Print Article

Guernsey Consultation on Independent Audit, Business Risk Assessments and VASPs


28th March 2023 a GFSC consultation paper has been issued on proposed amendments to Paragraphs 3 and 15 of Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 as amended (“Schedule 3 to the Law”) and associated rules and guidance in the Handbook on Countering Financial Crime and Terrorist Financing in relation to

  • An independent audit function and
  • Business risk assessments.
  • Virtual assets

The GFSC is also taking the opportunity also to consult on proposed changes to the rules and guidance regarding a firm’s policy for reviewing compliance.

  • These changes are to clarify that a firm’s policy for reviewing compliance should set out how it will monitor that it follows Schedule 3 and the Handbook.

The consultation includes.

Business risk assessment

  1. The proposed amendment to paragraph 3(3) of Schedule 3 would introduce a requirement for a firm’s business risk assessment to include.
    • Consideration of the implications and risks to its business of the predicate crimes specified in the NRA as presenting a high or higher risks of the Bailiwick being used for ML or TF. This is aimed at ensuring, and demonstrating, that Guernsey is expressly taking account of the risks in the NRA report published in 2020 and the forthcoming update to that report.
  2. The Commission proposes to extend rule 3.36, which already requires firms to take account in their business risk assessments of the relevance to their business of the risks identified in the NRA, for firms to include.
    • Bribery,
    • Corruption and
    • Fraud (including tax evasion).
    • Consideration of all primary ML and TF risks identified in the NRA including specifically.
    • The purpose of this is to highlight more forcefully that the main areas of risk must be considered in these assessments.
  3. There is proposed additional guidance in this chapter on the relevant risk factors firms should be considering.
  4. The Commission is also proposing to introduce a new rule (rule 3.53) to make clear that a firm’s reviews of its business risk assessment must be recorded, as supervisory findings have indicated that some firms could not evidence this.

Independent audit function

  1. The Financial Action Task Force (“FATF”) standards on combating ML and TF and financing of proliferation of weapons of mass destruction include a recommendation that firms should be required to implement programmes against ML and TF, which have regard to the ML and TF risks and the size of the business, and which include an independent audit function to test the firm’s AML/CFT controls.
    • Considering this reference to independent audit, some enhancement is needed to Schedule 3 and the Handbook.
  2. The proposed amendments to paragraphs 3 and 15(1)(ba) of Schedule 3 and associated amendments of chapter 2 of the Handbook would introduce a requirement for
    • A firm to establish an independent audit function (where appropriate, having regard to the ML and TF risks, and the size and nature, of the specified business in question) for the purposes of evaluating the adequacy and effectiveness of the policies, procedures and controls adopted by the specified business.
  3. The proposed amendments to chapter 2 of the Handbook provide guidance on
    • The circumstances when a firm would be expected to establish an independent audit function, and
    • Set out what arrangements would constitute an independent audit function and what such an audit should cover.
  4. It will not be mandatory for any one sector to have an independent audit function to maintain a risk-based approach.
  5. However, by way of enhancement of the existing approach, the proposed draft rules would make mandatory:
    • For every financial services firm and prescribed business which has no audit function falling within the arrangements described, to consider annually whether to establish such a function and where it decides not to,
  1. Clearly documenting what the reasons are for making that decision (rule 2.28 refers),
  2. The factors which a firm must consider in determining whether to have an independent audit function (rule 2.24 refers), and
  • Ensuring independence within any internal audit function which it establishes (rule 2.23 refers).
  1. In developing this approach, the Commission has considered the large number of financial services and prescribed businesses which have an independent audit function falling within the arrangements described in the draft guidance and sectoral guidance papers on the risk-based approach issued by the FATF, as well as discussions with representatives of the fiduciary and investment sectors in developing the rules and guidance.
  2. The changes proposed are pitched at meeting the FATF standards, to assist firms in properly applying a risk-based approach, and are compatible with the measures adopted in other jurisdictions such as the UK, Jersey, and the Isle of Man.

Virtual Assets

  • Further development of the regulatory framework for virtual assets service providers proposed in a draft ordinance to the Law which will provide for the information requirements for virtual asset transfers,
  • The introduction of a £1,000 threshold on virtual asset transactions over which customer due diligence will be required and extension of the definitions of “funds” and “property” to specifically include virtual assets.

The consultation paper and associated draft legislation and Handbook changes can be found on the Commission’s Consultation Hub. Responses are sought by 25 April 2023.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email