Consultation on data for risk based supervision No 7 2017
- Issued:31 July 2017
Consultation on data for risk based supervision No 7 2017
Please note that terms in italics are defined in the Glossary of Terms.
The JFSC invites comments on this consultation paper. Responses may be sent directly to David Fisher at the JFSC by 31 October 2017. If you require any assistance, clarification or wish to discuss any aspect of the proposal prior to formulating a response, it is of course appropriate to contact the JFSC.
The JFSC contact is:
Senior Risk Analyst
Jersey Financial Services JFSC
PO Box 267
14-18 Castle Street
Telephone:+44 (0) 1534 822106
Alternatively, Peggy Gielen at Jersey Finance is co‑ordinating an Industry response that will incorporate any matters raised by local businesses. Comments should reach Jersey Finance by 31 October 2017.
Responses should be sent to:
Jersey Finance Limited
4th Floor, Sir Walter Raleigh House
Telephone:+44 (0) 1534 836006
Facsimile:+44 (0) 1534 836001
It is the policy of the JFSC to make the content of all responses available for public inspection (unless specifically requested otherwise by the respondent).
It is the policy of Jersey Finance (unless otherwise requested or agreed) to collate all responses and share them verbatim with the JFSC on an anonymised basis (with reference made only to the type of respondent, e.g. individual, law firm, trust company etc.). This collated, anonymised response will, typically, be placed in Jersey Finance’s permanent electronic archive which is currently open to all Jersey Finance members.
Glossary of Terms
Defined terms are indicated throughout the document as follows:
Businesses affected by these proposals, being (1) relevant persons as defined in the Money Laundering Order (those that carry on financial services business in or from within Jersey, and any Jersey body corporate or other legal person registered in Jersey carrying on financial services business anywhere in the world) and (2) any person registered under the BB(J)L, FS(J)L, CIF(J)L or IB(J)L that is not a relevant person (at this time, this is limited to businesses registered to conduct General Insurance Mediation Business)
Adjusted Net Liquid Assets
Used herein to describe a person registered under the BB(J)L
Banking Business (Jersey) Law 1991
Bank for International Settlements, an organisation that, amongst other functions, collates and disseminates information on banking activities conducted worldwide, including data supplied by the JFSC on the activities of banks
Customer due diligence
Measures set out in Article 3 of the Money Laundering Order
Countering the Financing of Terrorism
Collective Investment Funds (Jersey) Law 1988
Financial Services Commission (Jersey) Law 1998
Customer unique identifier
Enhanced CDD Measures
Measures described in the Money Laundering Order at Article 15 “Enhanced customer due diligence”
A numerical proxy for an Affected Business’s potential to impact upon the JFSC’s guiding principles (set out in Article 7 of the Commission Law).
Financial Services (Jersey) Law 1998
Insurance Business (Jersey) Law 1996
Jersey Finance Limited
Jersey Financial Services Commission
Money Laundering Order
Money Laundering (Jersey) Order 2008
National Risk Assessment
Means any natural or legal person (including a body of persons corporate or unincorporated)
Politically exposed person
Professional Indemnity Insurance
Private trust company
Company undertaking trust company business that is exempted by the relevant provisions of the Financial Services (Trust Company Business (Exemptions)) (Jersey) Order 2000
Proceeds of Crime Law
Proceeds of Crime (Jersey) Law 1999
Data that is considered to be restricted information when collected by the JFSC under the Supervisory Bodies Law and, where relevant, the BB(J)L, FS(J)L, CIF(J)L or IB(J)L
Suspicious Activity Report
Supervisory Bodies Law
Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008
A person that is subject to supervision by the JFSC in accordance with the Supervisory Bodies Law
Underlying beneficial owner Unique Identifier
1.2.1 The JFSC intends to capture sufficient data to support risk based supervision. In particular, it will seek data that will inform decisions on the riskiness of individual Affected Businesses, enabling supervisory resources to be most appropriately targeted.
