvassing, meeting new people and listening to their views and, perhaps if I am truly lucky, even be elected!

One message I would like to impart though, no matter where you live, if you are on the electoral role please exercise your right to vote as there are many who do not have that honour.

I wish all the candidates the very best of luck.  Let canvassing commence!

Dawn

 

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 3

In Part 1, I noted the three reoccurring themes why the GFSC took enforcement action against these three firms.  In Part 2, I discussed the first theme namely risk assessments.  In this Part, I will consider the question of ongoing and effective monitoring and enhanced due diligence for high risk relationships.

I will start with enhanced due diligence the meaning of which is set out in Regulation 5. The Regulation contains a list setting out what steps you should take but is it really that simple in practice?

For example, the first two actions require senior management approval for establishing a business relationship or occasional transaction or continuing a PEP relationship.  This seems straightforward, however, most businesses involve senior management in approving new relationships so what should they do to demonstrate a different method? It is important that whatever is chosen, perhaps involving more than one member of senior management or a director, provides for a greater scrutiny of the relationship.

If it is important, when taking the extra EDD steps, to have different treatment between high and medium risks then, when it comes to source of wealth (SOW) and source of funds (SOF), why has this recently been blurred?  I am, of course, referring again to the recent MoneyVal report and also the GFSC endorsement of the good practice in establishing SOW and SOF for both such risk rated relationships.  Perhaps, if a difference is needed, it will be in how the SOW and SOF is evidenced?

The last requirement in Regulation 5 is, I believe, the least understood.  As part of CDD, it is only prudent to obtain all necessary identification data, to verify that data and to understand the nature and purpose of the business relationship.  So what more can be done?  Often this is not obvious but, to comply with the Regulation, it is essential to document what action is appropriate to that business relationship and, most importantly, take that action.

Ongoing and effective monitoring was the third theme and, if EDD applies, it must be undertaken more frequently and extensively.  Monitoring includes the review of CDD, transactions or activity.  However, no matter how often or to what extent this is undertaken, the relevance of the CDD or whether a transaction is complex or unusual must be understood.  The only way to do that is to have given the business relationship the correct risk rating in the first place and kept the risk profile and assessment up to date.

In my view, the cautionary tale of the enforcement action is that it highlights the interdependence of all the policies, procedures and controls required by the Handbooks.  It is so important that all are appropriate and they are implemented as how else can they be effective and the Board fulfil its duty?

 

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 2

In Part 1, I noted there seemed to be three reoccurring themes why the GFSC took enforcement action against these three firms namely:

  • risk assessments
  • ongoing and effective monitoring
  • enhanced due diligence for high risk relationships.

 

In this Part, I am looking at risk assessments.Pyramid

Assessments come in various forms but there are three main ones for AML/CFT purposes: the National Risk Assessment (NRA), the Business Risk Assessment (BRA) and the Relationship Risk Assessment.  I believe each one builds upon the other.

In the first of FATF’s 2012 Recommendations, it states that “countries should identify, assess and understand the money laundering and terrorist financing risks for the country”.  Whilst the UK issued their NRA in October 2015, Guernsey proposes to issue their NRA this year, having received the IMF’s model and had industry input.

The idea of the NRA is that it informs the next level namely the BRA or business risk assessment.  Guernsey’s Regulations require businesses to “carry out and document a suitable and sufficient money laundering and terrorist financing business risk assessment which is specific to the … business”.  The GFSC issued a detailed answer to FAQs on its website in September 2014 advising that the BRA “should identify the potential financial crime risks to which the business could be exposed”.  They also reiterated that it is best practice to review the BRA whenever changes to the business or financial crime risks occur and at least on an annual basis.  Due to the multitude of changes in these areas, the BRA is, therefore, a living document needing almost constant review.

The third level of assessment is the relationship risk assessment which is also made up of three stages – the risk profile, the risk assessment and the risk rating.  The risk profile should set out the information regarding the specific relationship with the customer noting all financial crime risk indicators which include those that are compulsory, inherent, high or, if none, low.  The risk assessment is the method by which a business assesses the profile, considering all the risks identified including the accumulation of those risks.  If the high risk indicators are not compulsory ones, the business can decide not to assess the overall risk as high because of strong and compelling mitigating factors identified and documented.

The third step is to give the relationship a risk rating and apply the appropriate level of CDD.

MoneyVal (sorry to mention them again!) reiterated the problem highlighted by the IMF that, because non-resident customers, private banking and trusts and companies holding personal assets are not compulsory high risks in Guernsey, insufficient CDD in some instances is applied.  Whilst the GFSC noted the evaluation recommendation for these new compulsory high risks, they pointed out that many businesses already include them as best practice.

Do you?  Are your risk ratings correct?  Without effective CDD and EDD will you fall into the trap of Willow, Confiànce and Provident?

In Part 3, I will consider the question of ongoing and effective monitoring and enhanced due diligence for high risk relationships.

