The JFSC Trust Company Business Examination Feedback 2015 paper has been published (March 31^st 2016) – this paper sets out the summary findings from the Jersey Financial Services Commission’s (“the Commission’s”) programme of onsite examinations conducted during the calendar year 2015.

The JFSC forward the paper with the following thoughts

The principal theme for 2015 was

AML/CFT and compliance with the Financial Services (Trust Company Business (Assets – Customer Money)) (Jersey) Order 2000 (“the Customer Money Order”)

….and each visit included an examination and review of:

• Corporate governance and the key person functions (the latter defined in Article 1 of the Financial Services (Jersey) Law 1998).
• Conduct of business.

1. In almost all cases the resulting remediation following an Examination has been tracked via the issue of a Post Monitoring Examination Schedule (“PEMS”).
2. Feedback has been provided to the individuals concerned where any issues have been identified. There were no systematic issues/trends relating to this group of Registered Persons to be reported on in relation to either calendar year.
3. As might be anticipated from the Examination theme for 2015 the largest number of findings reflected deficiencies in the AML/CFT framework of the registered persons visited.
4. The Commission’s Examinations have, however, led to Enforcement action in four cases. This action is currently ongoing.

SUMMARY OF FINDINGS            

1. AML/CFT Findings          
   1. AML/CFT related Governance
   2. Enhanced Customer Due Diligence – initial and ongoing
   3. Monitoring
   4. Monitoring – Tax Advice
   5. Monitoring – Sanctions
   6. The SAR Process
   7. Missing or incomplete/inaccurate Policies and Procedures
   8. Record keeping 7
   9. Compliance resource, Compliance Monitoring (“CMP”) and Compliance Reporting
2. Corporate Governance
   1. Effectiveness of the Board
   2. Conflicts of interest
   3. Risk Management
3. Conduct of Business      
   1. Customer Money
   2. Business Model Findings

THE FINDINGS DETAILS

1. AML/CFT Findings

1. AML/CFT related Governance
   1. In 2015, nearly half the Examination findings relating to AML/CFT were recorded in relation to CONCERNS REGARDING GOVERNANCE.
   2. THE PRINCIPAL AREA OF CONCERN was the maintenance of a sufficiently robust business risk assessment (BRA) and strategy, and the corresponding policies and procedures underpinning each registered person’s AML/CFT framework.
   3. THE COMMISSION IS DISAPPOINTED TO NOTE that this continues the trend identified in 2014. Examples of issues identified include the following:
      1. A BRA and Strategy had not been formally adopted by the Board nearly a year after changes had been made;
      2. An “off the peg” BRA had been produced, which included generic risks, rather than those actually faced by the business;
      3. BRAs were drawn up where risks were either only briefly or partially identified, with no explanation as to how these risks arise or are to be mitigated;
      4. BRA were seen without a corresponding strategy, or where it was difficult/not possible to link both documents with corresponding policies and procedures and the ensuing monitoring activity (including by Compliance); and
      5. In one case the policies and procedures were not tailored to the business and also did not reflect current AML/CFT legislation.
   4. THE COMMISSION WAS PARTICULARLY CONCERNED also to note issues in the work carried out by Money Laundering Reporting and Money Laundering Compliance Officers (respectively).
   5. SUCH ISSUES INCLUDE:
      1. The MLRO documenting, but not then acting on, factors giving rise to suspicion, compounded by the MLCO failing to recognise the same “red flags”;
      2. Too little relevant training (as CPD) being undertaking by the MLRO;
      3. Neither the MLRO or MLCO conducting any monitoring of SARS submitted internally;
      4. The MLRO failing to report on SARs to the Board;
      5. The MLCO failing to monitor the MLRO’s work; and
      6. A delay of many months before a newly appointed MLCO (already the acting Compliance Officer) first reported to the Board.

