Service notice – myRegistry and our Security Interests Register will be unavailable due to scheduled maintenance from 6:00pm on Tuesday 30 June until 2:00am on Wednesday 1 July.

Themed Examination Programme 2019: The Role of the Money Laundering Reporting Officer

1   Introduction

The Jersey Financial Services Commission (JFSC) regularly undertakes thematic examinations to assess the extent to which the regulatory framework is being complied with. Thematic examinations provide direct feedback to those within scope and a public feedback document which summarises the key findings.

In November 2018, the JFSC set out in high-level terms its planned thematic examination programme to be undertaken in 2019, within which the theme of the role of the Money Laundering Reporting Officer (MLRO) was identified.

The continuing ability of Jersey’s finance industry to attract legitimate customers with funds and assets that are clean and untainted by criminality depends, in large part, upon the Island’s reputation as a sound, well-regulated jurisdiction. Any business that assists in laundering the proceeds of crime, or financing of terrorism, whether: with knowledge or suspicion of the connection to crime; or acting without regard to what it may be facilitating through provision of its products or services, will face the loss of its reputation, risk the loss of its licence or other regulatory sanctions (where regulated and supervised), damage the integrity of Jersey’s finance industry as a whole, and may risk prosecution for criminal offences.

Jersey’s defences against the laundering of criminal funds and terrorist financing rely heavily on the vigilance and co-operation of the finance sector. Specific financial sector legislation (the Money Laundering (Jersey) Order 2008 (Order)) is therefore in place covering a person carrying on a financial services business in or from within Jersey, and a Jersey body corporate or other legal person registered in Jersey carrying on a financial services business anywhere in the world (Relevant Person).

The JFSC strongly believes that the key to the prevention and detection of money laundering and the financing of terrorism lies in the implementation of, and strict adherence to, effective systems and controls based on international standards. Legislation in conjunction with the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism (Handbook[1]) implements these standards.

The standards require Relevant Persons to take adequate measures to recognise and report suspicions of money laundering and terrorist financing, including the appointment of a Money Laundering Reporting Officer (MLRO), whose main function is to receive and consider Suspicious Activity Reports (SARs). Given the critical role that the MLRO plays in ensuring compliance with the regulatory framework, the JFSC selected this topic for a thematic examination.

In addition to the above, persons registered by the JFSC under Article 9 of the Financial Services (Jersey) Law 1998 or Article 9 of the Banking Business (Jersey) Law 1991 must comply with the principles and detailed requirements in the conduct of its business, as set out in the relevant Codes of Practice. Therefore, where relevant, the examinations also included reference to these requirements.

2   Scope and Methodology

The thematic examinations were conducted by the Supervision Examination Unit (SEU) and the Pooled Supervision Unit (PSU), commencing in Q1 and concluding in Q4 of 2019.

Having reviewed and analysed data held by the JFSC, together with supervisory knowledge of Relevant Persons, the following selections were made:

›   A sample of 17 Relevant Persons was selected to be examined by the SEU, representing the following licence types: Deposit-taking Business, Investment Business, Funds Services Business and Trust Company Business; and

›   A sample of 20 Relevant Persons was selected to be examined by the PSU, representing the following licence types: Lawyers, Accountants, Estate Agents, High Value Dealers, Casinos, Lenders and one Relevant Person registered to provide the service of otherwise investing, administering or managing funds or money on behalf of third parties.

The objective of the thematic examination was to review and assess, where relevant, the following:

1. Whether the MLRO had appropriate independence, sufficient seniority and authority in the business;

2. The MLRO’s assessment of internal SARs;

3. The decision of whether or not to externalise a SAR was always documented appropriately;

4. The Relevant Person’s governance, oversight and support of the MLRO; and

5. The effectiveness of the Relevant Person’s internal control systems in respect of all the above.

The themed examinations were conducted over two phases:

›   Phase One

This was by the way of a formal information request sent to the identified Relevant Persons seeking the provision of the following documents (where relevant):

The MLRO and Deputy MLRO(s) (where appointed): Job descriptions; details of any other roles fulfilled within the organisation; details of training / continuing professional development undertaken; and a structure chart for the compliance function including names, titles and reporting lines. If Deputy MLRO(s) were appointed, a summary of monitoring undertaken by the MLRO of the performance of the Deputy MLRO(s).