1.2.2 The proposals would lead to more comprehensive and timely provision of data on the riskiness of Affected Businesses. This can be divided into data that informs views on:
18.104.22.168 the impact of a risk arising. This is derived from two factors: (1) the relative severity of different types of risk events and (2) the Footprint of each Affected Business, a derived score reflecting the potential significance of each Affected Business; and
22.214.171.124 the likelihood of risks arising, derived from considering the type and level of activity and the adequacy of controls.
1.2.3 This consultation addresses what is intended to be collected but not how it will be collected. Broadly speaking, it is intended to include risk data as part of a wider data programme, designed to streamline data collection processes thereby minimising costs.
1.2.4 A broad overview is provided herein of the proposals in two key areas. It is intended that further consultation will take place prior to implementation of these.
1.3.1 The proposals in this consultation paper have the potential to affect all Relevant Persons as follows:
126.96.36.199 Banks registered under the BB(J)L would face the most comprehensive reporting requirements but these build on significant existing requirements, mitigating the increase;
188.8.131.52 Certain persons registered under the FS(J)L and IB(J)L would face reporting requirements that are significant but less comprehensive; and
184.108.40.206 Other Relevant Persons, including those registered under the CIF(J)L or the Supervisory Bodies Law, would face the lowest reporting requirements.
2.1.1 The JFSC has issued this consultation paper in accordance with Article 8(3) of the Commission Law, as amended, under which the JFSC “may, in connection with the carrying out of its functions - ….consult and seek the advice of such persons or bodies whether inside or outside Jersey as it considers appropriate”.
2.2.1 The JFSC invites comments in writing from interested parties on the proposals included in this consultation paper. Where comments are made by an industry body or association, that body or association should also provide a summary of the type of individuals and/or institutions that it represents.
2.2.2 To assist in analysing responses to the consultation paper, respondents are asked to:
220.127.116.11 prioritise comments and to indicate their relative importance; and
18.104.22.168 respond as specifically as possible and, where comments refer to costs, to quantify those costs.
2.2.3 A response form has been published alongside this consultation, available at:
2.2.4 Respondents are requested to use this form when providing feedback, either directly or via Jersey Finance. For the avoidance of doubt, all responses received, in whatever fashion, will be considered, with the response form intended only to ease processing by the JFSC.
2.3.1 Feedback will be assessed and it is intended to provide industry with a document that addresses this in due course, outlining any changes to the proposals documented herein.
2.3.2 It is anticipated that two areas (set out in Sections 6 and 7) will be addressed first, through the development of systems and consultation with Industry. Section 8 establishes wider plans for the development of proposals.
3.1.1 The JFSC is a statutory body corporate established under the Commission Law. It is responsible for the supervision and development of financial services provided in or from within Jersey.
3.2.1 Article 5 of the Commission Law prescribes that the JFSC shall be responsible for:
22.214.171.124 the supervision and development of financial services provided in or from within Jersey;
126.96.36.199 providing the States of Jersey, any Minister or any other public body with reports, advice, assistance and information in relation to any matter connected with financial services;
188.8.131.52 preparing and submitting to the Chief Minister recommendations for the introduction, amendment or replacement of legislation appertaining to financial services, companies and other forms of business structure;
184.108.40.206 such functions in relation to financial services or such incidental or ancillary matters:
› as are required or authorised by or under any enactment, or
› as the States of Jersey may, by Regulations, transfer; and
220.127.116.11 such other functions as are conferred on the JFSC by any other Law or enactment.
3.3.1 Article 7 of the Commission Law sets out the JFSC’s guiding principles which require the JFSC to have particular regard to:
18.104.22.168 the reduction of risk to the public of financial loss due to dishonesty, incompetence, malpractice, or the financial unsoundness of persons carrying on the business of financial services in or from within Jersey;
22.214.171.124 the protection and enhancement of the reputation and integrity of Jersey in commercial and financial matters;
126.96.36.199 the best economic interests of Jersey; and
188.8.131.52 the need to counter financial crime in both Jersey and elsewhere.
3.4.1 With respect to the need to counter financial crime in both Jersey and elsewhere, the JFSC is the supervisory body that exercises supervisory functions in respect of:
184.108.40.206 regulated persons; and
220.127.116.11 persons carrying on specified Schedule 2 business.