2. Enhanced Customer Due Diligence – initial and ongoing
   1. The Commission identified a significant number of findings relating to failures to carry out such due diligence in respect of:
      1. PEPS – for example linked to their correct initial and continued classification, taking into account the combined requirements of Article 15(6) of the Money Laundering (Jersey) Order 2008;
      2. Higher risk customers; and
      3. Customers with connections to a country linked to FATF countermeasures.
   2. In one case the Commission noted with PARTICULAR CONCERN THAT,
      1. whilst significant red flags existed in more than one of the above areas, and for significant periods of time, no decision had been taken to report and/or subsequently exit the relationship.
3. Monitoring
   1. Examinations in the latter half of 2015, in particular, highlighted failures to establish customer profiles as a “benchmark” to establish patterns of expected transactions and activity within each customer relationship.
   2. In the case of three registered persons, there were either
      1. no Policies relating to monitoring or
      2. these had not been finalised and rolled out to staff.
   3. In other cases, the registered persons had not considered the implications of setting automated search criteria and screening parameters too narrowly or not documented the action that would need to be taken when matches are identified.
4. Monitoring – Tax Advice
   1. As in previous years, the Commission continues to see REGISTERED PERSONS FAILING TO OBTAIN AND/OR MAINTAIN the appropriate tax advice needed for monitoring.
   2. Examples include:
      1. Failure to obtain a single piece of advice from a firm of tax advisers, where this related to multiple, highly planned structures;
      2. A registered person which, faced with an aggressively planned structure and unsuccessful repeated requests for advice, had not considered whether to exit the relationship;
      3. The need to seek updated tax advice upon a clear and significant trigger event (death) being overlooked; and
      4. A case where tax advice was held with regard to a highly planned structure, but its implementation had not been checked or monitored, leading to potential exposure.

5. Monitoring – Sanctions
   1. OF PARTICULAR CONCERN were a number of findings, where the arrangements put in place left the registered persons at risk of potentially breaching sanctions.
   2. The findings included the following:
      1. Failure to establish policies and procedures in respect of sanctions monitoring;
      2. Sanctions training not being provided or being too general (without reference to the registered person’s own policies and procedures);
      3. A registered person only checking transactions above a set monetary limit;
      4. Omission of any work relating to sanctions from compliance monitoring (either overall or for a significant period; and
      5. Failure to “capture” all relevant parties in the registered person’s systems, so that a match to relevant sanctions was not identified.

6. The SAR Process
   1. As in 2014, the Commission IS CONCERNED THAT REGISTERED PERSONS CONTINUE to maintain systems and controls that have inherent weaknesses.
   2. In 2015 findings included the following:
      1. Procedures that were not up to date or did not fully reflect all relevant legislation and the AML/CFT Handbook;
      2. Inaccurate recording of SARs filed by the MLRO;
      3. Failure by the MLRO to
         1. document their investigative work and/or
         2. the reasons why they had decided not to file a SAR;
      4. The MLRO not seeking independent verification that a matter had been resolved (but choosing to rely solely on an assurance given by email);
      5. The MLRO taking significant time to file a SAR – notwithstanding the information already at hand;
      6. The MLRO being tasked with so much other work, that the majority of work was undertaken by their Deputy;
      7. Failure to document who had been appointed as Deputy; and
      8. The MLRO not monitoring the work undertaken by their Deputy.
      9. Internal Controls
   3. This category includes the second highest number of Examination findings in 2015.

7. Missing or incomplete/inaccurate Policies and Procedures
   1. This was by far the largest element in this category of findings.
   2. Key deficiencies and omissions included:
      1. Lack of version control and management, such that these become
         1. unwieldy,
         2. out of date (in respect of e.g. legislation),
         3. unclear and
         4. difficult to apply in practice ;
      2. Inaccurate reference to legislation and regulations – for example
         1. incorrect or incomplete definitions of PEPs,
         2. no reference to the risk assessment of obliged persons or
         3. what staff members need to do if a positive match to a sanction is identified;
      3. Lacking references to key areas of operations or risks
         1. risks of doing business in particular geographical areas,
         2. limited services,
         3. safe custody,
         4. operation of a split board,
         5. personal account dealing,
         6. reconciliation of safe custody holdings and client accounts,
         7. investment reporting,
         8. the identification and escalation of exceptions etc.); and
         9. Lack of clarity as to how areas of higher risk activity impact on the practical implication of policies and procedures, to mitigate AML/CFT risk.
   3. The Commission noted in its 2014 Examinations a failure to develop procedures to address key risks and is concerned to note that this trend has continued.

8. Record keeping
   1. This comprised the next largest group of findings within the category of internal controls, whereby the Commission noted for example:
      1. Overdue financial statements and deficiencies in monitoring thereof;
      2. Registered persons not being able to determine whether CPD was adequate in terms of content and time spent;
      3. Failure to properly capture individual assets in safe custody (for example pieces of valuable jewellery collectively described only as “chattels”) or their movements;
      4. No documentation of why exceptions were granted, including those with AML/CFT implications (for example the acceptance of funds by way of a loan and a six-figure distribution – both transactions carried out in the absence of adequate CDD); and
      5. Failure to track the issue and actual (versus intended) use of credit cards to customers.

