The revised document is driven by international standards issued in 2012 by the Financial Action Task Force (“FATF”) and recommendations from MONEYVAL’s mutual evaluation of Guernsey, published in 2016, for pan-island businesses, that have already implemented Jersey standards, will see few differences.

• These enhancements will create the basis for the new Handbook, and COMSURE recommend that Licensees, Prescribed businesses and those registered for AML/CFT purposes, review the proposed Handbook and provide feedback to the Commission, if required.

Introduction

The consultation paper on revisions to the GUERNSEY’S AML/CTF framework was released jointly by the States of Guernsey, Policy and Resources Committee and the Guernsey Financial Services Commission on Friday 9 June 2017. The deadline for responding to the consultation is close of business on Monday 31 July 2017. It is very important that all businesses consider this consultation fully and make representations as may be necessary to ensure that their business and industry have an effective and workable AML/CTF regime.

The revised document is driven by international standards issued in 2012 by the Financial Action Task Force (“FATF”) and recommendations from MONEYVAL’s mutual evaluation of Guernsey, published in 2016, for pan-island businesses, that have already implemented Jersey standards, will see few differences.

These enhancements will create the basis for the new Handbook, and COMSURE recommend that Licensees, Prescribed businesses and those registered for AML/CFT purposes, review the proposed Handbook and provide feedback to the Commission, if required.

COMSURE have detailed below some of the headline changes and further high level assessment of the changes to each chapter can be found later in this summary

HEADLINE CHANGES

There will be only one Handbook for “Specified Businesses”, removing the current separate Handbooks for “Financial Services Businesses” and “Prescribed Businesses”. This is done on the basis that prescribed businesses have now had sufficient time to develop and be experienced in AML and CTF requirements.

Business Risk Assessments (“BRAs”) must clearly distinguish between AML and CTF risks. This can still be covered in one document. The proposed Handbook clearly puts more emphasis throughout on CTF, compared to the current Handbook. BRAs must also refer to the National Risk Assessment.

Additional CDD (“ACDD”) is proposed for the following relationships

1. Non-resident Customer
2. Private Banking Services
3. A customer that is a legal person or a legal arrangement used for personal asset holding purposes
4. Company with nominee shareholders that issues shares in the form of bearer shares.
5. There is a proposed change in the treatment of PEPs with
6. “Domestic PEPs” and “Foreign PEPs” to be classified appropriately and
7. the addition of International Organisation PEPs (“IOPEPs”) and
8. finally, a risk based approach for the treatment of PEPs with no assets in a structure

The role of Money Laundering Reporting Officer (“MLRO”) is to change to Financial Crime Reporting Officer (“FCRO”), which again highlights the coverage of CTF as well as AML.

In addition to the FCRO, a new role of Financial Crime Compliance Officer is proposed AND this role must be undertaken by someone independent of business development and client facing roles.

A revised approach to identifying beneficial ownership is proposed which extends beyond just legal ownership, instead focussing on actual ultimate ownership and control.

There are new rules proposed for authorised and registered Collective Investment Schemes. This will define the responsibility for AML and CTF requirements which fall under the responsibility of the nominated businesses which are licensed under the Protection of Investors Law.

Following the publication of Schedule 3 and the revised Handbook, firms will have at least three months to review and amend their business risk assessment and policies, procedures and controls, with a four month period proposed in the consultation paper for the BRA and a six month period proposed for policies, procedures and controls.

The Handbook provides a two-year window for existing business relationships to be reviewed and remediated. This includes ensuring that the ACDD requirements are met where required; identifying and appropriately risk assessing business relationships involving domestic PEPs and IOPEPs; and where the firm has been nominated in respect of an authorised or registered CIS, ensuring that the requirements of Schedule 3 and the revised Handbook are met in respect of the investors in that scheme.

For a further in depth assessment of the changes found in each Chapter of the proposed AML/CTF Handbook in comparison to the existing AML Handbook please see below

High Level Assessment Of The Changes

The following looks at the proposed Schedule 3 of the Law and compares this to the current Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) regulations, 2007 as amended and the Criminal Justice (Proceeds of Crime) (Legal Professionals, Accountants and Estate Agents) (Bailiwick of Guernsey) 2008 as amended, that will be repealed.