3.4.2 The supervisory functions to be exercised by the JFSC are defined in Article 2 of the Supervisory Bodies Law, namely:
18.104.22.168 monitoring compliance by a Supervised Person with, inter alia:
› any requirement to which that person is subject under the Supervisory Bodies Law;
› any Order made under Article 37 of the Proceeds of Crime Law;
› any direction under Article 6 of the Money Laundering and Weapons Development (Directions) (Jersey) Law 2012; and
› any Code of Practice that applies to that person or the supervised business carried on by that person; and
22.214.171.124 carrying out the functions, powers and duties conferred under the Supervisory Bodies Law for the purpose of compliance by a Supervised Person with the requirements described in paragraph 126.96.36.199.
3.4.3 In accordance with Article 22 of the Supervisory Bodies Law, the JFSC, as the supervisory body, has prepared and issued a number of Codes of Practice.
4.1.1 The data collected is intended to support the approach to risk-based supervision set out in the document “JFSC Risk Overview: Our approach to risk-based supervision”. This describes the JFSC’s intended methodology for external risk assessment, comprising an assessment of footprint (scale and complexity), severity of events and probability (likelihood of events).
4.1.2 To develop a more objective, data based, risk assessment process, the JFSC requires objective data. This will inform assessment of the footprint of individual Relevant Persons and be used over time to inform assessment of the likelihood of risk events.
4.2.1 Data will be required to be provided both in connection with licence applications and on an ongoing basis. Provision of the former will build on the JFSC’s established approach.
4.2.2 With respect to the latter, the JFSC will require the data as part of its ongoing examination of Supervised Persons. The Commission Law and the Supervisory Bodies Law (Article 8 in both cases) enable the JFSC to require data to be provided for this purpose.
4.2.3 Article 30 of the Supervisory Bodies Law enables the JFSC to specify information requirements by way of a Notice served on any relevant person. The JFSC intends to present such a Notice to each person in connection with ongoing requirements, which will be managed electronically, via the internet. This Notice will be used to collect risk data connected with AML or CFT.
4.2.4 In the case of Relevant Persons registered under the BB(J)L, FS(J)L and IB(J)L, the Notices will also be issued under the similar relevant Articles in those laws, as information will be used to support a wider risk assessment.
4.2.5 In the case of a private trust company, which is a Relevant Person but not a Supervised Person, all data requests would be served on the trust company that administers it.
4.2.6 The use of such Notices will make provision of data mandatory, with failure to comply resulting in an offence under the relevant law.
4.3.1 This paper only discusses new requirements and changes to requirements relating to risk assessment. Other data needs will remain and these are not addressed herein – for example, contact details will still be required for applications - but they are not relevant to risk assessment and are therefore not discussed herein.
4.3.2 Mechanisms will need to be established to collect the data electronically. A range of options are being considered, with the aim being to ease the process to the extent possible whilst retaining flexibility. This paper does not address the technology that might be used, though Section 5 discusses some of the general issues that will need to be addressed and proposes solutions.
4.4.1 This paper only addresses data collection by the JFSC in connection with its responsibilities for the supervision of financial services businesses. It does not address data needs relating to Companies Registry, Bank resolution planning or the NRA, all of which will likely generate new reporting requirements.
4.4.2 The completion of an NRA is multi-agency Island project which is being overseen by the Financial Crime Strategy Group and is being led by the Government of Jersey. In order to complete the NRA, information, including data, needs to be collected from a number of stakeholders, such as industry and a number of government agencies and departments. The JFSC is to play a central role in the completion of the NRA as it is to act as the collection agent for the NRA information.
4.4.3 More detail regarding Industry involvement in the NRA and specifically the information requirements will be forthcoming in the latter part of Q3 2017.
5.1.1 The JFSC will develop detailed proposals taking into account responses to this consultation. As part of this consultation, the JFSC intends to hold meetings with Relevant Persons that have responded and are willing to assist in this development. This is intended to ensure, to the extent practical, that final proposals address all concerns aired at this stage.
5.1.3 In particular, views will be sought on how best to reduce the impact on Affected Businesses that present a lower risk, including how to identify them and what would be appropriate reporting in such cases.
