Friday 3rd January 2025
Twitter Facebook Twitter LinkedIn RSS

Comsure operates in:the UK, Jersey, Guernsey

Jersey Financial Services Commission (JFSC) Trust Company Business (TCB) 2014 report on its 2013 On-Site visit Examination Programme Summary Findings (part 1)

INTRODUCTION

  1. The JFSC have issued their 2014 Summary Findings following its 2013 On-Site Visit Examination Programme.
  2. The key findings are as follows

KEY FINDINGS

  1. Suspicious Activity Reporting Procedures
  2. Evaluation of SARs and Reporting to the JFCU
  3. Corporate Governance
  4. Delegated functions of the board
  5. Business Risk Assessment and Strategy
  6. Conflicts of Interest
  7. Compliance Function
  8. Compliance Resourcing
  9. Compliance Monitoring
  10. Business Acceptance Systems and Controls
  11. Customer risk management systems and controls
  12. Customer Profiling
  13. Politically Exposed Persons
  14. General systems and controls, policies and procedures
  15. Conduct of Business

These findings are shown below

1. Suspicious Activity Reporting Procedures

  • As a result of the Commission’s focus on the key person functions, the most common finding noted in 2013 related to internal SAR procedures, with just over half of all businesses examined having findings reported.
  • The Commission advised during the course of 2013 that it will continue to focus its attention toward businesses in this area during 2014. Specifically, Commission officers examined the policies and procedures of businesses  that relate to employees’ reporting of suspicions to the MLRO, procedures in respect of evaluation by the MLRO, subsequent recording of that evaluation and thereafter, procedures governing reporting to the JFCU. The procedures were analysed against the provisions set out in sections 6.3.1, 6.3.2 and 6.3.3 of the AML/CFT Handbook.
  • Other factors assessed included,
  • provisions set out under section 6.4 of the AML/CFT Handbook, regarding the “tipping off” provisions set out under the Proceeds of Crime (Jersey) Law 1998 and
  • further provisions under Article 14 of the Money Laundering (Jersey) Order 2008 (the “Money Laundering Order”), where new business has been rejected; customer due diligence (“CDD”) held being deemed inadequate and, pursuant to these factors, whether the customer relationship should be terminated.
  • Accordingly, where gaps were identified in the businesses’ procedures, recommendations were made to remedy the position.

2. Evaluation of SARs and Reporting to the JFCU

  • Specific findings in relation to weaknesses in the evaluation of reports made by the MLRO and subsequent reporting to the JFCU were noted, the majority of which received a higher rating by the Commission.
  • Issues in relation to the timing of acknowledgement of the report by the MLRO to the employee who had made an internal report and evaluation of those internal reports were noted. One such delay in the evaluation of a report and the time taken to externalise the report was several months.
  • In a number of instances it was noted that the evaluation itself was not detailed enough to support the decision made and, in one instance, the basis for determination of the decision was unclear.
  • Several reports had resulted in follow-up action being required by the MLRO, however, there was no evidence that the arising action had been concluded.
  • In one instance,
  • an internal report was discussed by the board, which further concluded that an external report should not be made to the JFCU, despite this decision resting in the ultimate responsibility of the MLRO.
  • In one further case,
  • the recording of the receipt of an internal report was overlooked entirely by the MLRO. As a consequence of this oversight, there was no acknowledgement to the employee who had made the report, the report was not recorded on the SAR register and there was no recorded evaluation of the report by the MLRO.
  • This serious error also demonstrates the need for independent monitoring of this critical key person role.

3. Corporate Governance

  • The Commission noted that the majority of businesses exercise good corporate governance and hence, there are comparatively fewer findings in this area.
  • The Commission did note, in a handful of businesses, that discussions held at board meetings are still not being fully documented.
  • There were also a number of instances where underlying committees did not report back to the board.
  • In one instance, the Commission had cause to raise serious concerns regarding the overarching governance of cross-divisional functions of the business.
  • There was a lack of clarity noted regarding both board interaction and the functions and reporting lines of both its delegated and associated group risk committees.

