A summary of the JFSC Financial crime examinations feedback paper
The JFSC has published findings from its tests, and the following provides a:
- The visit summary
- Summary of key findings
- And visit conclusions
- Out of a total of 6 financial services businesses (14 Relevant Persons) involved in the examinations, all resulted in outcomes.
- Of the sample of Relevant Persons examined by the FCEU (representing the following licence types: Deposit-taking Business, Investment Business, Funds Services Business and Trust Company Business),
- There were 43 findings relating to the relevant areas detailed within the report.
These findings were in respect of:
- The Order and the Statutory Requirements and
- AML/CFT Code(s) of Practice detailed in the Handbook.
KEY THEMES FROM THE FINDINGS
- The JFSC says while all 6 of the financial services businesses examined had implemented a suite of systems and controls (including policies and procedures) to prevent and detect financial crime in line with the obligations of the Order and requirements of the Handbook.
- However, there were a considerable number of findings, which meant that those systems and controls were not considered by the JFSC to be adequate and fully effective in many instances.
These findings are as follows:-
UNDERSTAND FINANCIAL CRIME RISK = The board/senior management of a Relevant Person must be able to demonstrate that it has considered its financial crime risks "in the round" and has subjected its assessment of such threats to adequate challenge and scrutiny.
GOVERNANCE = A robust corporate governance framework, of which risk management is an integral part, is essential to ensure that a Relevant Person is adequately directed and controlled.
- The board/senior management have substantial responsibilities for the prevention and detection of money laundering and financing of terrorism. In fulfilling these responsibilities MLCOs and MLROs are appointed. However, the board must ensure adequate oversight of these roles, to demonstrate adherence to the regulatory framework as well as their tasks
- These tasks and responsibilities should be documented within
- The job descriptions of Principal Persons, Key Persons and
- In terms of reference to crucial risk management forums (e.g. committees).
RISK MANAGEMENT = Also, a robust corporate governance framework will enable the board/senior management to demonstrate that
- There is the appropriate management of its risks,
- That its systems and controls (including policies and procedures) are valid and
- That the board/senior management are taking timely action when deficiencies or other matters are brought to their attention.
POLICY AND PROCEDURES = Adequate policies and procedures are critical to the implementation of effective systems and controls surrounding the prevention and detection of money laundering and the financing of terrorism. PPs enable the employees, and the MLRO/DMLRO and the Relevant Person to all meet their statutory and regulatory obligations.
- Procedures must be:
- Tailored to the business,
- Mapped against the Jersey regulatory requirements,
- Adequately maintained, and
- Effectively adhered to.
- Such reporting procedures must be clear and easy for employees to follow,
- Where to locate a Relevant Person's system for making an internal Suspicious Activity Report
- How to make a report and
- The identity of the MLRO or DMLRO.
- And to avoid barriers to AML adherence, it is also vital that
- Procedures are clear and easy for Relevant Person's employees to understand, use and drive a risk-based approach to the prevention and detection of money laundering and the financing of terrorism.
CMP = It is also vital for Relevant Persons to develop a useful, tailored and risk-based monitoring plan to
- Ensure that such systems and controls are complied with and remain effective over time.
TRAINING = Another essential control over the prevention and detection of money laundering and the financing of terrorism is to have employees who are:
- Alert to money laundering and financing of terrorism risks and
- Well trained in recognition of notable transactions or activity which may indicate money laundering or financing of terrorism activity. Training is to be tailored to the business and reflect the relevant Jersey regulatory requirements. Testing must then be conducted to monitor whether the training provided is useful, and appropriate action is taken if necessary.
- Employees must know:
- Where to locate a Relevant Person's procedure for making an internal "Suspicious Activity Report".
- How to make a report and
- The identity of the MLRO or DMLRO. Such reporting procedures must be clear and easy for employees to follow while enabling the employee, and the MLRO/DMLRO and the Relevant Person to all meet their statutory and regulatory obligations.
In general, FCEU examiners noted high levels of awareness of both financial crime related risks and the consequences of non-compliance with policies and procedures amongst employees of Relevant Persons.
- However, Relevant Persons often had difficulty in demonstrating the involvement of senior management (including the Principal Persons) in the development, scrutiny and use of its BRA.
All Relevant Persons involved in the examination have received direct feedback and
- Where findings have been identified, and they are subject to a formal remediation plan having been submitted to and agreed by the JFSC, setting out actions to be taken and timescales to complete them.
None of the findings detailed in this paper resulted in further action being taken by the JFSC, as the deficiencies were not considered to be sufficiently severe in isolation at each Relevant Person examined. However, that may not have been the case had
- The shortcomings highlighted critical failings of the Relevant Person's systems and controls to prevent and detect financial crime, or
- Been deliberate, or occurred over a long period without being addressed by senior management