JFSC CLASS G trust company business examination feedback Issued on 01 July 2024

In 2023, the JFSC undertook a thematic examination of natural persons regulated to provide director services under the Financial Services (Jersey) Law 1998 [CLASS Gs]

The scope of the review assessed licence holders’ compliance with certain essential parts of:

1. The JFSC trust company business code
2. Money Laundering (Jersey) Order 2008 [the order]
3. The JFSC AML/CFT/CPF code

Class G licence holders should now consider the findings and best practices highlighted in this feedback against their arrangements.

During the examination,

• The JFSC identified X35 findings and X135 observations across X9 key areas, as summarised below.
• Findings relate to a failure to demonstrate full compliance with obligations.
• Observations are areas that fall below the JFSC expectations or are not in line with the terms or spirit of the JFSC published guidance.

When reading the findings, the JFSC Guidance note is referenced throughout - The JFSC Guidance Note: Natural Persons carrying on a single class of Trust Company Business.

Please note that there are X3 versions up to 2018.

• 2009 - https://www.jerseyfsc.org/industry/guidance-and-policy/natural-persons-carrying-on-a-single-class-of-trust-company-business/
• 2009 – revised 2010 - https://www.jerseyfsc.org/media/4810/gn-natural-persons-carrying-on-activity-of-director.pdf
• 2009 – REVISED 2018 = https://www.jerseyfsc.org/media/2663/gn-natural-persons-carrying-on-single-class-tcb.pdf

4.1 Business risk assessments

Licence holders must

• Conduct and record a business risk assessment, which must be specific to their services and customers.
• Consider, on an ongoing basis, their risk appetite and the extent of their exposure to financial crime risks from the directorships they hold.

In line with the guidance note, business risk assessments should include:

• Operational risks
• Economic and market exposures
• Geographical risks
• The risk of a licence holder’s services being used to facilitate financial crime.

Good practice

A business risk assessment should:

• Record the methodology for how the licence holder manages and mitigates exposure to financial crime risk in the context of their directorships.
• Differentiate, where relevant, between services which are provided in conjunction with another regulated services provider and those which are not
• Identify the highest-risk areas.
• Document the events or triggers which would prompt a review of existing systems and controls.
• Record updates and changes made to the business risk assessment, including the date of changes (for example, through tracked changes or version control)
• Explain the financial crime risks and how they are rated (for example, high/medium/low) in the context of services provided to customers.

For more information on licence holders’ business risk assessment obligations, see:

• Business risk assessment
• https://www.jerseyfsc.org/protecting-the-public/retail-business-accepting-large-sums-of-cash/business-risk-assessment/
• 2022 AML/CFT business risk assessment and formal AML/CFT strategy feedback
• https://www.jerseyfsc.org/industry/examinations/2022-amlcft-business-risk-assessment-and-formal-amlcft-strategy-feedback/

4.2 Ongoing monitoring

Licence holders must scrutinise their business relationships. The licence holder must

• Ensure that their customer’s activity is consistent with the licence holder’s knowledge and understanding of the customer and its intended activities.
• This scrutiny includes reviewing the customer’s business and risk profile.

The JFSC identified four findings related to failings to monitor or screen customer activity, which spanned.

• Not undertaking any monitoring or periodic reviews for appointments
• Over-reliance on personal and business relationships (for example, being too comfortable that associates and/or other board members were well-known to licence holders)
• Not applying any ongoing monitoring measures, such as adverse media screening

In line with provisions set out in the guidance note,

• Licence holders providing services jointly with a JFSC-regulated fund services business or trust company business deferred to the regulated business’s ongoing monitoring processes to meet their obligations to varying degrees.

Good practice

• Set up Google alerts or other notification alerts concerning beneficial owners and/or controllers of the companies for which director services are provided.
• Where viable, subscribe to an automated screening tool.
• Understand what “red flags” to look out for and what search terms to use for open-source searches.
• Where you rely on a regulated service provider’s systems and controls, have an explicit, documented agreement that articulates what is and is not included in the services agreement, in line with the guidance note.

For more information on licence holders’ ongoing monitoring obligations, see page 14 of

• the JFSC  financial crime examinations feedback from 2022 examinations.
• https://www.jerseyfsc.org/industry/examinations/financial-crime-examinations-feedback-from-2022-examinations/

4.3 Reporting suspicions or knowledge of money laundering, terrorist financing, proliferation financing

Licence holders

• Must report knowledge or suspicion of money laundering, terrorist financing and/or proliferation financing under the Proceeds of Crime (Jersey) Law 1999 and the Terrorism (Jersey) Law 2002.
• Who fail to report knowledge or suspicion of money laundering, terrorist financing and/or proliferation financing are liable to imprisonment of a term not exceeding five years and/or a fine.

The order sets out the obligations of a licence holder to establish and maintain procedures for complying with their reporting obligations, which include.