5.1.4 Question 2: Please state any elements of the proposal that would be onerous to implement within the timescales proposed and comment on whether an extended period for implementation would sufficiently reduce the impact.
5.2.1 It is anticipated that in some cases Affected Businesses will not be able to provide a required figure. Generally, the intention is that the reporting system will provide a gateway for requests for deviations from requirements. The JFSC will consider these and provide consents where it is considered that a reasonable reason exists or agree a partial submission.
5.2.2 Requests will be considered based on the individual circumstances but generally the JFSC intends to adopt a more flexible approach initially and will look more favourably on requests where the deviation is limited in scope and only for a short period prior to internal systems being completed to address the issue.
5.2.3 It is also probable that from time to time errors will occur. Offences may be committed both because the terms of the Notice are not met and, possibly, because of the offences that arise in connection with the provision of false and misleading information to the JFSC.
5.2.4 The JFSC system will check data for completeness and to make sure applicable rules are followed (typically, simple rules such as numbers being provided where a numerical input is specified).This cannot be comprehensive but will assist Affected Businesses in avoiding simple input errors.
5.2.5 Any errors that are initially undetected but come to light at a later date will be handled according to the specific circumstances. Mitigating factors will be taken into account, such as prompt notification, own identification of errors and there being no intent to mislead.
5.3.1 The data supplied will constitute restricted data and, as such, legal restrictions will apply to its dissemination to third parties.
5.3.2 The submission process will check data against historical submissions and this is likely to reveal, indirectly, information to the submitter. Affected Businesses will be able to control which individuals can make submissions, in order to ensure that such information is not provided to unauthorised third parties.
6.1.1 The JFSC will need to collect data on the Footprint of Affected Businesses prior to registration and subsequently.
6.1.2 It is intended that this will be accomplished by (1) extending the application form to address the relevant aspects and (2) requiring that this is updated regularly.
6.1.3 The data is principally intended to provide an understanding of the scale (from a risk impact perspective) of an Affected Business. It is intended to collect data relating to current state and projections for the end of the next calendar year.
6.1.4 It is intended to require Affected Businesses to update these data items annually and to enable ad-hoc updating in the event that the Affected Business’s state became significantly at odds with the data provided (for example as the result of a business acquisition).
6.1.5 Currently, relevant data is provided in some cases (for example through business plans) but it is envisaged that in future the data collection will be structured to ensure that data can be automatically stored and retrieved to enable analysis over time and between peers.
6.1.6 In certain instances, Affected Businesses will also be asked to provide this information on behalf of customers that themselves conduct financial services business. In such cases, the name and the relevant data will be required on a customer by customer basis but no projections will be required.
6.1.7 These instances are:
188.8.131.52 Fund Services Businesses will be required to provide information on managed businesses and any funds serviced either by themselves or a managed business; and
184.108.40.206 Trust Company Businesses will be required to provide information on the entities they provide services to that conduct financial services business, including (but not limited to) private trust companies.
6.2.1 The intention is to transition in 2018.
6.2.2 As a first step, the new application process will go live for new applications.
6.2.3 Then, it is intended to require existing Affected Businesses to supply data using a modified application process to ensure all data is correct and up to date.
6.2.4 Finally, for year-end 2018, all Affected Businesses will be required to update data provided using the new update process.
6.3.1 On applying for a licence, Affected Businesses will be required to provide data on the number of business relationships they have (that have not been terminated as at the date of the application) and project this number for the end of the next calendar year.
6.3.2 In the case of Fund Services Businesses and Trust Company Businesses, this data will be required for the Affected Businesses itself and for any customers that conduct financial services business.
6.3.3 They will also be asked to provide the number of one-off transactions where CDD Measures were applied in the previous 12 months and are projected for the next calendar year.
6.3.4 At each following calendar year-end, they will be asked to update both the actual and projected figures.
6.3.5 Question 3: Is data on customer numbers currently derived as part of your management of AML/CFT risks? Are there any aspects of the proposed collection of such data that require clarification? Is any difficulty anticipated?
6.4.1 All Affected Businesses will be required to provide data on the value of business conducted on behalf of customers, broken down by type of financial services business.