The following will assist Senior Management and the Boards of Directors and/or Controllers to establish where they may need to enhance their AML/CFT framework.

SECTION 2, GENERAL DUTY TO UNDERSTAND, AND ASSESS AND MITIGATE RISKS.

This section provides for the understanding of the Money Laundering and Terrorist Financing risk of the Bailiwick and those faced by the Specified Business.

A Specified Business must ensure that it has suitable Money Laundering and Terrorist Financing risks policies, procedures and controls to;

• Identify
• Assess
• Mitigate
• Manage
• Review and Monitor

SECTION 3, DUTY TO CARRY OUT RISK ASSESSMENTS.

There must be consideration of all relevant risk factors before determining the following;

1. The level of overall risk of the Specified Business
2. The appropriate type of and level of, mitigation that is to be applied to the identified risks
3. It is appropriate that a Specified Business considers the potential risks posed by its
4. Customers
5. Countries & Geographical areas
6. Products, Services,
7. Transactions,
8. Delivery Channels;
9. Money Laundering and Terrorist Financing risks that may arise in the development of new products before they become available
10. New or the developing of technologies before they are adopted by the Specified Business
11. Customer Risk Assessments must look at the following;
12. Type of customer
13. Countries & Geographical areas of the business relationship
14. Product and Service
15. Transactions and/ or
16. Delivery Channels
17. The Specified Business must understand that the risks individually and collectively may increase or decrease the overall assessment.
18. The Specified Business must ensure that it has suitable and sufficient policies, procedures and controls to mitigate and manage the risks faced, specifically in respect of the following:-
19. The risks identified in the Business Risk Assessment and Customer Risk Assessment
20. The relevant risks identified by the National Risk Assessment (which must be incorporated in to the Business Risk Assessment)
21. The Specified Business must
22. monitor their policies, procedures and controls regarding their implementation and must enhance where required.
23. take enhanced measures to manage and mitigate higher risks that have been identified in the Business Risk Assessment.
24. have regard to the rules and guidance in the Commission’s Handbook, Notices or Instructions issued by the Commission and the National Risk Assessment.

SECTION 4, CUSTOMER DUE DILIGENCE.

The Specified Business must understand the purpose and intended nature of its business relationships and have evidence to support their understanding

Where the Specified Business is unable to identify a natural person who has the true beneficial ownership, it must identify and verify the person entrusted with the prominent controlling function, such as senior managing officials in respect of the business relationship.

Politically Exposed Person must be classified as Foreign or Domestic.

It is not required to identify and verify shareholders, beneficial owners or underlying principals to a customer or person controlling a customer that is listed on a recognised stock exchange as prescribed by the regulations or is a majority owned subsidiary of such an entity.

A Specified Business must not treat its customer as low risk solely because it has been assessed as such by the business’s risk assessment process.

The meaning of beneficial ownership shall be construed in accordance with the Beneficial Ownership (Definition) Regulations 2017.

SECTION 5, ENHANCED AND ADDITIONAL CUSTOMER DUE DILIGENCE.

When the Customer or Beneficial ownership is a Foreign Politically Exposed Person this must be classified as High risk.

Where a Customer of Beneficial ownership is established or situated in a country or territory that provides:

Funding or support for terrorist activities, or does not apply or insufficiently applies the Financial Action Task Force standards Is otherwise identified as a country otherwise identified by the Financial Action Task Force for which enhanced measures are appropriate Must be classified as High risk inclusive where the Specified Business also identifies a relation to by high due to its own policies, procedures and controls relating to its risk assessments or where the Commission has issued instructions or warnings.

A Specified Business must Undertake additional due diligence, whether high risk or not, where it has the following customers;

Non-resident Customer

Private Banking Services

A customer that is a legal person or a legal arrangement used for personal asset holding purposes

Company with nominee shareholders that issues shares in the form of bearer shares

Additional due diligence requires steps prescribed in the rules and guidance of the Commissions Handbook. The Handbook may prescribe for differing steps to be carried out dependent on the business relationship or occasional transaction entered in to with the Customer.

