On the 28TH May 2014 INSTRUCTION NO. 01/2014 FOR FIDUCIARY FINANCIAL SERVICES BUSINESSES WAS ISSUED and the instruction outlined the following

1. REVIEW OF COMPLIANCE ARRANGEMENTS
1. This Instruction is made under section 49(7) of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999.
2. Introduction
1. This Instruction is being issued to reinforce the importance of
   i. reviewing policies, procedures and controls (“compliance arrangements”) and
   ii. Verifying that they remain appropriate and effective, in compliance with the requirements of the Regulations and rules in the Handbook.
   iii. These measures are essential for the forestalling, detecting and preventing money laundering and terrorist financing (“ML/TF risks”).
3. Importance of Reviews
1. The review of compliance arrangements is a critical risk management measure which allows firms to verify that the measures it has put in place are appropriate and effective to mitigate ML/TF risks to which its business could be exposed.
2. This is of particular importance given the ways in which ML/TF risk exposure can alter with the changing composition of a business’s overall client profile, products and services.
4. On-Site Visit Observations
1. The Commission has identified as a result of on-site visits undertaken in the last 12 months that some businesses licensed under The Regulation of Fiduciaries, Administration Businesses and Company Directors etc. (Bailiwick of Guernsey) Law, 2000, as amended (“fiduciary businesses”) are not applying sufficient attention towards the review of their compliance arrangements.
2. In some instances, the following had been observed:

i. Business Risk Assessment (“BRA”)

1. (a) The BRA of a fiduciary business had only been reviewed on a set review date, despite significant changes having occurred to the risk profile of its client base, products or services which had resulted in a possible change to its overall ML/TF risk exposure.
2. (b) A fiduciary business was unable to explain, despite having reviewed its BRA in the last 12 months, its overall risk appetite in relation to, for example,
3. the proportion of high risk business it was prepared to take-on, given the size, complexity and nature of the business, in terms the resourcing required to undertake the requisite enhanced due diligence.

ii. Compliance Arrangements

1. (a) A fiduciary business was unable to show the connection between the risks identified in its BRA and its compliance arrangements put in place, given the size, complexity and nature of the business, to mitigate those ML/TF risks.
2. (b) A fiduciary business was unable to evidence how it determined that its compliance arrangements were appropriate and effective in mitigating the ML/TF risks identified in its BRA. In particular, some fiduciary businesses were unable to produce evidence of any sample testing undertaken for this purpose.

iii. Client Risk Assessment (“CRA”)

1. (a) A fiduciary business failed to ensure that CRAs were reviewed on a regular basis so as to keep them up to date and that changes, where required, were made. As a result, some cases were identified where there was clear evidence that the Business had become aware of a change to a client’s risk profile, yet no review of the CRA had been undertaken.

REQUIRED ACTIONS
NO 1

i. Provide to the Commission the following information as at 30 June 2014:

1. (a) The total number of customers* serviced by the fiduciary business (“customer base”).
2. (b) The number and percentage of the total customer base identified as politically exposed persons (“PEPs”).
3. (c) The number and percentage of total customer base where reliance is placed on an introducer for customer due diligence purposes.
4. (d) The number and percentage of total customer base the fiduciary business has classified as high risk.
5. (e) List the three main countries/territories which you have identified as the country of the source of wealth of the ultimate beneficial owners* behind customers classified as high risk.

NO 2

i. Take steps to verify whether:

1. a) The BRA of the fiduciary business assesses all of the ML/TF risks to which its business may be exposed. This must take account of

i. the proportion of PEPS,

ii. the number of introducer arrangements relied upon and

iii. The number of high risk customers of the fiduciary business

1. b) In light of any business taken on in the last 12 months, the fiduciary business, taking account of the nature, size and complexity of its business, has considered the appropriateness and clarity of its risk appetite statement in relation to the ML/TF risks to which it could be exposed.

ii. The Board, or equivalent, must confirm to the Commission in writing that Item 2 has been completed, and that the supporting audit trail is available for inspection, if required.

c. NO 3

i. Take steps to verify whether:

1. a) The risks identified in the BRA of the fiduciary business, given the size, complexity and nature of the business, to mitigate those ML/TF risks, are addressed through the compliance arrangements which the fiduciary business currently has in place.
1. In light of the foregoing, the Commission requires the Board, or equivalent, of each fiduciary business to ensure that the measures listed below are undertaken by close of business Friday 29 August 2014 (“Deadline”):
1. b) A review has been undertaken in the last 12 months ofi. its compliance arrangements, andii. verification received that those arrangements are appropriate and effective andiii. That there are adequate resources engaged by the fiduciary business in its compliance functions to do so.
2. The Board, or equivalent, must confirm to the Commission in writing that Item 3 has been completed, and that the supporting audit trail is available for inspection, if required.

d. NO 4.

i. Take steps to verify whether:

a) The fiduciary business maintains customer risk assessments in a form which allows for the complete risk profile of a customer to be accessed and reviewed.

b) The fiduciary business has in place and had applied over the last 12 months

1. procedures for the review of its customer risk assessments,
2. Particularly where changes to risk profile indicators may warrant a possible change to a customer’s risk rating.

ii. The Board, or equivalent, must confirm to the Commission in writing that Item 4 has been completed and that the supporting audit trail is available for inspection, if required.

NOTES

1. *The terms “customer” and “beneficial owner” as used in this Instruction are defined in Appendix F of the Handbook.
2. Fiduciary businesses are reminded of their obligations in rule 30 of the Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing.
3. This rule requires that a financial services business ensure that the Commission is advised of any material failure to comply with the Criminal Justice (Proceeds of Crime)(Financial Services Businesses)(Bailiwick of Guernsey)Regulations, 2007, as amended and the rules in the Handbook and or any serious breaches of the policies, procedures and controls of the financial services business.

Future Consideration

1.  The action taken by the fiduciary business under this Instruction will be reviewed during on-site inspections and the Commission may rely upon the written confirmation provided by the Board in consideration of any future non-compliance by the fiduciary business with the Regulations and the rules in the Handbook.
2. The Instruction issued to licensed fiduciary businesses on 28 May 2014. http://www.gfsc.gg/The-Commission/Policy%20and%20Legislation/Instruction%20No.%20012014.pdf