6.4.2 In the case of Fund Services Businesses and Trust Company Businesses, this data will be required for the Affected Business itself and for any customers that conduct financial services business.
6.4.3 For transaction based business (where no funds are managed), Affected Businesses will be required to use instead an amount equal to the sum of the ten largest transactions for each customer in the previous year.
6.4.4 At each following calendar year-end, they will be asked to update the figures.
6.4.5 Question 4: Is data on customer value currently derived as part of your management of AML/CFT risks? Are there any aspects of the proposed collection of such data that require clarification? Is any difficulty anticipated?
6.5.1 All Affected Businesses will be asked to specify the types of financial services business that they carry on in Jersey and each other country in which they operate. Where they own subsidiaries, this will be required for each subsidiary.
6.5.2 In the case of Fund Services Businesses and Trust Company Businesses, this data will be required for the Affected Business itself and for any customers that conduct financial services business.
6.5.3 At each following calendar year-end, they will be asked to confirm that no new financial services business activities have commenced or ceased or to provide details of any changes.
6.5.4 Affected Businesses will be required to provide information on total staff and identify numbers responsible for carrying out each type of financial services business and, separately, compliance. At each following calendar year-end, they will be asked to update the figures.
6.5.5 Affected Businesses will be asked to provide projected total income from each activity for each country and each subsidiary for the next calendar year. At each following calendar year-end, they will be asked to provide actual figures for the preceding year and projections for the next calendar year.
6.5.6 The data is intended to provide an indication of the level of activity for each type of financial services business.
6.6.1 On registration, banks will be asked to provide data on projections for the following, broken down by country (in cases where banks are subsidiaries that have overseas branches), for the end of the next calendar year:
220.127.116.11 total deposit liabilities; and
18.104.22.168 deposits covered by compensation schemes (total amount and amount covered by each scheme)
6.6.2 At each following calendar year-end, they will be asked to provide actual figures for the preceding year and projections for the next calendar year.
7.1.1 Customer data here refers to information on an Affected Businesses’ customers.
7.1.2 Such information is useful as an indicator of risk likelihood and impact, particularly with respect to AML and CFT risks but also, in the case of BB(J)L, FS(J)L and IB(J)L registered persons, conduct risk.
7.1.3 The JFSC has previously relied on financial accounts, limited regulatory reporting and on-site examinations to obtain information on customers.
7.1.4 The aim is to collect enough information to provide indicators of riskiness and inform supervisory knowledge of Affected Businesses’’ activities.
7.2.1 It is intended to collect information on: (1) customers and underlying beneficial owners, (2) business undertaken and (3) transactions.
7.2.2 A three stage internal process for Affected Businesses is envisaged:
22.214.171.124 Affected Businesses create customer registers containing information needed to meet the rules set out for reporting;
126.96.36.199 Affected Businesses extract only the relevant information into a regulatory register; and
188.8.131.52 That information is transmitted to the JFSC.
7.2.3 The extraction process would ensure that only the relevant information was provided (for example, omitting names of individuals).
7.2.4 Transmission would be via the internet, with the transmitted data then being processed within the JFSC, which would include limited verification.
7.3.1 In order to be comprehensive, data will be sought on the customers of all Relevant Persons that are either:
184.108.40.206 registered under the BB(J)L, CIF(J)L, FS(J)L or IB(J)L;
220.127.116.11 registered under the Supervisory Bodies Law;
18.104.22.168 exempt from registration under the Supervisory Bodies Law owing to a service provided by a trust company or funds services business; or
22.214.171.124 exempt private trust companies.
7.3.2 In order to direct Notices, it will be necessary to identify a contact for this purpose. In the case of registered persons, the JFSC holds such information. In the case of funds, the JFSC will seek confirmation of the person responsible in each case, which may be the existing statistics officer, or as otherwise agreed by funds services businesses.
7.3.3 In the case of private trust companies and other financial services businesses that are exempt from registration owing to a service provided by a trust company or funds services business, the JFSC will seek confirmation of who is to be responsible in each case, by asking each trust company or funds service business to identify every such Relevant Person and a contact point for this purpose.
