The JFSC says it has improved its approach to examinations on October 13.

The JFSC has recently revised its approach to examinations, following your feedback and recommendations from the MONEYVAL Mutual Evaluation Report.

To make the JFSC  examination reports and outcomes clearer, the JFSC  have:

1. Added risk ratings to reports using a new methodology 
2. simplified reports to make them easier to understand
3. reviewed and developed the JFSC  risk-based approach to assessing examination outcomes

The JFSC says

1. Including risk ratings in reports will support you in prioritising high-risk areas for remediation and how the JFSC  may respond. T
2. The JFSC has also developed the JFSC approach to assessing whether an examination's outcome is potentially serious. 
3. Next steps - The enhancements will enable us to achieve consistency in the JFSC assessment of firms and support our delivery of risk-based supervision.

Summary of updates

The JFSC  have:

• Added risk ratings of findings to reports
• Simplified reports to include:
  • A more concise executive summary
  • The objectives of the examination team in relation to each focus area examined
  • A matrix showing the risk rating associated with each finding
  • Better use of tables and appendices to present data
  • Simplified presentation of obligations

Rating examination findings

Findings will be rated as:

• Minor: systems and controls are assessed as being substantially effective
• Moderate: systems and controls are assessed as being moderately effective
• Major: systems and controls are assessed as being ineffective

The JFSC  rating methodology is based on a combination of the inherent risk attached to the associated obligation and the entity’s level of compliance with the obligation, as determined during the examination.

https://www.jerseyfsc.org/industry/examinations/examination-findings-and-ratings-methodology/

Inherently higher-risk obligations versus inherently lower-risk obligations.

• Failure to comply with an inherently higher-risk obligation increases the likelihood of financial crime, conduct or prudential risk occurring to a greater extent than non-compliance with inherently lower-risk obligations.
• Ratings provide visibility into the degree of risk, enabling remediation activities to be prioritised in higher-risk areas.

Responding to the outcome of an examination

• The JFSC has developed the JFSC approach to assessing whether an examination's outcome is potentially serious.
• An examination may uncover several issues with different degrees of risk.
• If any findings pose a moderate or significant risk, the JFSC  will consider the potential seriousness of the examination outcome. In limited cases, a single finding may be regarded as serious, even if others are less significant.

Assessing seriousness

• The JFSC's usual approach is to assess seriousness holistically. The JFSC  do this by considering a range of factors relevant to the entity and the examination findings, which may increase or decrease the risks presented. 

Factors include, but are not limited to:

• Customer base: the nature of an entity’s customer base may impact the level of risk presented by non-compliance or partial compliance. For example, suppose an entity has a predominantly high-risk customer base and is operating deficient systems and controls. In that case, it may be unable to manage the risks it faces through its customer relationships effectively.
• Regulatory history: a poor regulatory history may indicate ongoing challenges in an entity’s ability to operate compliantly. It may also indicate broader risks existing in the entity’s business or root causes that the entity has not previously addressed. This may include a poor compliance culture or dominant director behaviour.
• Repeat findings: repeat findings or breaches indicate previous remediation has been ineffective or not maintained. This may create the risk of an entity remaining in a long-term or perpetual state of non-compliance or partial compliance.
• Systemic risks: deficiencies that are not isolated to one or two instances may indicate systemic issues and risks in an entity’s business. For example, the same deficiency repeated in multiple customer records likely indicates widespread non-compliance and may result in a heightened risk exposure.
• Business model factors: an entity’s business model may impact its ability to operate compliantly and identify and manage risks effectively. For example, outsourcing compliance activities may increase the risk of non-compliance where management oversight is limited. This may lead to ineffective risk identification and management.

Once the JFSC  have identified and considered the relevant factors, the JFSC  can identify the risks that may impact the JFSC's guiding principles.

The overarching risk types are:

• Financial crime risk
• Conduct risk
• Prudential risk

From here, the JFSC  will consider the degree of risk presented by considering the extent to which the findings, resultant breaches (if applicable) and contextual factors result in the entity being:

• Under-informed about the risks it faces
• Unable to adequately monitor the risks
• Unable to adequately manage or mitigate the risks

If the JFSC concludes that an examination has a potentially serious outcome, the JFSC will consider its next steps, as set out below.

Responding to a potentially serious outcome

• Once the JFSC has determined that a potentially serious outcome exists, the JFSC will verbally inform the entity.
• This will usually occur at a meeting after the on-site examination. At this stage, the examination findings are in draft, pending a factual accuracy review by the entity.
• The JFSC maintains an open mind that the draft findings could change and, consequently, so may The JFSC's view of the potential seriousness.
• If the examination outcome is still considered potentially serious after the report is finalised, the JFSC  will put a regulatory strategy in place. This strategy will outline how The JFSC proposes to manage and mitigate risks in line with The JFSC's guiding principles.

