IOM TCSP BRA THEMATIC REPORT – Jan 2024

ISLE OF MAN TRUST AND CORPORATE SERVICE PROVIDER THEMATIC REPORT BUSINESS RISK ASSESSMENT PHASE 2 – INSPECTIONS

The IOM FSA [Authority] has completed a thematic project involving TCSPs and issued its phase 2 report.

• Phase 2, commenced in February 2023, consisted of 70 desk-based inspections of TCSP licence holders focusing on the BRA and their compliance with paragraph 5 of the Code.
• Phase 2 concluded in October 2023, with an individual inspection report issued to each firm inspected.
• The BRA THEMATIC REPORT is issued Jan 2024

The programme

Initially, the Authority gathered data and information on Class 4 (Corporate Services) and Class 5 (Trust Services) licence holders, concluding that a thematic project would be valuable for further connecting with and working with the sector. This has allowed and enabled the Authority to gather further data, assisting in risk assessing the firms and sector, and building knowledge and findings to be fed back into the Handbook, the sector-specific guidance, and the NRA.

The planning for the theme began in 2022, and the background was shared in a press release issued on the Authority’s website on December 20, 2022.

• https://www.iomfsa.im/fsa-news/2022/dec/upcoming-trust-and-corporate-service-providers-amlcft-thematic-project/

The thematic exercise consisted of two core phases. Phase 1 consisted of data collection and analysis regarding business risk assessments (“BRAs”), with a BRA questionnaire being issued to 106 TCSP licence holders for completion.

• https://www.iomfsa.im/media/3105/iomfsa-tcsp-bra-questionnaire-2023.xlsx

A report outlining the results of Phase 1, the Authority’s observations on the data, and some subsequently identified best practice points regarding the BRA was published on 12 July 2023 and can be found here.

• https://www.iomfsa.im/media/3180/tcsp-thematic-report-phase-1.pdf

REPORT OUTCOMES

The overarching report outlines the project's results from Phase 2, highlighting some learning points and areas of best practice.

• A relevant person’s BRA is vital to evidence their understanding of the risks they face. It is also a key tool for establishing and documenting a robust compliance and risk management framework to detect and prevent ML, FT, FC, and PF.
• The BRA should serve a purpose and must be used by the business to inform its approach to AML/CFT frameworks and mitigation.
• The BRA  must be continuously worked upon and reviewed when circumstances change or new threats emerge.
• The business functions and BRA must work together in a continuous feedback loop to be effective.
• Relevant persons should also consider whether each risk factor recorded within the BRA should be calibrated or weighted differently, depending on how the relevant person assesses each of the various factors.

Read the report.

https://www.iomfsa.im/media/3232/tcsp-thematic-report-phase-2.pdf