Statutory and code requirements for Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Business Risk Assessment (BRA) and strategy

The AML/CFT BRA and strategy are key controls to establish a robust risk management framework in the prevention and detection of money laundering (ML) and terrorist financing (TF).

Our thematic examinations will review the extent to which supervised persons have undertaken an assessment of their exposure to ML and TF and documented a resulting strategy to counter it.

Our AML/CFT regime is risk-based and therefore intended to be tailored to the vulnerabilities and threats relevant to a particular supervised person. If a supervised person has not adequately assessed its inherent risks, then the strategy set and systems and controls designed in response, may not be effective in mitigating risk.

1 Helpful information

Below we have detailed the statutory requirements set out in the Money Laundering (Jersey) Order 2008 (Order) and the code of practice requirements (AML/CFT CoP) (statutory and AML/CFT CoP requirements) set out in the relevant AML/CFT Handbooks for the Prevention and Detection of ML and TF (Handbooks), related to this theme.

The Guidance Notes (guidance) detailed in section 2.3.1 of the relevant Handbooks present a way in which a supervised person can demonstrate compliance with the statutory and AML/CFT CoP requirements. The application of the guidance will indicate that a supervised person is in compliance with the statutory and AML/CFT CoP requirements.

A supervised person may adopt other appropriate measures to those set out in the guidance, so long as it can demonstrate that such measures also achieve compliance with the relevant statutory and AML/CFT CoP requirements; it will need to demonstrate how the alternative measures adopted, comply.

This may be more difficult to demonstrate if the alternative method is similar to the measures outlined in the guidance but lack some of the key features.  

It may be easier to demonstrate where the alternative measures have extra or additional features that can be evidenced as being equally effective.

2 AML/CFT business risk assessment

The AML/CFT CoP contained within section 2.3 of the Handbooks, detail the board/senior management responsibilities in respect of the AML/CFT BRA:

The board/senior management must conduct and record a BRA. In particular, the board/senior management must consider, on an on-going basis, its risk appetite, and the extent of its exposure to ML and TF risks ‘in the round’ or as a whole by reference to its organisational structure, its customers, the countries and territories with which its customers are connected, its products and services, and how it delivers those products and services.

The assessment must consider the cumulative effect of risks identified, which may exceed the sum of each individual risk element. The board’s assessment must be kept up to date.

Guidance provided in section 2.3.1 of the Handbooks details how the board/senior management may demonstrate that it has considered its exposure to ML and TF risk.

A comprehensive assessment of risk will, involve all members of the board/senior management and include consideration of the following factors, as appropriate to the business:

• Organisational factors
• Nature, scale and complexity of the business
• Diversity of operations (including geographical diversity) and associated risk
• Transactional volume and size
• Customer risk
• Country risk
• Product, service and delivery risk
• Accumulation of risk for more complex customers.

Risks relevant to the business will be identified, including those in relation to the jurisdiction(s) in which the business operates and its products, services and customers. This consideration of risks will be bespoke to the business model, the operational structure and the relevant external environment.  

As part of its assessment of the risks identified, the board/senior management will consider if there are any barriers, to the effective operation of systems and controls to counter ML and TF risk, which will need to be addressed.

The board/senior management will consider its exposure for ML and TF risks on an ongoing basis, with the BRA kept up to date. Guidance in section 2.3.1 of the Handbooks outlines that the board/senior management may demonstrate that this can be achieved by undertaking an annual review.

However, it may be appropriate to do this more frequently, particularly when there are material changes in the internal or external environment, which may affect the ML and TF risk or where there are weaknesses identified in the mitigating controls.

As detailed in section 10.4.1 of the Handbooks, under the AML/CFT CoP requirements, a supervised person must retain superseded BRAs and records of cultural barriers, for a period of five years.

3 AML/CFT strategy

The AML/CFT CoP contained within section 2.3 of the Handbooks additionally require that on the basis of its BRA, the board/senior management must establish a formal strategy to counter ML and TF risk.