• Reporting knowledge or suspicion to the Financial Intelligence Unit, Jersey (FIU), as soon as practicable.

Good practice

• Policies and procedures clearly articulate how and when knowledge or suspicion of financial crime should be reported to the FIU, along with a documented register of any filings noting the date on which the knowledge or suspicion came about and the date the report was filed.

For more information on licence holders’ obligations to report knowledge or suspicion of money laundering, terrorist financing and/or proliferation financing, see:

• The JFSC  financial crime webpage
• https://www.jerseyfsc.org/industry/financial-crime/
• Additional information sources – ML / PF / TF
• https://www.jerseyfsc.org/industry/financial-crime/additional-information-sources-ml-pf-tf/
• AML/CFT/CPF Handbook - Section 8
• https://www.jerseyfsc.org/media/7423/section-8-clean-270224.pdf
• States of Jersey Police - Suspicious activity reports
• https://jersey.police.uk/about-us/departments/financial-crime-%28jfcu%29/suspicious-activity-reports/

4.4 Reporting about sanctions

In addition to filing suspicious activity reports with the FIU, Licence holders must comply with specific reporting obligations concerning sanctions under the Sanctions and Asset-Freezing (Jersey) Law 2019.

In particular, they must report any attempts to breach or circumvent sanctions to the Minister for External Relations.

A person guilty of an offence under the sanctions law is liable on conviction to imprisonment and/or a fine.

Good practice

Policies and procedures clearly articulate how and when sanctions breaches should be reported to the Minister of External Relations, along with a documented register of any filings

For more information on licence holders’ obligations to report sanctions matches, see:

• AML/CFT/CPF Handbook - Section 8
• https://www.jerseyfsc.org/media/7423/section-8-clean-270224.pdf
• The JFSC  sanctions webpage
• https://www.jerseyfsc.org/industry/international-co-operation/sanctions/
• the Government of Jersey’s sanctions webpage
• https://www.gov.je/Government/Departments/JerseyWorld/pages/sanctionsfaq.aspx

4.5 Continuous professional development

Licence holders are registered and, therefore, not considered trust company business employees for the trust company business code.

However, the guidance note clarifies that licence holders are still subject to the same obligations concerning CPD as trust company business employees.

Good practice

• Use professional standards bodies’ websites, applications and/or portals to adequately record CPD.
• Documenting an appropriate level of detail relating to the content of the training undertaken

4.6 Insurance arrangements

Licence holders

• Are required to maintain and demonstrate the existence of adequate insurance arrangements.
• Must always maintain adequate insurance coverage commensurate with their business activities.

Professional indemnity insurance must cover negligence, errors, and omissions by the licence holder wherever they provide their services.

• Section 5.2.4 of the trust company business code includes further information on the required terms of this insurance.

The guidance note states the limits of professional indemnity insurance cover required by licence holders, which differs from those in the trust company business code. It confirms that licence holders should have:

• Directors’ and officers’ insurance cover – this can be through their policy, as an extension of another’s policy (for example, a regulated service provider’s policy or the customer’s policy), or a combination of both
• Professional indemnity insurance covers when exercising an executive function (such as being a signatory to a bank account belonging to the customer) – this can be through their policy or as an extension of another’s policy covering the services provided by the licence holder.
• Licence holders must ensure the protection meets requirements set out in the guidance note regarding the minimum level of cover (£1,000,000) and the maximum permitted excess (£20,000). Licence holders must notify us of any excess over £20,000.

Good practice

• Licence holders document that insurance arrangements are adequate to cover each directorship they hold.
• Licence holders review on an annual basis (for example, at the point of renewal) the scope of the insurance arrangements to ensure the total cover remains commensurate with the services being provided.

4.7 Record-keeping

• Record-keeping obligations are included in the order, the AML/CFT/CPF code and the trust company business code.
• The order requires a retention period of five years from the termination of a business relationship for all documentation, data and evidence about applied customer due diligence measures and transaction records.
• The handbook sets out specific obligations for record-keeping relating to evidence of identity (customer due diligence measures), transaction records, corporate governance, identification measures and ongoing monitoring, suspicious activity reports, screening, and access to records.
• The trust company business code sets out obligations regarding business and customer records and includes provisions covering all documents.
• During the examination, the JFSC asked licence holders about their record-keeping arrangements. The JFSC asked about the following:
• The testing arrangements for access to records held by a third party.
• How long were records retained after the termination of the business relationship?

The arrangements in place to access records held by a third party following the termination of a business relationship

Good practice

• Engagement letters or service agreements with customers or other regulated service providers expressly state the retention periods for documentation and a contract that the licence holder will continue to access the information and documentation throughout that retention period.

SOURCE

• https://www.jerseyfsc.org/industry/examinations/2023-natural-persons-undertaking-class-g-trust-company-business-examination-feedback/