Financial Services Business
In this letter Sheen outlines the following
PART 1 – INTRO
1. The Commission has emphasized to businesses, both during on-site visits and industry meetings, the importance of assessing the ML/TF risks to which they could be exposed “in the round”, or as a whole, when reviewing their business risk assessments.
2. This review is essential in ensuring that businesses’ compliance arrangements are, and remain, both appropriate and effective.
3. The Commission has concluded that some of the observations and recommendations made by MONEYVAL in its evaluation of other international finance centres over the last 12 months, may also be relevant to the Bailiwick.
4. A number of these may be of particular relevance for those businesses whose customer base includes
a. a significant proportion of non-face-to-face business,
b. reliance on introducer arrangements and/or
c. Involve complex structures or arrangements.
PART 2 – CONSIDER AND ACT
5. I am therefore taking the opportunity to write to you to ask that your business considers the matters summarised in the attached table of observations and recommendations of potential relevance from previous MONEYVAL assessments, with a view to
a. assessing whether it could be exposed to similar ML/TF risks and
b. Also whether it considers its current compliance arrangements to comprise of appropriate and effective measures to mitigate them.
6. It is important that those arrangements take account
a. Of not just how individual ML/TF risks can be mitigated,
b. But the possible cumulative effect which those risks, when considered in the round, may pose.
7. The Commission is not seeking a report from you summarising the actions taken in response to this letter.
8. The Commission
a. does consider the items listed in the attached table during on-site visits and
b. Will also be considering them as part of the current review and amendment of the two AML/CFT Handbooks which is being undertaken by the joint Commission and industry working party.
PART3 – DO NOT FORGET
9. The obligations in rule 30 of the Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing?
a. This rule requires that a financial services business ensure that the Commission is advised of any material failure to comply with the Criminal Justice (Proceeds of Crime)(Financial Services Businesses)(Bailiwick of Guernsey) Regulations, 2007, as amended and the rules in the Handbook and or any serious breaches of the policies, procedures and controls of the financial services business.
NOTABLE OBSERVATIONS AND RECOMMENDATIONS MONEYVAL ASSESSMENTS (TOPIC/OBSERVATION / RECOMMENDATION)
1. Business Risk Assessment
a. A business should have an OVERALL RISK APPETITE STATEMENT or STANDARD, driven by its business risk assessment, which informs its business activities.
2. Policies, Procedures and Controls
1. A business should, as part of its AML/CFT policies:
a. Recognize that the accumulation of risks in complex business relationships an present overarching ML/TF risks;
b. Determine its appetite for complex business relationships, taking account of whether the business is in a position to effectively monitor and control these risks;
c. Have enhanced measures to mitigate these risks; and
d. Specify where it would be appropriate, based on an assessment of risk, to reject or terminate a business relationship.
3. New Business Relationships / Occasional Transactions – High Risk Customers
a. Policies and procedures for the take-on of higher risk customers should be REVIEWED and steps taken, if necessary, to ensure that ML/TF risks are taken fully into account.
b. Consideration should be given as to whether this process should involve the expertise of the compliance function in an enhanced advisory role.
4. Customer Risk Assessments
a. Customer business profiles, including
i. type,
ii. volume and
iii. value of expected activity, particularly for high risk customers,
b. Should be
iv. detailed,
v. meaningful,
vi. accurate and
vii. Regularly updated so that ongoing monitoring is not undermined.
c.The purpose and intended nature of the relationship must be identified and recorded.
5. Customer Risk Assessment (Assessing risk “in the round”)
a. Consideration should be given to the cumulative effect of ML/TF risks, which can occur where a customer’s risk profile comprises of
i. introduced business,
ii. complex structures and
iii. The use of nominees, for example.
b. In some high risk cases this may bring the level of ML/TF risk beyond a level that can be effectively mitigated by the business’ current compliance arrangements.
6. Customer Risk Assessments (EDD)
a. The accumulation of risks that may result from the use of complex structures, combined with introduced business, may require that ENHANCED DUE DILIGENCE be undertaken.
b. Consideration should be given to whether this risk could be mitigated through
i. Making direct contact with the ultimate beneficial owner of the underlying customer.
7. Customer Risk Assessments – Reviews
a. Procedures should be REVIEWED to verify how the business is made aware, on a timely basis, of
i. changes in a customer’s use of structures and legal arrangements, including
ii. Changes in beneficial ownership.
8. Customer Due Diligence-Copy Documentation
a. Procedures should be REVIEWED to verify the controls the business has in place to reduce the risks associated with placing reliance upon certified documentation for CDD purposes.
b. In some cases, this reliance may expose a business to the risk of
i. relying upon false documentation or
ii. Create an exposure should there be subsequent changes in ownership or control without their knowledge.
9. Introducer Arrangements
a. Procedures should be REVIEWED to
i. verify that introducer arrangements are designed to ensure that the introducer has appropriate risk grading procedures and conducts appropriate and
ii. Effective CDD procedures in respect of customers, including enhanced CDD for PEP and other high risk relationships.
b. A business should consider
i. How it obtains assurance that the introducer continues to satisfy the above requirements throughout the duration of the introducer arrangement.
10. Monitoring
a. Resources allocated to the monitoring of high risk business should be REVIEWED and,
b. Where necessary, resources of compliance departments should be increased to allow them to fully investigate and properly review all the alerts raised on high risk accounts.
11. Politically Exposed Persons (“PEPs”)
a. Procedures should be REVIEWED to verify whether due diligence procedures in relation to PEPs require the identification of
i. ‘family members’ of PEPs and
ii. ‘Close associates’ of PEPs.
b. Procedures should be REVIEWED to verify the measures being taken by the business to ensure that existing customers who subsequently become PEPs are identified.
12. Outstanding Customer Due Diligence
a. Steps should be taken to verify that all remaining outstanding CDD in relation to existing customers is resolved without further delay.
13. Training
a. Staff training should be REVIEWED to verify whether the training for both customer-facing and compliance staff takes into account the types of high-risk business that staff are liable to encounter.
b. Staff training should also be REVIEWED to
i. verify whether it emphasizes the importance of creating and regularly reviewing and updating customer risk assessments where changes to a customer’s risk profile have taken place, and
ii. The importance of this in relation to the detection of possible suspicious activity.
14. Review of Compliance Arrangements
a. Procedures should be REVIEWED in order to verify how the business identifies, in a timely and complete manner,
i. policies, procedures,
ii. systems and controls which are not or are no longer appropriate and
iii. Effective to mitigate ML/TF risks.