SAR Policies and Procedures: Policies and procedures relating to the process of reporting suspicious activity, together with a blank copy of the template employees complete to report suspicious activity to the MLRO.

Registers: SAR register (recording internal and external SARs); summary of any requests for information from law enforcement authorities; declined business register; and conflicts of interest register.

Corporate Governance: In regard to the Board of Directors (Board) / Senior Management (Management) and any delegated Committees - extracts of minutes where matters relating to the MLRO function were discussed; copies of MLRO reports presented; terms of reference for any Committees at which the MLRO function and / or reports were discussed; and any assessment(s) (internal / external) of the MLRO function conducted along with extracts of any Board / Management minutes where the assessment(s) was discussed.

Anti-Money Laundering (AML) / Countering the Financing of Terrorism (CFT) Training: In regard to the induction programme and ongoing AML / CFT training (including SAR training): the policy(-ies) detailing when training was to be provided to employees; the training as it was provided or if unavailable, a summary of the content of the training provided; and the register of attendance detailing the name of attending employees, their role(s) and the date(s) of attendance of training undertaken.

›   Phase Two

This included a desk-based review of the information provided by the Relevant Persons under Phase One, and one or two days of on-site activity whereby a sample of SAR files were reviewed, where relevant, and a number of interviews were held with various employees of the Relevant Persons.

In the event that any findings were identified, these were based upon information provided by the Relevant Person and evidence available at the time of the examination. Those findings are being separately addressed by the Relevant Persons.

The purpose of this paper is to summarise the key findings from this themed examination, and also to provide, where noted, areas of good practice observed by way of example[2]. It is not intended to comprehensively describe all risks that may be associated with non-adherence to the regulatory framework and not all Relevant Persons within scope face the issues described below.

The JFSC takes this opportunity to thank the Relevant Persons for the courtesy and assistance shown during the examination process.

3   Key Findings

3.1   Reporting Requirements

3.1.1 A SAR is required to be made to the Joint Financial Crimes Unit (JFCU) where an individual knows, suspects or has reasonable grounds for knowing or suspecting that: another person is engaged in money laundering or the financing of terrorism; or property constitutes or represents the proceeds of criminal conduct; or property is, or may be, terrorist property.

3.1.2 In a small percentage of the SAR files reviewed, JFSC officers disagreed with the decision made by the MLRO not to externalise a SAR to the JFCU. Based on the information available, it appeared to the JFSC officers that the MLRO had reasonable grounds for knowing or suspecting that another person was engaged in money laundering or property constituted or represented the proceeds of criminal conduct.

3.1.3 There were also a small number of examples identified where pertinent information contained within the internal SAR, or other relevant information held on file, had not been disclosed in the report externalised to the JFCU.

3.2   Documenting Enquiries and Decisions

3.2.1 The MLRO is required to consider internal SARs in light of all relevant information, to document all enquiries made in relation to each internal SAR, and to document the basis for reporting to the JFCU or deciding not to make such a report, which must be retained with the internal SAR.

3.2.2 In respect of some of the SAR files reviewed, JFSC officers identified a lack of adequately documented evidence to demonstrate that the MLRO had made appropriate enquiries with regard to the internal SAR.

3.2.3 In certain cases, the enquiries conducted by the MLRO appeared to have been either: (i) closed without first obtaining key information relevant to the nature of suspicion; (ii) not commenced on a timely basis; or (iii) inadequate to support their decision not to make a disclosure to the JFCU.

3.2.4 There were instances of the documentation to support the MLRO’s decision either: (i) not being maintained on file; (ii) lacking adequate detail; or (iii) being inconsistent; and / or (iv) being unclear.