7.3.4 Notices will then be served on those contacts, based on the details provided.
7.4.1 It is proposed to require delivery of two lists of information concerning:
126.96.36.199 Customers; and
188.8.131.52 Underlying beneficial owners on which CDD is held.
7.4.2 For each list, it is proposed to gather data on characteristics relevant to AML/CFT but not any information concerning identity.
7.4.3 Specifically, it is proposed to gather in each list:
184.108.40.206 A unique identifier for each customer (the CUI) or underlying beneficial owner (the UUI) (as applicable), created for the purpose of the return;
220.127.116.11 Whether enhanced due diligence has been collected;
18.104.22.168 Whether simplified due diligence has been collected;
22.214.171.124 The legal status (individual, non-financial corporate, financial corporate, trust, banking institution, public sector entity, government);
126.96.36.199 Whether the customer or underlying beneficial owner (as applicable) is a PEP (as defined by the Money Laundering Order);
188.8.131.52 Nationality (for corporates, based on where incorporated);
184.108.40.206 Residence (for corporates, the country of operation); and
220.127.116.11 In the case of the customer information list, the UUIs of any relevant underlying beneficial owners linked to the customer.
7.4.4 Provision will be made for partial submissions for cases where CDD is incomplete (for new customers or where it is not required).
7.4.5 In the case of banks only, it is proposed thereafter to require quarterly updating. In part, this has been proposed to fit with the periodicity of other reports by banks to the JFSC but it is also taken into account that banks typically have larger numbers of customers than other Affected Businesses. Hence keeping up to date on changes to the risk profile is more important and it is considered that this would be achievable as banks are likely to be in the best position to develop fully automated reports.
7.4.6 For all other Affected Businesses, annual updating is proposed.
7.5.1 In the case of banks, it is intended to collect enough information to serve the JFSC’s supervisory needs and those relating to BIS reporting.
7.5.2 It is intended to collect a single return quarterly that provides enough information on the assets, liabilities and off-balance sheet exposures for these purposes by reporting the amount of business relating to each customer identifier. The combination will enable BIS reporting of customer related activity to be derived without any additional reporting
7.5.3 Where items do not relate to customers, information on residence will be required to enable BIS reporting. This approach avoids the overhead of compiling BIS reports in addition to data for supervisory purposes.
7.5.4 Banks that are multi-licenced may also face other requirements in relation to non-banking activity, which will be required to be submitted annually, as set out in Sections 7.6 and 7.7.
7.5.5 In the case of lenders and deposit-takers that are not registered, data will only be required annually and be limited to customer loans and deposits.
7.6.1 In the case of long term insurance provided by persons registered to conduct category A business under the IB(J)L, a breakdown of premiums received by insurance type will be required for each customer on an annual basis.
7.7.1 For these three activities, for each customer structure (respectively, a portfolio, serviced entity or fund), a description of its activity will be required, as follows:
18.104.22.168 A list of the customer identifiers related to the structure;
22.214.171.124 The location in which the structure is resident;
126.96.36.199 Total assets in the structure;
188.8.131.52 Total liabilities of the structure;
184.108.40.206 The type of assets held; and
220.127.116.11 The location of assets.
7.7.2 The last two will not be comprehensive, only requiring information on the largest holdings.
7.8.1 For other businesses, no disclosures relating to business levels have been identified as necessary, though this may be reviewed over time. For such businesses, risk assessment will be dependent on customer data (7.4) and transaction data (7.9) only.
7.9.1 It is considered useful to understand the level and nature of transactions being undertaken and, in particular, those that have higher risk characteristics, as defined by the reporter.
7.9.2 Only a summary of lower risk transactions (those with no higher risk characteristics) will be required (number and sterling equivalent value, broken down by broad nature of transaction).
7.9.3 For higher risk transactions, more information will be required on type and the parties involved.
7.9.4 Three types of higher risk transactions are proposed:
18.104.22.168 transactions that relate to activity that has been the subject of a SAR;
22.214.171.124 transactions that the Affected Business considers pose a higher risk of money laundering/terrorist financing; and
126.96.36.199 transactions meeting an objective set of criteria.