4. Delegated functions of the board

  • Whilst the majority of businesses were compliant in this area, the Commission noted two instances where there were no set terms of reference for delegated committees of the board.
  • The Commission’s expectation in this area is that terms of reference should set out the overall purpose of the committee, establish specific granted authorities and duties and set out the constitution, quorum and frequency of meetings.
  • As noted above, all delegated committees should, on a regular basis, report back to the board.

5. Business Risk Assessment and Strategy

  • Where businesses had undertaken a business risk assessment and strategy, the Commission made further recommendations where businesses had not fully considered their own book of customers in the context of AML/CFT risk in each of the key areas as set out in the AML/CFT Handbook, namely:
  1. organisational factors;
  2. jurisdiction of customers;
  3. the activities undertaken by customers, including PEP risk;
  4. products and services specific to the business (for example third party director, trustees and signatories); and
  5. delivery of those products or services.

 

  • For trust company business, this frequently related to the delivery of services to non-face to face customer relationships.
  • Other businesses had not considered their own organisation, for example, where branch operations existed, or where outsourcing of key functions was undertaken, these activities were overlooked.
  • Two businesses had not documented the risk of receiving business introductions from shareholders of the business, whilst one managed trust company business had not documented its own business risk assessment and strategy, separate to that of its manager.

One Class O business  had not considered and documented its exposure to AML/CFT risk and strategy.

  • In relation to strategy, recommendations were made for businesses to more closely link the risks identified to specific policies and procedures within their business.

6. Conflicts of Interest

  • Since the publication of the Commission’s Dear CEO letter dated 22 October 2010, conflicts of interest has continued as a focus of the attention of Commission officers during the 2013 on-site examination programme. As a result of this attention, findings in which conflicts of interest featured ranked third overall.
  • This equated to sixteen businesses, or 38% of all examinations receiving findings in this area. Given that this area has been a focus of the Commission since the Commission’s Dear CEO letter, it is disappointing that the level of findings in this area would seem to indicate that both governance and compliance oversight has not given sufficient consideration to what would constitute a conflict of interest within the business and taken the necessary, often simple, steps to document appropriate control mechanisms.
  • Notable findings in this area included:
  1. No documented consideration of potential conflicts where businesses hold multiple licences, such as trust company business, funds services business and/or investment business and provide products and services for customers common to those businesses.
  2. Conflicts of interest where board members held wider interests in customer entities under administration, such as capital investment, the extent of which had not been fully documented by the board and the Compliance Officer.
  3. Consideration of the associated risk to the business where a significant shareholder had introduced customers to the business.
  4. One instance where a non-executive director also maintained a direct relationship with customers of the business.
  5. The impact of close staff relationships, particularly at a senior level.
  6. Conflicting roles of the Compliance Officer, MLCO or MLRO where the individual also held primary customer facing roles or responsibilities.

 

  • In addition, findings in respect of policies and procedures governing conflicts of interest and controls for the ongoing oversight of existing declared conflicts were also identified.

7. Compliance Function

  • Findings noted in this category were largely rated medium to low, albeit findings were noted in one third of the on-site examinations undertaken. The findings in respect of Compliance resourcing were given a higher rating, reflecting their greater significance or greater risk to the business.
  • Generally, findings ranged from inconsistent attendance at board meetings by the compliance officer to incomplete reporting of compliance related matters to the board together with the reporting of out date information.
  • The Commission noted in a number of cases that there were no separate reports of the Compliance Officer, MLCO and MLRO. The Commission recognises that these key person roles are often found to be held by one or two persons within the organisation and that often a combined report is a feature in such cases.
  • Whilst the Commission has no objection to a combined report being drafted, the division of certain matters into the three key areas enables those receiving the reports, to better identify where their ultimate responsibilities rest in terms of the regulatory requirements, essentially, the AML/CFT requirements set out under the Money Laundering Order and the AML/CFT Handbook and the regulatory framework, including the FS(J)L and associated Orders and Codes.
  • Common deficiencies regarding Compliance reporting to the board included an absence of the following matters:
  1. regulatory updates;
  2. progress regarding compliance monitoring,
  3. updated positions regarding the central registers, such as the Exceptions Register; and
  4. information regarding the status of periodic reviews and accounting records for entities under administration.