Enhanced customer due diligence has been enhanced to specify the need for high risk relationships to have more frequent and enhanced monitoring. This will include increasing the number and timing of controls applied to the business relationship. The Specified Business must also select patterns of activity and transactions that need to be further analysed and examined.

Enhanced customer due diligence will also now require additional identification data that is specified as the customer’s occupation, identifying the volume of customers assets and publicly available information on the customer.

The Politically Exposed Person definition now also includes a person that has been entrusted with a prominent function by an international organisation.

The Specified Business must ensure that it has regard to any relevant rules and guidance in the Commission’s Handbook in determining what constitutes higher risk business relationships and occasional transactions.

SECTION 6, CUSTOMER DUE DILIGENCE FOR LOW RISK RELATIONSHIPS.

The Specified Business must rate business relationships and occasional transactions as low only when it is in accordance with the paragraph 3(4)(a) of Schedule 3 and in accordance with the National Risk Assessment. A low risk classification must only be applied in accordance with the Handbook. This discretion cannot be applied where there is suspicion of any money laundering or terrorist financing.

SECTION 7, TIMING OF IDENTIFICATION AND VERIFICATION.

This section has been enhanced to ensure that a Specified Business has appropriate and effective policies, procedures and controls in place which operate to manage the risk, including without limitation a set of measures to limit the number and type of transactions that can be performed and the monitoring of large or complex transactions that are outside of the norm expected of the business relationship.

SECTION 8, ACCOUNTS AND SHELL BANKS.

No material changes

SECTION 9, NON-COMPLIANCE WITH CUSTOMER DUE DILIGENCE MEASURES ETC.

No material changes

SECTION 10, INTRODUCED BUSINESS.

This has been enhanced to empower the Specified Business to ensure that the conduct of the introducer is subject to requirements consistent with the Financial Action Task Force recommendations 10,11 &12. The Specified Business must also ensure that that the introducer has implemented a programme to combat money laundering and terrorist financing that is consistent with the Financial Action Task Force recommendation 18.

The conduct of the introducer and the group of bodies of which the introducer and the receiving specified business are members, is supervised or monitored for compliance by the Commission or other overseas regulatory body.

SECTION 11, MONITORING TRANSACTIONS AND OTHER ACTIVITY.

This has been enhanced to ensure that a specified business is reviewing the identification data and records to ensure that they are kept up to date, accurate and relevant to Beneficial Owners, underlying Principals and high-risk relationships or customers in respect of whom there is a high risk.

The records of the above must be updated on a timely basis.

The transactions and activities must be monitored to ensure that they are consistent with the knowledge of the customer, the business undertaken and the profile of the customer (including where necessary the source of funds).

A Specified Business must ensure that the extent of monitoring carried out shall be determined on the materiality and risk including whether the business relationship is high risk.

SECTION 12, REPORTING SUSPICION.

No material changes except for the Money Laundering Reporting Officer title changing to the Financial Crime Reporting Officer.

SECTION 13, EMPLOYEE SCREENING AND TRAINING.

No material changes to this except for staff now having to be aware of the enactments of Schedule 3.

SECTION 14, RECORD KEEPING.

This section has been enhanced to include a requirement to keep records of the Business Risk Assessments for a period of 5 years and the customer risk assessment for the business relationship or occasional transaction.

A Specified Business must also keep records of transactions with a customer or introducer including the amounts and types of currency involved.

SECTION 15, ENSURING COMPLIANCE, CORPORATE RESPONSIBILITY AND RELATED REQUIREMENTS.

This brings in to being the requirement for a Specified Business to have a Financial Crime Compliance Officer who must be autonomous.

The Board must ensure that any subsidiaries effectively implement policies, procedures and controls in respect of sharing information (including, but not limited to, customer, account and transaction information) between themselves for the purposes of carrying out due diligence and the forestalling, preventing and detecting money laundering and terrorist financing. The Board must also ensure that the subsidiaries have policies, procedures and controls governing the protection of confidentiality of such information.

The Board must also ensure that the conduct of any agent that a Specified Business uses is subject to the requirements to forestall, prevent and detect money laundering and terrorist financing that is consistent with the Financial Action Task Force recommendations of such an agent.