Executive Summary of JFSC Financial Crime Examination Feedback 2023-2024

Read the JFSC financial crime examination feedback Q4 2023 – 2024 [new format]

The JFSC has published a feedback paper that outlines the key findings from the financial crimes examinations conducted from Q4 2023 to the end of 2024.

Its purpose is to help you assess the effectiveness of your systems and controls in preventing and detecting financial crime and to support compliance with Jersey’s legal and regulatory framework.

The paper covers findings from examinations, along with practical examples of good practice and self-assessment prompts, covering:

• BUSINESS RISK ASSESSMENTS
• RISK APPETITE
• COMPLIANCE MONITORING
• PERIODIC REVIEWS

Reflecting on these findings can help you identify gaps in your framework and take proactive steps to strengthen your controls to prevent and detect financial crime.

• Read the full feedback paper https://www.jerseyfsc.org/media/l04nx0uc/financial-crime-examination-feedback-2023-2024.pdf

Executive Summary

• The Jersey Financial Services Commission's (JFSC) Financial Crime Examination Unit (FCEU) conducted examinations from Q4 2023 to the end of 2024, focusing on supervised persons' compliance with anti-money laundering, counter-terrorist financing, and counter-proliferation financing (AML/CFT/CPF) regulations.
• THE REPORT IS HERE https://www.jerseyfsc.org/media/l04nx0uc/financial-crime-examination-feedback-2023-2024.pdf  
• The feedback paper highlights key findings, common deficiencies, and good practices to help supervised entities strengthen their systems and controls to prevent and detect financial crime.
• Key findings include
• Deficiencies in corporate governance,
• Ineffective compliance monitoring programs (CMPs),
• Inadequate resourcing of the Money Laundering Compliance Officer (MLCO) and
• Money Laundering Reporting Officer (MLRO) roles, and
• Lapses in ongoing monitoring and SAR processes.
• The report emphasises the importance of robust, tailored controls to maintain Jersey’s reputation as a well-respected international finance centre (IFC).

Key Statistics

• Examinations Conducted: 25 examinations, with an average of 4.5 findings per examination.
• Total Findings: 113 findings across all examinations, with two examinations having no findings.
• Sectors Examined: Banking, Accountancy, Investment Business, Law Firms, Financial Services Business, and Trust Company Service Providers, with varying numbers of findings per sector.

Key Findings (What is Not Good)

The examinations identified several recurring and high-risk deficiencies across supervised entities:

1. Corporate Governance (Section 2 of the Handbook):
• Ineffective Risk Appetite Statements: Many statements were vague, unrealistic (e.g., claiming zero tolerance for financial crime risk), or failed to address all relevant risks, such as terrorist financing and proliferation financing.
• Outdated Business Risk Assessments (BRAs): Some BRAs were not regularly updated, increasing the risk of undetected emerging threats.
• Lack of Board Oversight: Inadequate oversight of compliance and risk issues by boards, leading to delayed or insufficient action to address financial crime risks.
• Non-Tailored Compliance Monitoring Programs (CMPs): CMPs were often not risk-based or informed by BRAs, resulting in inadequate testing of controls.
• Outdated Policies and Procedures: Policies were not consistently reviewed, updated, or applied, increasing the likelihood of regulatory non-compliance.
2. MLCO/MLRO Roles:
• Inadequate Resourcing: Compliance functions were under-resourced, leading to incomplete or ineffective tasks critical to preventing financial crime.
• Lack of Independence: MLCOs/MLROs were sometimes involved in customer-facing or operational tasks, compromising their objectivity.
• Insufficient Oversight of DMLROs: Lack of documented oversight by MLROs over Deputy MLROs (DMLROs) in handling SARs, increasing the risk of inconsistent reporting.
3. Identification Measures (Sections 3, 4, 5, and 7):
• Weak Customer Risk Assessments: High-risk factors (e.g., connections to high-risk jurisdictions) were not adequately reflected in risk scoring, leading to undercalculated risk ratings.
• Inadequate Knowledge of Customers: Deficiencies in understanding the source of funds/wealth, especially for legacy customers.
• Politically Exposed Persons (PEPs): Failure to identify PEPs or apply enhanced CDD (ECDD), and improper declassification of PEPs without due consideration.
• Misuse of Exemptions: Exemptions were applied without meeting conditions or documenting rationale, particularly for high-risk customers.
4. Ongoing Monitoring (Section 6):
• Backlogs in Periodic Reviews: Delays in conducting reviews, especially for high-risk customers, and reviews not conducted at appropriate intervals.
• Incomplete Periodic Reviews: Reviews often failed to cover all risk factors, such as changes in jurisdictional risk.
• Ineffective Customer Screening: Lack of screening, inadequate screening processes (e.g., discounting adverse media hits), and untested screening systems.
5. Suspicious Activity Reporting (Section 8):
• Incomplete SAR Records: SAR registers and internal SAR (iSAR) forms lacked critical details, such as the date suspicion arose or the reporter’s role.
• Delayed Reporting: Untimely submission of iSARs and external SARs (eSARs), hindering prompt action on suspicious activities.