 

  • In addition, the Commission noted cases where there was no documented discussion by the board of matters brought to their attention by the Compliance Officer. In one instance, the Commission found that there was a lack of clarity across divisional compliance reporting and of further concern, as noted above, was the overall absence of board oversight across the separate functions within the business.

8. Compliance Resourcing

  • Compliance resourcing is, of course, a key area of concern to the Commission. As such, the majority of findings in this area were rated high.
  • A number of indicators were noted as “red flags” during the on-site examinations where compliance resourcing was regarded to be an issue. These included back logs noted in the periodic review cycle; lack of or delays in compliance monitoring; action not taken in respect of regulatory updates; out of date policies and procedures and on-going projects and remediation work not completed.
  • Of greater significance, were the delays and errors noted in the evaluation and determination of SARs where there were additional roles held by the MLRO.
  • Another factor found to have an impact on compliance resourcing featured where the Compliance Officer took on a number of additional responsibilities or roles. Often, these included a customer facing role and fulfilling the role of company secretary to the board. A general lack of support and resourcing to meet the day to day compliance administration for the size of the business was also noted.

9. Compliance Monitoring

  • On 6 December 2013, the Commission issued its Guidance Note in respect of Compliance Monitoring under cover of the accompanying Dear CEO letter, which set out the Commission’s expectation of board oversight of effective compliance monitoring.
  • The Commission’s on-site examination programme continued to focus its attention in this key area and in the majority of cases, the Commission noted that businesses are now undertaking a more effective approach to compliance monitoring than in previous years.
  • The Commission noted however that the majority of findings do mirror the common pitfalls set out in the Guidance Note, where examples of both good practice and poor practice have been provided.
  • Such findings included observing that a compliance monitoring plan (“CMP”) contained a number of compliance tasks rather than a schedule for testing of the operational procedures within the business. Frequently, the CMP had not been approved by the board or delegated committee and there were instances where progress in the completion of the schedule and remediation of compliance findings had not been effectively reported back to the board.
  • In a few instances the scope of testing was found to be lacking in detail and there were further instances where there was no mapping of the regulatory requirements to business procedures.
  • Finally, there were also instances where the Compliance function had tested itself, hence presenting inherent weakness in the evaluations undertaken.

10. Business Acceptance Systems and Controls

  • In respect of business acceptance systems and controls, findings were noted in one in four examinations undertaken.
  • The findings noted in this area ranged in nature and varied from medium to higher risk ratings. A common finding related to procedures not being specific regarding the prescribed enhanced due diligence required for higher risk customers.
  • Another finding related to a lack of cohesiveness where there were separate procedures, checklists and controls utilised in the acceptance of new business, including a committee forum where this had been established to effect business acceptance. A further finding related to an absence of procedure to evaluate the risks in circumstances where an existing customer is subsequently provided with additional or restructured services.
  • The higher rated findings related to two instances where a company had been incorporated on behalf of a customer before the point at which the business recorded its acceptance of the customer.
  • Of the two businesses that had delayed verification of identity, one business had not recorded what level of identification was already held and what additional enhanced customer due diligence would be acceptable for the higher risk customer. In the second example, again, enhanced due diligence was not specified, the risk rating had not been completed and new business process not signed until after the company had been incorporated for the customer.
  • The Commission acknowledges that Article 13(4) of the Money Laundering Order only permits delayed completion of verification requirements if:
  1. It is necessary not to interrupt the normal conduct of business; and
  2. There is little risk of money laundering occurring as a result of completing such verification after establishing the relationship.