9. Compliance resource, Compliance Monitoring (“CMP”) and Compliance Reporting
   1. This area of Examination work also resulted in a large number of findings.
   2. Interestingly, whilst lack of Compliance resource did not necessarily lead to deficiencies in monitoring or reporting, registered persons need to remain alert to this possibility.
   3. The Commission’s findings in this area included the following:
      1. Failure by the Board to review and approve the CMP or to put in controls to ensure the completeness of reports provided;
      2. Key areas not being included in testing for example
         1. in-house treasury services,
         2. pooled client bank accounts, or
         3. safe custody
      3. A failure to recognise risks and significant matters/pertinent information;
      4. failures to complete and document all testing, the Commission noted that – in one case – mapping work of the legal and regulatory requirements was so extensive that it took priority over, and consequently ruled out, any testing; and
      5. Failure to properly track issues arising and their resolution – in one case this resulted in high risk items remaining overdue.

2-CORPORATE GOVERNANCE

1. Effectiveness of the Board
   1. This remains an area of concern. The Commission has continued to observe failures to maintain the elements of a robust framework, including for example:
      1. Infrequent Board meetings. In one case the registered person’s Board only met formally once a year.
      2. Inadequately structured and planned Board meetings, reflecting the quality of terms of reference or management information received or generated/acted upon;
      3. Attendance, discussion and ensuing decisions not being appropriately restricted to the registered person’s Board and its activities;
      4. Failure to document key decisions (for example, a Board appointment where a potential conflict of interest had already been identified);
      5. Ineffective delegation to sub-committees;
      6. Lack of span of control (simply not enough people to make the required decisions!); and
      7. Inadequate consideration of key matters, including AML/CFT and reports by key persons.

2. Conflicts of interest
   1. The Commission continues to observe conflicts crystallising at registered persons, with the issues arising (often linked to proper recognition and management) including the following:
      1. Individuals carrying out a combination of principal and key person roles, leading to potential impairment of
         1. perceived or actual independence and,
         2. in some cases, impacting on segregation of duties;
      2. Key persons being required to act as authorised signatories;
      3. Principal persons carrying out work for unrelated registered persons or other companies;
      4. Employment of multiple family members (particularly where one is a key person); and
      5. The provision of a combination of regulated and (in some cases multiple) advisory services.

3. Risk Management
   1. Two main headlines emerge in this category of findings:
      1. Registered persons need to be mindful of
         1. the adequacy of risk assessment, in relation to all types of risk (in addition to that required for AML/CFT) and
         2. the operation of related systems and controls, in particular of first line of defence controls (such as periodic reviews processes); and
      2. The vetting and supervision of staff should be appropriately management as a cornerstone of any risk management framework.

3-CONDUCT OF BUSINESS

1. Customer Money
   1. The theme chosen for the 2015 Examinations resulted in a large number of findings, some very basic, leading the Commission to conclude that this area requires renewed and thorough attention by all registered persons.
   2. Examples of issues identified include:
      1. Failure to obtain bank letters of undertaking, to effectively “ring-fence” these assets;
      2. Failure to prevent co-mingling of the registered person’s own monies with those of its customers; and
      3. Failure to evidence reconciliation, to prevent overdrawn balances or to act on long standing (pooled) customer balances. (In two cases funds were still being held for former customers).
   3. The Commission did not note any cases where customer monies had been lost as a result of the deficiencies identified.
   4. The Commission is aware that trust company businesses are now increasingly offering in-house treasury services (for example pooling of funds and foreign exchange services). Hand in hand with this, however, the Commission has also noted the following issues:
      1. Failure to consider the best interests of customers in terms of achieving rates; and
      2. Insufficient transparency in terms of terms and conditions (including the roles played by other parties, group or unrelated) and the disclosure of fees to customers.

1. Business Model Findings
   1. The small number of findings in this reflect inadequate arrangements connected to delegation and outsourcing, leading to non-compliance with the Commission’s published Guidance.

END & JFSC conclusion

1. Whilst the format of Examination feedback has changed in 2014 and 2015, registered persons will recognise a number of messages from previous years.
2. All registered persons are strongly urged to consider the feedback for 2015 Examinations – hand in hand with that provided in previous years and the guidance already in issue by the Commission in various forms (including “Dear CEO letters”) – in terms of development of their own systems and controls, the implementation of these and subsequent testing (by the business, key persons and any additional control functions).
3. The number of AML/CFT findings identified, in particular, speaks for the need for focused and continued vigilance, taking into account the requirements of related legislation and the Handbook, both of which may be periodically updated as required.

Read the Document http://bit.ly/1VUKAuw