MoneyVal – The Road Ahead

tindalldawn-1-e1454075780950

GUERNSEY’S MONEYVAL REPORT … AGAIN

 

 

After a very informative seminar last week, I thought I would set out the timetable identified by the FIU, the GFSC and the Policy Council of the work they need to do to implement some of the recommendations of the MoneyVal Evaluation.  It also gives an idea when we can expect our workloads to be affected.

  • Spring 2016 – Publication of the FIS Annual Report for 2015 (and possibly from previous years as it was last published in 2009)
  • May 2016 – Consultation on amendments to the Wire Transfer legislation
  • September 2016 – Policy Letter to the Guernsey States of Deliberation to obtain approval for the changes to the primary AML/CFT legislation
  • Autumn 2016 – Upon receipt of the IMF model for a National Risk Assessment, Guernsey’s version will be compiled with help from industry in order to comply with the FATF 2012 Recommendations.  Recommendation 1 requires Guernsey to identify, assess and understand the money laundering and terrorist financing risks it faces, such an assessment informing a firm’s business risk assessment.
  • End of 2016 – Consultation with industry on the changes to the Handbooks for Financial Services Businesses and Prescribed Businesses
  • End of 2016 – Completion of the review of Guernsey Terrorist Financing legislation
  • 2016 or 2017 – Approval of the amendments to the Sanctions legislation to close the gap between UN designations and the EU designations
  • January or Easter 2017 – Approval of Sark Chief Pleas of amendments to primary legislation
  • September 2017 – Progress Report to MoneyVal

Richard Walker, the Director of Financial Crime and Regulatory Policy of the Policy Council, continued the list with the following work streams:

  • consideration of the inclusion of manumitted organisations on the Register of Non Profit Organisations but taking into account the treatment of trusts with long stop charitable beneficiaries
  • discussions with GAT to follow up on the recommendation of both the IMF and MoneyVal to include the requirement for non-professional trustees to maintain information on beneficial ownership
  • review of corruption and confiscation legislation.

A long list – good luck!

Willow, Confiànce and Provident – what lessons can we learn?

guernsey-compliance-services

LESSONS FROM THOSE NAMED AND SHAMED – PART 1

When reading the summaries issued by the GFSC on the enforcement action taken against these three firms, there are three reoccurring themes that jump out at you.   These are failures in respect of:

  • risk assessments
  • ongoing and effective monitoring
  • enhanced due diligence for high risk relationships.

These failures were compounded for Confiance and Provident as the issues had been raised by the GFSC at a previous visit and had not been effectively rectified.

It is very important to ensure the remediation identified by the GFSC has been implemented and I am sure much effort has been put into doing so but is it appropriate and effective?  Sometimes you can read and re-read the GFSC’s letters from the last visit and hope you’ve understood what they mean.  Although you have considered the remedial action identified, you’ve reviewed your procedures and you think it has all been covered, how can you be sure the changes will be effective?

It’s never too late, either, to ensure those Instructions have been followed. Like all compliant firms, you will have reviewed your files when the Instructions where issued in 2009 and 2010.  However, having taken on many business relationships since then, why not take this opportunity to review your files to ensure you could confirm once again that you have continued to apply the requirements in those Instructions?

You know where I am if you need help.

In Part 2, I will look at the three themes in more detail.

MoneyVal – Something For Everyone

tindalldawn-1-e1454075780950

GUERNSEY’S MONEYVAL REPORT IS OUT!

MoneyVal have finally issued the 4th Round Evaluation of Guernsey and, whilst everyone pats themselves on the back (and why not – Guernsey has done very well) there is still some aspects of concern for all licensees, the regulator and the FIU.
The headlines below could be the future…..

If you’re bad, you’ll pay more … if your suspicious and don’t report, you will be punished … no more simplified or reduced CDD for many low risk relationships … EDD compulsory for many more FSB relationships … lawyers and accountants no longer Appendix C businesses … independent audit functions needed to test compliance ….

But then the good news for FSBs …..

  • Will trusts need to have a Guernsey registered agent or TCSP trustee?
  • Will TCSPs be needed for all Guernsey companies?
  • The AGCC should provide additional guidance particularly CDD measures.
  • The FIU should provide more information in public reports.

This is just my view of the Summary and, as we know, the devil is in the detail. But I am sure we have the time to read the 322 page report whilst we wait with interest to see what the GFSC will do – looking forward to the 11th February and their Industry Presentation on the Moneyval Report Feedback.

Welcome to a new approach to AML/CFT

tindalldawn-1-e1454075780950
DAWN TINDALL INTRODUCESTRIANGLE COMPLIANCE SERVICES
PROVIDING AML/CFT SOLUTIONS

I am pleased to welcome you to my website and to introduce you to the services I can offer. I am a compliance professional and am passionate about getting things right. AML/CFT is a complex area which has many pitfalls for the unwary and the penalties for failure are increasing.
By applying my legal training and many years of experience as a practising solicitor, I can provide reasonably priced and reassuringly thorough answers to your AML/CFT concerns.

I always believe that talking through a problem can lead to a solution – call me for a chat to find out if you like my approach and if you wish me to help with those irritating issues.