COMSURE briefing on the JFSC 2025 thematic report, expectations for compliance monitoring  

This briefing outlines the key expectations and good practices for firms to meet the Jersey Financial Services Commission’s (JFSC) compliance monitoring requirements, based on the 2024 thematic examination feedback issued in June 2025.

Firms must ensure robust systems and controls to assess adherence to legal and regulatory requirements, focusing on effective compliance monitoring processes to mitigate risks of non-compliance.

Key Actions for Firms to Meet Good Practice and Compliance Expectations

1. Identify Legal and Regulatory Obligations

• Expectations: Firms must comprehensively identify all applicable legal and regulatory requirements relevant to their business and monitor for changes.
• Good Practices:
• Clearly articulate all relevant requirements in business and compliance risk assessments.
• Update risk assessments promptly upon trigger events (e.g., regulatory changes) and periodically (e.g., annually).
• Use subscription services for timely notifications of regulatory updates.

2. Identify Control Environment

• Expectations: Firms must map out systems and controls to mitigate non-compliance risks.
• Good Practices:
• Promptly address any identified gaps in the control environment with timely remedial actions.

3. Assess Risks of Non-Compliance

• Expectations: Firms must evaluate the impact and probability of non-compliance, considering inherent and residual risks after applying controls.
• Good Practices:
• Conduct comprehensive risk assessments that analyse both inherent and residual risks.
• Ensure risk assessments reflect all applicable legal and regulatory requirements.

4. Design and Approve Compliance Monitoring Plan

• Expectations: Develop a risk-based plan informed by risk assessments, focusing on areas with the highest residual risk.
• Good Practices:
• Ensure the compliance monitoring plan directly reflects risk assessment outcomes.
• Establish clear procedures for plan development, approval, delivery, and amendment.
• Include policies detailing testing frequency, scope, sample size, and remediation prioritisation.

5. Undertake Testing

• Expectations: Perform adequate and appropriate testing to verify the effectiveness of systems and controls.
• Good Practices:
• Periodically assess the effectiveness of testing methodologies.
• Document testing methodologies clearly, enabling manual execution if needed.
• Apply timely upgrades to technological solutions supporting testing.
• Investigate whether identified control weaknesses are systemic or prevalent elsewhere.
• Arrange periodic independent reviews of the compliance function’s effectiveness.
• Maintain comprehensive, retrievable records of testing to support results.

6. Report

• Expectations: Provide detailed compliance reports to the board or senior management, including test results and remediation plans.
• Good Practices:
• Ensure that the board or senior management provides input on report structure, content, and action prioritisation.
• Include progress updates against the compliance monitoring plan in reports.
• Assign ratings to test results (e.g., effective, partially effective, ineffective).
• Define material breaches clearly in procedures and outline escalation steps.
• Ensure accurate alignment between working papers and reported results.
• Add material findings to the breaches register for board awareness.

7. Remediate

• Expectations: Address identified issues promptly, prioritising those with the highest risk.
• Good Practices:
• Assign remedial actions to relevant business owners, with board or senior management tracking progress.
• Revisit remedial actions after implementation to ensure they are embedded and sustainable.

Additional Considerations

• Continuous Improvement: Firms should review their compliance monitoring processes against JFSC guidance and this feedback, implementing enhancements as needed. In future engagements, firms may need to demonstrate actions taken to address deficiencies.
• Record-Keeping: Maintain detailed, orderly records evidencing board oversight, discussions, and scrutiny of compliance monitoring activities.
• Sustainable Remediation: Ensure remediation efforts are proportionate, sustainable, and integrated into broader control frameworks to ensure ongoing compliance.
• Key Questions: Firms should regularly evaluate their processes using the six questions outlined in the feedback (e.g., adequacy of risk-based plans, effectiveness of testing, and board oversight).

Next Steps

• Review the JFSC’s published guidance note alongside this feedback to assess and enhance systems and controls.
• Develop or update remediation plans to address any identified gaps, ensuring clear timelines and responsibilities.
• Contact the JFSC at FSCSEU@jerseyfsc.org for clarification or further guidance.

By adopting these good practices, firms can strengthen their compliance monitoring frameworks, reduce the risk of non-compliance, and effectively meet the JFSC’s expectations.

READ MORE HERE….

FEEDBACK FROM ITS COMPLIANCE MONITORING THEMATIC EXAMINATION

The JFSC have published feedback from its 2024 compliance monitoring (CM) thematic examination. 

The JFSC says the risk of poor or ineffective CM PROGRAMMES/PLANS/PROCESS (CMPs) is:-

• When compliance monitoring is ineffective, weaknesses in a firm’s control environment may be missed or overlooked, and the board may not accurately understand the level of risk present in the business.
• This increases the risk of non-compliance with legal and regulatory obligations and may result in a conduct risk crystallising or an increased risk that the company may be involved in facilitating financial crime. 

The examination evaluated adherence to

• PRINCIPLE 3 OF THE SECTOR-SPECIFIC CODES OF PRACTICE and
• SECTION 2 OF THE AML/CFT/CPF HANDBOOK.

Specifically, the JFSC assessed how firms: 

• Tested compliance with
• Internal policies,
• Procedures, and
• Applicable legal and
• Regulatory requirements 
• Verified the effectiveness and implementation of systems and controls
• Took timely and appropriate action to address identified deficiencies 

Key findings 

GOOD

Overall, the thematic examination showed

• Good compliance with the obligations relating to compliance monitoring, with no key trends identified.
• Consequently, firms were seen monitoring, managing, and mitigating their risks effectively.  

BAD

Areas where the JFSC identified the most findings were about internal systems and controls, specifically: 

• Ineffective testing 
• Inadequate policies and procedures 
• Inadequate and/or inaccurate records 

Read the full examination feedback paper.

• https://www.jerseyfsc.org/industry/examinations/examination-findings-and-questionnaires/2024-compliance-monitoring-examination-feedback/