7.9.5 It is intended to initially gather information on only the first two types. This information will be reviewed to ascertain if an objective set of criteria can be discerned that is relevant to all Affected Businesses or to groups of Affected Businesses.
7.9.6 For transactions falling within the first two groups, the following will be required:
188.8.131.52 Customer identifier;
184.108.40.206 Counterparty information (type, nationality, residence, whether a PEP);
220.127.116.11 Nature and scale of the transaction; and
18.104.22.168 Whether it relates to a SAR or not.
7.9.7 The JFSC will use the information received to further develop reporting requirements in this area. In particular, free format fields will be used initially to enable Affected Businesses to describe transactions but, over time, the JFSC will prescribe specific conventions for more common transaction types.
8.1.1 The JFSC intends to review all current collections of data with a view to automating receipt and storage processes.
8.1.2 Once this work and the work outlined in Sections 6 and 7 are complete, the JFSC will consider whether further data is needed, particularly on key risk indicators. These are pieces of data which, either by themselves or in connection with other data held, are anticipated to be an indicator of heightened riskiness.
8.1.3 These key risk indicators would be added to annual updating requirements, supplementing those detailed in Section 6. Work on this will be undertaken in 2017/2018, with any new requirements not applying until the end of 2018, with at least six months’ notice being provided of any new requirements (from time of notification to time of submission).
8.2.1 There are three areas where key risk indicators are likely to evolve, being:
22.214.171.124 Financial Soundness: for example, regulatory ratios, such as the ANLA ratio applying to most businesses registered under the FS(J)L;
126.96.36.199 Conduct: for example, complaints data, including the level of complaints and the results of these; and
188.8.131.52 Financial Crime: for example, SARs data, such as the number and nature of SARs raised internally and reported externally.
8.2.2 Appendix B provides further examples of potential key risk indicators. At this time, no decisions have been taken as to which are most relevant and, indeed, other potential key risk indicators may well be considered.
8.2.3 Implementation will take into account the differing responsibilities of the JFSC. For example, if the above were developed, Schedule 2 Affected Businesses would only be asked to provide data on the last of these, given that the JFSC is only responsible for regulation of AMF/CFT in their respect
8.2.4 Question 9: Would the provision of (1) financial ratios, (2) complaints data or (3) SARs data be problematic for any reason (not just operational reasons)? Would you anticipate that six months’ notice would provide a reasonable amount of time to compile reporting on these areas?
9.1.1 The direct costs are likely to be largest during the implementation phase, where Affected Businesses will need to develop processes and systems to enable compliant reporting of data. Thereafter, production of data should have only a modest cost.
9.1.2 Costs have been minimised, where practical, by the following:
184.108.40.206 Bank requirements have been developed taking into account BIS reporting requirements, with a view to dispensing with the need for a separate BIS submission; and
220.127.116.11 The overall impact has been reduced by adopting a staggered approach, focussing on the proposals set out in Section 6 and 7, rather than an attempt to proceed directly to collect comprehensive data.
9.2.1 The JFSC will need to substantially revise its reporting systems and the processes and systems used to analyse the data submitted, as well as train the relevant staff.
9.2.2 However, much of this work is already planned as part of the wider project looking at the JFSC’s approach to supervision and the adoption of new systems. Combining these pieces of work will help in minimising costs.
9.2.3 For example, the work on the licence application form will be part of a wider piece of work looking at how to improve the handling of applications, so that the final solution delivers both the improved functionality described within and efficient processes.
9.3.1 Improved risk assessment will allow the JFSC to target supervisory efforts on the greatest risks. It will also reduce the need for ad-hoc data requests.
9.3.2 Industry benefits from improved targeting both because this is more likely to be effective in mitigating risks posed by higher risk Affected Businesses and reduce activity relating to lower risk Affected Businesses.
9.4.1 The JFSC will also benefit from the freeing up of staff resourcing to enable more targeted supervision of higher risk Affected Businesses, which these proposals will support.