3.2.5 Where SARs had taken a considerable time to process, there were occasions where the MLRO’s documentation did not always provide an adequate explanation for the delay and, therefore, the Relevant Person was unable to evidence whether the investigation and subsequent disclosure had been conducted as soon as practicable.

3.2.6 There were examples where the MLRO’s evaluation did not address all of the elements detailed within the internal SAR and / or did not clearly provide conclusive reasons for discounting or agreeing with the suspicions and, therefore, reporting or not reporting to the JFCU.

3.3   Timeliness of Internal SAR Reporting

3.3.1 Relevant Persons must maintain procedures that require internal SARs to be made in a set format and to include, among other things, the date the information or matter came to the employee’s attention. Relevant Persons may demonstrate that employees make internal SARs as soon as practicable where the MLRO periodically considers the period of time between information or a matter coming to an employee’s attention and the date of the internal SAR and concludes that is reasonable.

3.3.2 In a small number of instances, JFSC officers were unable to establish that the date the information or matter came to the employee’s attention was documented.

3.3.3 In some of the Relevant Persons examined, the MLRO was unable to evidence that they had periodically considered the date the information or matter came to the employee’s attention and the date of the internal SAR, in order to conclude whether the timeframes were considered to be reasonable. Therefore, the Relevant Persons were unable to demonstrate that employees made internal SARs as soon as practicable.

3.4   Timeliness of External SAR Reporting

3.4.1 The MLRO is required to consider all internal SARs and make an external SAR as soon as is practicable if he or she knows, suspects or has reasonable grounds for knowing or suspecting, that: another person is engaged in money laundering or the financing of terrorism; or property constitutes or represents the proceeds of criminal conduct; or property is, or may be, terrorist property.

3.4.2 On some occasions, the MLRO took a significant period of time to externalise SARs and the JFSC officers considered that, based on the information available, the external SARs did not appear to have been made as soon as practicable.

3.4.3 In two cases, the Relevant Person had set a considerably long standard timeframe for the MLRO to complete investigations and, where appropriate, to externalise. JFSC officers observed that the timeframe was not sufficiently sensitive to determine if a SAR was made as soon as is practicable.

Good Practice

Within their evaluation, the MLRO documented a detailed timeline of activity from the date the internal SAR was received until the conclusion, in order to clearly demonstrate any reasons for delays.

3.5   Oversight by the Board / Management

3.5.1 The Board / Management are required to assess both the effectiveness of, and compliance with, systems and controls and take prompt action necessary to address any deficiencies.

3.5.2 Relevant Persons complying with Codes of Practice must: (i) operate an effective corporate governance system and the business must be adequately monitored and controlled at Board and Management level; (ii) operate robust arrangements for meeting the standards and requirements of the regulatory framework, including adequate supervision of employees; (iii) conduct an assessment on at least an annual basis, of the extent to which compliance risk is managed effectively; and (iv) keep adequate, orderly and up-to-date records which must include its risk management systems and its Board or Management minutes.

3.5.3 In a number of instances, the JFSC officers identified that the MLRO reports to the Board / Management (or delegated Committees) lacked sufficient information for it to consider, such as the time taken for the MLRO to process internal SARs and any significant trends identified in regard to SARs.

3.5.4 Furthermore, examples were observed where the meetings of the Board / Management (or delegated Committees) lacked evidence of discussions in regard to the MLRO function and the contents of the MLRO reports.

3.5.5 There were also cases whereby an assessment of the effectiveness of the MLRO function had not been undertaken and / or the results of such had not been considered by the Board / Management.

3.6   Acknowledgement of Internal SARs

3.6.1 Relevant Persons must maintain procedures that i) require internal SARs to be acknowledged by the MLRO as soon as practicable; and also ii) remind employees making internal SARs of the risk of committing a tipping off offence.

3.6.2 JFSC officers reviewed a sample of SAR files and identified that acknowledgements provided by the MLRO were not adequately recorded on file in all instances.

