The GFSC have issued a FAQ to answer the following question

• Can I rely on a 3rd party to perform my AML Compliance Function?

A business may outsource a function which forms a part of its compliance arrangements designed to deter, forestall and prevent financial crime.

Guidance on the factors which a business should consider when entering into such an arrangement can be found in section 2.3 of the Handbooks.

Engagement of External Service Providers

1. Regulation 15 of the AML/CFT Regulations requires that a business establish such policies, procedures and controls as may be appropriate and effective for the purpose of forestalling, preventing and detecting money laundering and terrorist financing (“compliance arrangements”).
2. In certain instances, a business may outsource a part of those arrangements to a third party, either in Guernsey or overseas or within its group or externally (“External Service Provider”).

Engagement of External Reviewers

1. Rule 28 of the Financial Services Businesses and rule 43 of the Prescribed Businesses Handbooks requires that the Board of a business consider whether it would be appropriate to have a separate audit function to assess the adequacy and effectiveness of its compliance.
2. In lieu of this, some businesses engage the services of an external contractor, consultant or reviewer (“External Reviewer”), to review all or part of their compliance arrangements in order to determine whether they remain appropriate and effective in preventing, forestalling and detecting the specific financial crime risks to which the business may be exposed.
3. This includes External Reviewers engaged to identify and then undertake remedial work on any deficiencies relating to customer due diligence, risk reviews or other similar matters.

Accountability for Outsourced Compliance Arrangements

1. Rule 27 of the Handbook states that the Board of a business has effective responsibility for compliance with the Regulations and the rules in the Handbooks.
2. A business ¬cannot contract out of its AML/CFT statutory or regulatory responsibilities.
3. The business remains responsible for ensuring that, whether using an External Service Provider or External Reviewer, its compliance arrangements are compliant with the AML/CFT Regulations and the Handbooks.
4. The Commission expects that a business will incorporate measures to ensure that its engagement of External Service Providers or External Reviewer allows its Board to satisfy the requirements of Regulation 15, rules 27 and 28 of the Financial Services Businesses Handbook and rules 43 and 44 of the

Prescribed Businesses Handbook. These measures include:

1. Steps are taken prior to engagement to verify that the external party is qualified, knowledgeable of the applicable AML/CFT requirements and sufficiently resourced to perform the required activities.
2. The external party is screened in compliance with Chapter 11 of the Financial Services Businesses Handbook and Chapter 9 of the Prescribed Businesses Handbook.
3. Outsourced work is undertaken in compliance with the requirements of the Handbooks and AML/CFT Regulations and that measures are in place to verify that this is the case, by the business.
4. Reports or progress summaries must be provided to the business which contain meaningful, accurate and complete information about the activities undertaken, progress of work and areas of non-compliance identified so as to allow the business to comply with rule 30 of the Handbook, if required.
5. Measures to ensure that an external party reports any suspicious activity to the MLRO of the business about any suspicious activity and provides the MLRO with all relevant information.
6. Reports received from an External Reviewer explain in sufficient detail the materials reviewed and other sources investigated in arriving at its conclusions so as to allow the business to test or verify the findings made or conclusions drawn.

Relevance – Mitigation – Non-Compliance with Regulations or Handbooks

1. The fact that a business has relied upon an External Service Provider or the report of an External Reviewer will not be considered by the Commission to be a mitigating factor where the business has failed to comply with the AML/CFT Regulations and/or the Handbooks.
2. The onus is ultimately upon the business to determine the appropriateness of placing reliance upon an external party for performing any of its compliance functions or providing it with advice as to the appropriateness and effectiveness of its compliance arrangements.

 http://bit.ly/1xboYiX