Recommendations

Supervised persons should take the following actions to address deficiencies and enhance compliance:

1. Strengthen Corporate Governance:
• Develop clear, realistic risk appetite statements that cover all relevant financial crime risks and are regularly reviewed by senior management.
• Ensure BRAs are updated regularly to reflect emerging risks and are supported by tailored mitigating controls.
• Enhance board oversight by documenting discussions, challenges, and action points in meeting minutes, with transparent processes to track remediation.
2. Enhance MLCO/MLRO Effectiveness:
• Allocate sufficient resources to compliance functions to ensure critical tasks are completed effectively.
• Implement robust measures to ensure MLCO/MLRO independence, such as separating compliance from business development roles.
• Establish regular oversight meetings between MLROs and DMLROs to ensure consistent SAR handling, with documented outcomes.
3. Improve Identification Measures:
• Adopt a risk-based approach to customer risk assessments, ensuring high-risk factors significantly influence risk ratings.
• Maintain comprehensive customer profiles with up-to-date CDD/ECDD, source of funds/wealth, and risk ratings.
• Implement transparent processes for identifying and monitoring PEPs, including documented rationale for ECDD and declassification.
• Ensure exemptions are only applied when conditions are met, with documented rationale and periodic reassessment.
4. Strengthen Ongoing Monitoring:
• Address periodic review backlogs by prioritising high-risk customers and establishing escalation processes for overdue reviews.
• Ensure periodic reviews cover all risk factors and trigger updates to customer risk ratings or due diligence as needed.
• Implement robust, tested screening processes with clear policies, documented search details, and rationale for discounting hits.
5. Enhance SAR Processes:
• Update SAR policies and templates to include all required details, such as the suspicion date and the reporter’s role.
• Ensure timely submission of iSARs and eSARs, with comprehensive investigations and documented timelines by MLROs/DMLROs.
• Provide clear guidance to employees on interacting with customers post-SAR and maintain records of relevant customer activity.

Best Practices

The following good practices were observed or recommended to strengthen compliance:

1. Corporate Governance:
• Assign specific senior management responsibility for each risk area in the BRA.
• Ensure senior management understands BRA risks and related controls.
• Maintain detailed board meeting minutes documenting discussions, challenges, and conclusions.
• Track CMP testing priorities based on BRA risks, with annual reviews and reporting to senior management.
• Maintain an index of policies with review schedules and responsible individuals.
2. MLCO/MLRO Roles:
• Document and regularly review conflicts of interest for MLCOs/MLROs, with risk-rated mitigants.
• Hold regular MLRO-DMLRO oversight meetings to discuss SARs and workload.
• Include standing agenda items for MLCO/MLRO board reports.
3. Identification Measures:
• Establish escalation processes or committees for high-risk customer onboarding and monitoring.
• Maintain comprehensive customer profiles with verified sources of funds/wealth and risk ratings.
• Keep updated PEP registers with clear rationales for classification and ECDD measures.
• Document transparent processes for PEP declassification.
4. Ongoing Monitoring:
• Align periodic review frequency with customer risk ratings (e.g., annual reviews for high-risk customers).
• Track and escalate overdue periodic reviews, prioritising high-risk clients.
• Test screening systems for effectiveness before implementation and periodically report results to senior management.
• Document screening details, including who conducted searches and rationales for discounting hits.
5. Suspicious Activity Reporting:
• Ensure iSARs include comprehensive details of suspicion and rationale.
• Conduct thorough MLRO/DMLRO investigations with documented timelines and conclusions.
• Place alerts or restrictions on customer profiles post-ISAR and maintain records of subsequent activity.

Conclusion

• Supervised persons must proactively address these findings by reviewing their systems and controls against the JFSC’s feedback, implementing robust remediation plans, and adopting best practices to ensure compliance with Jersey’s AML/CFT/CPF framework.
• The FCEU’s ongoing enhancements, such as new report formats and increased desk-based examinations in 2025, aim to support compliance efforts further.
• Feedback from supervised persons is encouraged to improve future processes.

READ THE FULL FEEDBACK PAPER

https://www.jerseyfsc.org/media/l04nx0uc/financial-crime-examination-feedback-2023-2024.pdf