3.6.3 It was also observed that the acknowledgement provided by the MLRO did not always include a reminder regarding the tipping off offence.

3.7   Apportionment and Awareness of Responsibilities

3.7.1 The Board / Management must document its systems and controls and clearly apportion responsibilities for countering money laundering and financing of terrorism, and, in particular, the responsibilities of the Money Laundering Compliance Officer (MLCO) and MLRO. Relevant Persons must ensure that the MLRO is fully aware of both their own and the Relevant Person’s obligations.

3.7.2 In some cases, JFSC officers identified that the job description for the MLRO did not include all of the responsibilities the MLRO is required to undertake under the regulatory requirements, or the job description had only recently been put in place. There were also examples of job descriptions not including a date or version control.

3.7.3 The PSU examined numerous cases where the MLRO was not fully aware of their, and the Relevant Person’s, obligations under the regulatory framework.

3.7.4 In two cases that the PSU examined, the MLRO was named in the Relevant Person’s policies and procedures, however was unaware of the appointment.

3.7.5 JFSC officers also observed that on numerous occasions there appeared to be a lack of understanding between the responsibilities of the MLRO and the MLCO.

3.7.6 In one Relevant Person examined, the Deputy MLRO could not fulfil their responsibilities as they did not have timely access to all records necessary.

3.8   Procedures

3.8.1 Relevant Persons must maintain reporting procedures in accordance with requirements set out in the Order, relevant Handbook and Codes of Practice (where relevant).

3.8.2 JFSC officers identified that although it was evident that most Relevant Persons had procedures in place relating to the process of reporting suspicious activity, they did not always include all of the requirements detailed in the relevant Handbook.

3.8.3 In some instances, the procedures lacked clarity; were overly complicated; included incorrect references; or they conflicted with Jersey regulatory requirements and / or other information available to the Relevant Person’s employees.

3.8.4 JFSC officers identified a number of examples which demonstrated a lack of adherence to the procedures in place.

3.8.5 In regard to record keeping, there were examples where policies and procedures did not include a version control / audit trail of material changes. Some also did not state a review date and / or frequency.

3.8.6 In a number of instances, the Relevant Persons that the PSU examined did not have any, or did not have adequate policies and procedures in place. This included two examples where the relevant Handbook was incorrectly used as an internal procedures manual.

3.9   Training and Awareness

3.9.1 Relevant Persons are required to provide employees with adequate training at appropriate frequencies, which must be: tailored to the Relevant Person and relevant to the employees to whom it is delivered; highlight to employees the importance of the contribution that they can individually make to the prevention and detection of money laundering and financing of terrorism; and cover key aspects of legislation to prevent and detect money laundering and the financing of terrorism.

3.9.2 Adequate procedures must also be maintained for monitoring and testing the effectiveness of the training provided. This may be demonstrated where Relevant Persons periodically test employees’ awareness of: (i) risks and policies and procedures, and take appropriate action where awareness is insufficient; and (ii) statutory obligations, and take appropriate action where awareness is insufficient.

3.9.3 Relevant Persons must provide employees who are non-relevant employees with a written explanation of the Relevant Person’s and the employee’s obligations and potential criminal liability under the money laundering and financing of terrorism legislation, including the implications of failing to make an internal SAR; and require such employees to acknowledge that they understand the Relevant Person’s written explanation and procedures for making internal SARs.

3.9.4 A Relevant Person may demonstrate that it takes appropriate measures to make relevant employees aware of enactments in Jersey relating to money laundering and the financing of terrorism where it: (i) provides relevant employees with a written explanation of the Relevant Person’s and employee’s obligations and potential criminal liability under the money laundering and financing of terrorism legislation, including the implications of failing to make an internal SAR; (ii) provides relevant employees with a written explanation of the disciplinary measures that may be applied for failing to report knowledge, suspicion or reasonable grounds for knowledge or suspicion without reasonable excuse, or as soon as it is practicable; and (iii) requires such employees to acknowledge that they understand the Relevant Person’s written explanation and procedures for making internal SARs.