List of representative bodies and other persons who will be sent this consultation paper:
› Association of English Solicitors Practising in Jersey
› Association of Investment Companies
› Chartered Institute for Securities & Investment – Jersey branch
› Institute of Directors – Jersey branch
› Jersey Association of Directors and Officers
› Jersey Association of Trust Companies
› Jersey Bankers’ Association
› Jersey Chamber of Commerce
› Jersey Compliance Officers Association
› Jersey Estate Agents Association
› Jersey Finance Limited
› Jersey Funds Association
› Jersey International Insurance Association
› Jersey Motor Traders Association
› Jersey Society of Chartered and Certified Accountants
› Law Society of Jersey
› Personal Finance Society – Jersey branch
Potential key risk indicators – general:
› Outsourced functions (Y/N)
› Number of outsourced functions
› Material changes to governance arrangements
› Directors - average tenure (years)
› Total Non-Executive Directors
› Staff numbers
› Number of staff subject to disciplinary action
› Staff turnover ratio
› Total unfilled vacancies ratio
› Training budget per employee
› Compliance unfilled vacancies ratio
› Separate risk management function (Y/N)
› Risk staff numbers
› Internal audit function (Y/N)
› Total audit findings outstanding (internal and external)
› Total high risk audit findings
› External auditor appointed (Y/N)
› Date last change in external auditor
› Information security officer appointed (Y/N)
› Time since last information security audit (years)
› Information security breach in last 12 months (Y/N)
› Compliance related:
› JFSC Examination in last 12 Months (Y/N)
› Number of findings
› Number of findings not remediated
› Number of internal compliance findings in last 12 months
› Number of findings not remediated
› Number of breaches reported to the JFSC
› Number of issues reported to the Affected Business’s board
Potential key risk indicators - financial soundness:
› Operational losses:
› Whether an operational loss incurred in last 12 months that exceeded £10,000 (Y/N);
› Number of such operational losses in last 12 months; and
› Total value of all operational losses in last 12 months
› Annual net profit before tax (Affected Business and any group it belongs to)
› Balance sheet solvency (assets minus liabilities)
› The level and nature of contingent liabilities
› The level and nature of contingent liabilities not provided for
› Matters of emphasis in financial statements (Y/N)
› Auditor “Going Concern” statement clean/not omitted or caveated
› Parent Group credit rated (Y/N)
› Parent group credit rating
› Risk Asset Ratios - lowest/current (banks only)
› Parent Risk Asset Ratios – lowest/current and minima (banks only)
› Lowest/current 30 day liquidity mismatch ratio (banks only)
› Parent Liquidity Coverage Ratio (relevant banks only)
› ANLA ratio - lowest ratio/current ratio (non-banks)
› Solvency – Insurer – lowest ratio/current ratio
› Material strategy changes
› Targeted cost reduction in next 12 months (%)
› Targeted revenue growth in next 12 months (%)
Potential key risk indicators – conduct
› Total PII notifications last 12 months
› Total PII claims last 12 months
› Number of litigation cases
› Number of complaints
› Percentage of complaints upheld
› Percentage of complaints referred to an ombudsman
› Percentage of ombudsman referrals upheld
Potential key risk indicator - financial crime:
› Any SAR submitted in last 12 months (Y/N)?
› Number of SARs submitted; and
› Number of SARs raised by staff
› Number of frozen accounts
› Business Risk Assessment – Date of last board approval.
› Frequency of customer screening (Daily/Weekly/Quarterly/Other)
› Screening confirmed match ratio
› Screening scope (Sanctions only/PEPs and sanctions/other risk factors)
› Percentage of customers with incomplete CDD
› Sanctions measures - report to Chief Minister in last 12 months (Y/N)?
› Total reports to Chief Minister in last 12 months
› Number of production orders served in last 12 months:
› Number relating to market abuse.
 term defined in Article 1 of the Supervisory Bodies Law.
 term defined in Article 1 of the Supervisory Bodies Law.
 The members of the Financial Crime Strategy Group are:
›Chief Minister’s Department
›Community and Constitutional Affairs Department
›Comptroller of Income Tax
›Jersey Financial Services Commission
›Jersey Gambling Commission
›Joint Financial Crimes Unit
›Law Draftsman’s Office
›Law Officers’ Department
›Ministry of External Relations
›States of Jersey Customs and Immigration Service
›States of Jersey Police