The strategy will be an ongoing action plan to counter the ML and TF risk within your business, focusing on the risks identified and the systems and controls in place to mitigate those risks.

4 Statutory and AML/CFT code of practice requirements

Reference	Description
Article 11(1) of the Order	A supervised person must maintain appropriate and consistent policies and procedures relating to, among other things, risk assessment and management.
AML/CFT CoP in section 2.3 of the Handbooks	Board/senior management must conduct and record a BRA, considering risk appetite and extent of exposure to ML and TF risks on an on-going basis.
	On the basis of the BRA, the board/senior management must establish a formal strategy to counter ML and TF.
	Board/senior management to take into account the conclusions of the BRA and strategy to organise and controls its affairs to effectively mitigate identified ML and TF risks, and demonstrate systems and controls to counter ML and TF.
	Board/senior management must consider and address barriers (including cultural barriers), to the effective operation of systems and controls to counter ML and TF risk.
	A supervised person must maintain appropriate policies and procedures to enable it, when requested by us, to make available to that authority a copy of its BRA.
AML/CFT CoP in section 10.4.1 of the Handbooks	A supervised person must retain BRAs for a period of five years after the end of the calendar year in which it is superseded.
	A supervised person must retain a record of barriers for a period of five years after the end of the calendar year in which a matter is considered.

5 Guidance notes

Reference	Description
Guidance within section 2.3.1 of the Handbooks	Guidance within the Handbook details ways in which a board/senior management of a supervised person may demonstrate that it has considered its exposure to ML and TF.
Guidance within section 2.4.3 of the Handbooks	Guidance within the Handbook details ways in which a supervised person may demonstrate the consideration of cultural barriers which might hinder the effective operation of systems and controls to prevent ML and TF.

 6 Glossary

Term(s)	Definition
AML/CFT	Anti-money laundering/countering the financing of terrorism
AML/CFT CoP	Code of practice within the Handbooks
Board	Board of directors of a supervision person (if applicable)
Business risk assessment / BRA	As required within the AML/CFT CoP in section 2.3 of the Handbooks. The board/senior management must conduct and record a BRA, considering, on an on-going basis, its risk appetite and the extent of its exposure to ML and TF risks “in the round” or as a whole by reference to its organisational structure, its customers, the countries and territories with which its customers are connected, its products and services, and how it delivers those products and services. The assessment must consider the cumulative effect of risks identified and must be kept up to date
Customer	A person with whom a business relationship has been formed or one-off transaction carried out. References to customer also include, where appropriate, a prospective customer (an applicant for business) with whom a business relationship is to be established or one-off transaction carried out. A customer may be an individual (or group of individuals) or a legal person. May also be referred to by Industry as a ‘client’
Financing of terrorism / terrorist financing / TF	Refer to the definitions of conduct under the Terrorism (Jersey) Law 2002 and the Sanctions and Asset Freezing (Jersey) Law 2019. May also be referred to as terrorist financing
Guidance	Guidance notes within the Handbooks
Handbooks	Handbooks for the Prevention and Detection of ML and TF, comprising: Handbook for regulated financial services businesses Handbook for the accountancy sector Handbook for the legal sector Handbook for estate agents and high value dealers
JFSC	Jersey Financial Services Commission
Money laundering / ML	Has the meaning given in Article 1 of the Proceeds of Crime (Jersey) Law 1999
Order	Money Laundering (Jersey) Order 2008
Policies and procedures	The way in which a business’ systems and controls are implemented into the day-to-day operation of the business
Risk appetite	As required within the AML/CFT CoP in section 2.3 of the Handbooks. The board/senior management must consider its risk appetite to ML and TF risks on an ongoing basis
Strategy	As required within the AML/CFT CoP in section 2.3 of the Handbooks. The formal strategy established by the board/senior management to counter ML and TF, on the basis of its BRA
Supervised person	Defined in Article 1 of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008 as a registered or a regulated person, and covers all of those persons that are required to comply with the Order (referred to in the Order and Handbook as ‘relevant persons’)
Systems and controls	A supervised person’s general framework to combat ML and TF