X6 core finding from JFSC 2023 examination of reliance on obliged persons

Key findings

The key findings summarised in this section are taken from the examinations of seven supervised persons where findings were identified.

They identify a range of deficiencies in systems and controls which could expose those supervised persons to a heightened risk of failing to prevent or detect financial crime.

1. The Conditions

• The conditions are set out in section 5.2 of this feedback paper. Three supervised persons received findings in this area.
• One supervised person’s policies and procedures did not adequately cover the six conditions for reliance, resulting in:

• Roughly half of its customers do not have an approved written assurance in place confirming the obligations under both Article 16(4) and Article 16(5) of the Order
• Six written assurance letters being incomplete and two others being missing
• An insufficient level of customer information being obtained from the obliged person
• The written assurance of one obliged person, based outside of Jersey, did not document record retention and provision in line with the fifth condition

• One supervised person had not obtained adequate assurance from an obliged person at the outset of the relationship that it would keep evidence of identification measures as required by the third condition of reliance
• One supervised person failed to consider whether an obliged person’s business, based outside of Jersey, constituted equivalent business, which is a prerequisite to establishing a reliance arrangement and must form part of the supervised person’s assessment of the obliged person

2. Testing of obliged persons

• After appropriately establishing a relationship with an obliged person, Article 16(8) of the Order sets out the obligations with respect to testing.

• Where results of that testing are unsatisfactory, Article 16(9) of the Order requires the relevant person to apply reliance identification measures immediately.

• Five supervised persons received findings in this area, including:

• Two supervised persons failed to perform any testing of obliged persons
• The board of one supervised person decided to pause testing of reliance arrangements to focus its resources towards reducing its use of reliance, but at the time of the examination, had not performed any testing for a three-year period

• One supervised person failed to review and determine whether it was appropriate to maintain a reliance arrangement where:

• CDD deficiencies were identified
• Provision of documentation was outside of acceptable timeframes

• The supervised person did not escalate these results to its board and failed to take immediate action despite identifying CDD deficiencies and providing documents outside of acceptable timeframes.
• Two supervised persons were unable to evidence that they had conducted adequate testing of obliged persons in relation to:

• The content of the obliged person’s written assurance, in particular that it included confirmation that evidence of identification measures would be held until the supervised person notified the obliged person the evidence was no longer required.
• Whether obliged persons had appropriate and consistent policies and procedures in place to apply reliance identification measures - in one case, the obliged person was the subject of a JFSC public statement, but the supervised person was unable to demonstrate how it had considered the information and satisfied itself that it was appropriate to continue the reliance arrangement  

• One supervised person had multiple instances where it was unable to evidence that it had considered whether obliged persons may be prevented, by application of law (e.g. secrecy legislation), from providing information or evidence

3. CDD

• While it is permissible to place reliance on an obliged person to find out the identity of customer and parties related to the customer, it is not possible to place reliance on an obliged person to obtain information on the purpose and intended nature of a business relationship or one-off transaction, nor to apply on­going monitoring during a business relationship.
• A supervised person is always responsible for undertaking the overall CDD including risk assessment, transaction/activity monitoring and keeping documents and information up to date.

4. Identification measures

• The JFSC identified instances of inappropriate use of reliance relating to identification measures.
• Article 3(2)(c)(ii) of the Order sets out that, in respect of a customer that is not an individual, a relevant person must understand:

• Ownership and control of that customer
• The provisions under which the customer can enter into contracts or other similar legally binding arrangements with third parties

• Three supervised persons failed to identify customers. Of these, two were unable to demonstrate they had identified the beneficial owners and controllers where reliance was placed on an obliged person, instead, relying on the measures performed by the obliged person without reasonable assessment or challenge.
• The other supervised person was unable to evidence that it had considered its customer’s exposure to money laundering. The supervised person had relied upon the risk assessment performed by the obliged person and was unable to demonstrate that it understood the risk associated with the ownership and control structure, beneficial ownership, and significant controllers of four of its customer files selected for the sample.
• Article 3(5) of the Order requires that identification measures must include the assessment by the relevant person of the risk that any business relationship or one-off transaction will involve money laundering, including obtaining appropriate information for assessing that risk.
• The AML/CFT/CPF Code of Practice set out at paragraph 3.3 (29) of the Handbook requires a supervised person to apply a risk-based approach in determining the extent and nature of measures to be taken during the identification process. Three supervised persons had findings in this area:

• One supervised person was unable to evidence that it performed customer risk assessments where reliance was placed on an obliged person, resulting in the supervised person not fully understanding the risks associated with its customer and consequently failing to apply a commensurate level of due diligence
• One supervised person used a 'blended’ risk assessment that considered risk characteristics of both the obliged person and the customer, resulting in a failure to appropriately identify and assess certain higher risk attributes of the customer (for example country risk) and the application of an inadequate risk-based approach to ongoing monitoring
• One supervised person received information from the obliged person regarding its customer’s ownership and control structure, beneficial ownership, and significant controllers, however it failed to assess whether it was accurate or complete, which led to a failure to consider the extent of its financial crime exposure

• In several cases, supervised persons did not consider whether the identification measures applied by an obliged person, based outside of Jersey, were sufficient for the supervised person to meet its obligations under Article 3 of the Order.

5. Ongoing monitoring

• The JFSC identified instances where reliance was being used inappropriately. In all instances, the supervised person failed to comply with Article 13(1) of the Order, which requires a relevant person to apply CDD measures, including ongoing monitoring. Two supervised persons had findings in this area:

• One supervised person was unable to demonstrate that it was adequately screening and monitoring its customers where a reliance arrangement was in place, resulting in a failure to identify a politically exposed person
• One supervised person failed to obtain an appropriate level of detail in respect of its customer’s source of funds and source of wealth, simply accepting an inadequate statement provided by the obliged person

6. Internal systems and controls

• Article 11(3) requires a supervised person to maintain appropriate and consistent policies and procedures for placing reliance on obliged persons. Six supervised persons had failings in this area, the JFSC findings included:

• One supervised person had no policies and procedures in place for reliance on an obliged person
• One supervised person failed to follow its policies and procedures by not escalating failed testing to its board for consideration
• Another supervised person was unable to demonstrate from the minutes of decision-making committees that it had considered, discussed and recorded decisions relating to CDD deficiencies where a reliance arrangement was used
• Three supervised persons had inconsistencies within their policies and procedures, including:

                    i. Document retrieval periods and associated internal approval requirements

                    ii. Actual practices did not follow what was required by the procedures

                    iii. An undocumented, alternative process was used where CDD deficiencies were identified

• One supervised person’s policies and procedures did not:

• Direct staff to the list of approved obliged persons
• Specify the forms to be used to ensure that reliance is being placed appropriately

• One supervised person was unable to demonstrate that it gave due regard to the JFSC Sound Business Practice Policy in relation to its ongoing monitoring of a customer’s potential involvement, directly or indirectly, in mining, drilling, or quarrying for natural resource
• One supervised person could not demonstrate it had applied appropriate ongoing monitoring to customers, where reliance was placed on an obliged person, resulting in a failure to identify a connection to an enhanced risk state - under Article 16(11) of the Order, a relevant person is not permitted to place reliance on an obliged person where there is a connection to an enhanced risk state

A detailed overview of the examination findings is set out in section 6 of the report, which is here:-

• https://www.jerseyfsc.org/media/7494/q4-2023-reliance-thematic-feedback-paper.pdf
• https://www.jerseyfsc.org/industry/examinations/examination-findings-and-questionnaires/feedback-from-the JFSC-examination-of-supervised-persons-reliance-on-obliged-persons/