The strategy could include:

• Enhanced supervision: increased supervisory engagement and focus, including more frequent meetings and regular reporting of data relevant to the risks identified.
• Engagement of heightened risk response (HRR): HRR is primarily, although not exclusively, engaged to respond to serious deficiencies or regulatory concerns. HRR is often involved to oversee entity remediation and arrangements for post-remediation effectiveness testing. Where appropriate, HRR will use the JFSC  regulatory toolkit.
• The regulatory toolkit: regulatory tools are designed to be dissuasive and effective in managing and mitigating risks or may be used to obtain further information relevant to the JFSC  supervisory function.
• Examples of the types of regulatory tools the JFSC uses include:
  • A direction requiring an entity to undertake a specific action or activity or requiring it to refrain from doing so.  Directions can help us manage an entity’s risk exposure and ensure its board and senior management focus on remediation.
  • A written warning regarding the potential risk of a civil financial penalty should an entity fail to effectively and sustainably remediate contraventions of the Money Laundering Order or Codes of Practice.
  • A legal notice which requires an entity to engage a regulatory consultant to test that the remediation it has performed in response to examination findings is effective and sustainable.
• Referral to Enforcement:

• The JFSC  Enforcement team investigates actual and potential cases of serious non-compliance.
• Where appropriate, Enforcement will take or propose action against an entity or individuals.

The tools used will be tailored to the identified risks or issues and will vary from case to case.

Examination findings and ratings methodology

• Issued 13 October 2025
• Examination findings and ratings methodology

Findings matrix

Obligation risk

Failure to comply with an inherently higher-risk obligation increases the likelihood of financial crime more than non-compliance with inherently lower-risk obligations.

Low: Non-compliance with obligations may increase the likelihood of financial crime, conduct, or prudential risks. 

Medium: non-compliance with the obligations increases the likelihood of financial crime, conduct or prudential risks occurring.

High: Non-compliance with obligations substantially increases the likelihood of financial crime and prudential risks occurring.

Level of compliance

This is based on your level of compliance with the obligations.

Largely compliant: minor shortcomings identified.

• The supervised person has met most requirements, and/or deficiencies are considered not material - [1].
• [1] The determination of whether deficiencies are material is based on the impact on the entity of a risk arising from those deficiencies.
• Some enhancements or remediation are required to comply with legal and/or regulatory requirements fully.

Partially compliant: moderate shortcomings identified.

• The supervised person has not met several requirements, and/or deficiencies identified are considered material - 1. 
• [1] The determination of whether deficiencies are material is based on the impact on the entity of a risk arising from those deficiencies.
• The supervised person cannot demonstrate full compliance with legal and/or regulatory requirements and may be in breach of its statutory obligations. Substantial remediation is required to achieve full compliance with legal and/or regulatory requirements.

Not compliant: significant shortcomings identified.

• The supervised person has not met many of the requirements and/or material 
• [1] The determination of whether deficiencies are material is based on the impact on the entity of a risk arising from those deficiencies.
• Deficiencies have been identified which may be considered serious. The supervised person is in breach of its statutory obligations. Fundamental remediation is required to comply with legal and/or regulatory requirements fully.

Financial crime, conduct and prudential risk rating

Minor (yellow): systems and controls are assessed as being substantially effective. The supervised person can demonstrate that they have a generally sound understanding of the risk they face, but enhancements would assist them in monitoring it more effectively and managing or mitigating it. Some improvements to existing systems and controls are required to address the identified findings.

Moderate (amber): systems and controls are assessed as being moderately effective. The supervised person cannot demonstrate a comprehensive understanding of the risks they face, increasing the likelihood that they will be unable to monitor, manage, or mitigate the risks effectively.  Substantial remediation is required to address the findings adequately.

Primary (red): systems and controls are assessed as being ineffective. The supervised person has a limited understanding of the risk it faces, which prevents it from effectively monitoring, managing, or mitigating it. Fundamental remediation is required to remedy findings identified comprehensively.

Financial crime risk: the risk of financial crime occurring.

Conduct risk: the risk of poor outcomes for customers, harm to market integrity and/or trust in the financial system being damaged.

Prudential risk: the risk of firms becoming financially unsound.

SOURCES

• https://www.jerseyfsc.org/news-and-events/The JFSC -improved-approach-to-examinations/
• https://www.jerseyfsc.org/industry/guidance-and-policy/The JFSC -approach-to-examinations-and-the-assessment-of-examination-outcomes/
• https://www.jerseyfsc.org/industry/examinations/examination-findings-and-ratings-methodology/