 

  • In both instances there were no notable circumstances that indicated that delayed completion of verification was critical to a transaction or the take-on of the customer.

11. Customer risk management systems and controls

  • The Commission noted that the majority of businesses had adopted a risk methodology that suited the needs of the business and the majority of the requirements set out in the AML/CFT Handbook.
  • The Commission made recommendations where the risk assessment had not fully captured all the possible risks associated with the customer, the proposed activities and services provided to the entities under administration.
  • The risks included: size and complexity of assets under management; associated “sensitive activities” as set out under the Commission’s Sensitive Activities Policy; connected third party authorities; jurisdiction risk, as set out under Appendix D of the AML/CFT Handbook, or similar reference; whether tax advice was held to support rationale and whether trading or commission earning activities were undertaken.
  • Accordingly, where associated risks to the business had been identified in the business risk assessment (as noted under section 5.16 of this report), corresponding assessment of the risk, such as jurisdiction of a customer, would need to be captured and assessed in the customer risk assessment.
  • In addition, factors that were not fully accounted for were adverse open source information that had not been documented as having been fully considered, and where the periodic review had surfaced action points that had remained unresolved for a period of time.
  • In addition to the individual associated risk factors noted above, there were also examples where weighting scores had not been high enough to elevate the overall risk score to an appropriate level and, where the risk methodology was regarded as complex, there was no supporting guidance or examples to aid the user in its completion.
  • One business was found to be operating two systems for two separate books of customers, albeit plans had been scheduled to introduce a revised system for 2014.

12. Customer Profiling

  • In respect of customer profiling, two common themes emerged in a handful of businesses. The first related to rationale, where the activity of the customer had been recorded rather than the reason for placing the business in Jersey.
  • The second related to the profile itself, being too vague or brief and not effectively capturing the expected pattern and frequency of transactions.
  • Other aspects included information being recorded in different places, rather than a central point of reference and another instance where a programme for the updating of customer profiles was significantly behind schedule.
  • Where the rationale is recorded as tax planning or tax mitigation, the Commission would expect the business to hold a copy of the tax opinion or advice.

13. Politically Exposed Persons

  • The Commission noted findings where PEPs had been “declassified”, for a number of differing reasons, contrary to the provisions of the Money Laundering Order.
  • Another finding noted that the definition of a PEP was too narrow in that it did not extend to immediate family and close associates, again in contravention of the definition of a PEP set out in the Money Laundering Order.
  • In contrast, another procedure had been widened to include high profile persons and the PEP Register did not distinguished between the two.
  • More commonplace were findings where procedures had not prescribed enhanced due diligence for PEPs.

14. General systems and controls, policies and procedures

  • Finally, it is notable that general systems and controls findings were identified in approximately one third of all businesses which highlights the need for businesses to adopt a proactive approach to keeping policies and procedures up to date with regulatory requirements and day to day operations.

15. Conduct of Business

  • The conduct of business findings present a picture that supports the above systems and controls findings. This is particularly true for business acceptance, customer profiling and customer risk management, where weaknesses in relation to the recorded rationale and CDD were noted.
  • The Commission noted in a number of reviews that tax advice was not held or was out of date.
  • The Commission has raised this point each time in its summary findings and has specifically addressed the matter in its Dear CEO letter dated 13 March 2013 regarding tax schemes.
  • As noted under section 5.58, the Commission would expect businesses to hold a copy of tax advice or opinion where tax mitigation is stated as part of the rationale.
  • This matter will continue to receive the focus of Commission officers during the current 2014 and future on-site examination programmes.
  • Where it has not already done so, business will need to set out its policy regarding tax advice and further undertake to review its customers and document its results, as a minimum, as part of the periodic review cycle.

READ THE REPORT – http://www.jerseyfsc.org/pdf/TCB-2013-examination-feedback-May-2014.pdf

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

May 7, 2014 < Back
WP2Social Auto Publish Powered By : XYZScripts.com