JFSC publish an AML Business Risk Assessment guide [but you have to find it]
The JFSC recently updated its website with AML Business Risk Assessment guide. Oddly it is found in a hidden part of the JFSC website
- Home / Protecting the public / Retail business accepting large sums of cash / Business Risk Assessment
Its target audience is the Schedule 2 Business who are ‘supervised persons’ for the Proceeds of Crime (Jersey) Law 1999 (the Proceeds of Crime Law).
- PART A - BUSINESS REGULATED BY THE COMMISSION UNDER REGULATORY LAWS
- PART B - OTHER BUSINESS [EG lawyers/estate agents/accountants/high-value dealers etc.]
I AM PLEASED TO ADVISE THAT THE COMSURE BRA MODEL MEETS ALL THE PARAMETERS LAID OUT BELOW – IF YOU WANT A METHODOLOGY FOR A BRA [and CRA], CALL COMSURE NOW
- The following is the JFSC Guide [please note Comsure has made a few cosmetic amends for drafting purposes]
WHAT IS A BUSINESS RISK ASSESSMENT (BRA)
- A Business Risk Assessment is a strategy document that helps protect your business from being exposed to money laundering (ML) and terrorist financing (TF).
- It comprises an assessment of how exposed the business may be to certain financial crime threats and sets out how these threats and the associated risks of them occurring are mitigated and reduced.
- Effectively, it establishes the business’ formal approach to managing ML and TF risk daily.
- Note that a BRA differs from a customer risk assessment (CRA).
- A CRA is required for each customer (business relationships and one-off transactions) and enables a business to evaluate the risk of ML and TF posed by each customer.
WHY YOUR BUSINESS NEEDS A BRA
- You are therefore required to prepare a BRA demonstrating your systems and controls to counter ML and TF risks and make it available to us on request.
- The BRA sets out how you plan to comply with Jersey’s anti-money laundering and countering terrorist financing legislation (AML/CFT) and regulatory requirements.
- The BRA should be able to demonstrate to relevant authorities that your business has suitable systems and controls in place, with proper consideration of the risks posed to your business.
- The BRA should be updated and communicated with your staff regularly.
- The BRA will assist with future planning for the business.
PRESENTING YOUR BRA – USE EXCEL (OR SIMILAR SPREADSHEET SOFTWARE).
In terms of structure, a BRA [and CRA] is often set out as a table in Microsoft Excel (or similar spreadsheet software).
- [OR YOU WILL USE COMSURES ITRACK]
- EXCEL / SOFTWARE is one of the clearest ways to document and rate multiple risks.
- It allows you to show how risks are either not applicable to a business or are mitigated by the controls put in place.
- For businesses with various customer types and/or activities, spreadsheets can enable them to apply calculations and, when necessary, to develop other approaches using their spreadsheet as a first step.
WHAT SHOULD YOU CONSIDER WHEN PREPARING YOUR BRA
KEY AREAS YOUR BRA SHOULD COVER
Before you start your BRA, you should consider the following:
- Size and complexity of your business,
- Your day-to-day activities,
- Who your customers are,
- What kind of payments you receive.
The JFSC expect your BRA to document [at a minimum] your business.’
- Organisational structure
- Customers, and the countries and territories with which its customers are connected
- Products and services, and how you deliver those products and services
- Use of cash in your business transactions and whether there is a limit to cash usage
- Criteria for obtaining information from a client whose cash payment exceeds a certain threshold (either in a single transaction or several transactions which appear to be linked)
It should also document the following:
- How you plan to stay aware of the various kinds of criminal activities related to ML and TF – criminals evolve their tactics and activities over time to try to get around a business’ defences
- A record of your staff training on understanding and identifying ML and TF risks, suspicious transactions and activity, and potential threats to your business
- How will you test the knowledge and understanding of your staff regarding the above points?
The BRA needs to include reference to staff training on:
- How to make internal Suspicious Activity Reports (SARs) to the businesses’ Money Laundering Reporting Office (MLRO)
- How these SARs are escalated to the Joint Financial Crimes Unit (JFCU, an arm of the States of Jersey Police), and the process surrounding submission, including the area of “tipping off.”
- Who decides whether SARs should be sent to the JFCU
- And how customers are approached if a SAR connected to them has been filed.
- This relates specifically to the area of “tipping off” - see the States of Jersey Police website
States of Jersey Police - Tipping off, production orders, liaison notices and saisie judiciaires.
A BRA should consider the business as a whole.
- The assessment must consider the cumulative effect of the identified risks and be kept up to date.
- It may be that a given risk is not deemed applicable (i.e. the risk from customers connected to high-risk countries is minimal due to customers only being local individuals).
- This should still be noted in the BRA to reflect that such a risk has been considered. The BRA should also record how it was decided that the risk was minimal.
Additional areas to consider
- Based on the unique characteristics of your business, you may wish to consider including one or more of the following potential risk areas in your BRA:
- Types of payments you accept (e.g. cash, virtual assets etc.)
- Channels of trading you use (e.g. in person, online etc.)
- The highest amount you are prepared to accept in cash
- Trade finance counterparties (importer, exporter, manufacturer, signatories, shipping companies, freight forwarders, insurance companies, agents and brokers, bookkeepers, IT applications, online payments portals etc.)
- Third parties acting for customers or prospective customers (e.g. introducers of business acting for customers or prospective customers)
- A register of the names and origin/location of your customers/online customers/banks the transactions are made by
- A register of customers with one or multiple transactions with a value over £12,500
- A customer or representative making multiple smaller cash deposits into the business’ bank account
- Your approach to:
- Unusual sales or purchase activities (e.g. delivery methods or payment arrangements that are not consistent with normal practice) or
- unusual enquiries (e.g. regarding the business’ refund policy where a customer is asking if a refund can be made by cheque, wire transfer or paid to a third party).
- Your approach to:
GUIDANCE NOTES AND USEFUL RESOURCES
A range of guidance notes and online resources are available on the JFSC’s and JFCU’s websites:
- Section 2.3.1 of the JFSC’s Handbook for Anti-money laundering and countering terrorist financing = https://www.jerseyfsc.org/industry/financial-crime/aml-cft-handbooks/consolidated-aml-cft-handbook/
- Section 14 of the JFSC’s Handbook = https://www.jerseyfsc.org/media/5911/hb-section-14-estates-agents-and-high-value-dealers.pdf
- Case Studies regarding ML and TF risks that High-Value Dealer businesses might encounter = https://www.jerseyfsc.org/protecting-the-public/retail-business-accepting-large-sums-of-cash/case-studies/
- SAR guidance: States of Jersey Police - Suspicious activity reports = https://jersey.police.uk/about-us/departments/financial-crime-(jfcu)/suspicious-activity-reports/
- JFSC Money Laundering guidance = https://www.jerseyfsc.org/industry/guidance-and-policy/money-laundering/
- JFSC Terrorist Financing guidance = https://www.jerseyfsc.org/industry/guidance-and-policy/terrorist-financing/