3.9.5 Whilst in many cases the Relevant Persons undertook some form of AML / CFT training, JFSC officers identified that in some instances, the training (i) was not tailored to the risks specific to the Relevant Person’s business; or (ii) did not adequately reference the Jersey regulatory framework. In two of the cases examined by the PSU, no training had been undertaken at all.

3.9.6 In numerous instances, Relevant Persons had not undertaken any assessment of the effectiveness of the training provided.

3.9.7 JFSC officers interviewed a number of the Relevant Person’s employees with differing levels of experience. There were examples where it appeared there was a lack of understanding regarding various elements related to the reporting of suspicious activity, such as (i) who the MLRO is; (ii) what a SAR is; (iii) in what circumstances it should be raised; (iv) the timescale requirements for filing a SAR; (v) whether their responsibilities were fulfilled after submitting  to the MLRO; (vi) the importance of receiving an acknowledgement from the MLRO; (vii) the tipping off provisions; and (viii) the AML / CFT risks faced by the business.

3.9.8 There were also occasions whereby employees had not been provided with an adequate written explanation of the employee’s and the Relevant Person’s obligations and, consequently, employees had not acknowledged that they understood them.

3.9.9 In one case examined, there were no established arrangements for disciplining an employee who fails, without reasonable excuse, to submit a SAR.

3.9.10 JFSC officers also reviewed management information in regard to the completion of training and identified that the Board / Management were not always provided with information in regard to the completion of AML / CFT training and the results of any effectiveness testing.

Good Practice

In the case of one of the Relevant Persons examined, the MLRO sent an email to all employees using a scenario of a customer proposing a new piece of business. The MLRO then challenged employees to navigate through the policies and procedures and submit an internal SAR, recording their suspicions. Afterwards, they were evaluated and feedback was provided as a group and individually to the employees.

3.10 SAR Register

3.10.1 Relevant Persons must keep registers of internal and external SARs, maintained in line with procedures required under the relevant Handbook. This includes recording all internal SARs and external SARs in a register, with details of the date of the internal and external SAR, identity of the individual making the internal SAR, and information to allow supporting documentation to be retrieved on a timely basis.

3.10.2 In some instances, the SAR register did not contain all of the information required.

3.10.3 In the case of some of the Relevant Persons examined, the data recorded on the SAR register was proven to be inaccurate or the register was not kept up-to-date.

3.10.4 In a number of instances examined by the PSU, no SAR Register was maintained at all (where there was SAR data to record).

3.11 Barriers to Reporting

3.11.1 A Relevant Person must not allow internal SARs to be filtered by line management such that they do not reach the MLRO. Where procedures allow employees to discuss relationships and transactions with line managers before an internal SAR is made, they must emphasise that the decision on reporting remains with that employee.

3.11.2 JFSC officers witnessed examples where employees were encouraged to share their concerns with multiple layers of their superiors to validate their suspicion, before raising a SAR to the MLRO.

3.11.3 There were instances where a SAR was seen as a last resort by employees, and some employees considered that being suspicious could be seen by others as a sign of having limited knowledge about the client.

3.11.4 In the case of one Relevant Person examined, the MLRO placed reliance on the Deputy MLRO to make the decision as to whether to externalise a SAR, which led to SARs not being externalised despite the MLRO appearing to have formed a suspicion.

3.12 Independence

3.12.1 The MLRO is required to have appropriate independence, in particular from customer-facing and business development roles.

3.12.2 Relevant Persons complying with Codes of Practice must ensure that adequate procedures are implemented to avoid any conflict of interest arising or, where a conflict arises, keep adequate records of such conflicts and address them.

3.12.3 The JFSC officers identified that in respect of some of the Relevant Persons examined, the MLRO held multiple positions, such as (i) MLRO for client entities; (ii) Compliance Officer; (iii) MLCO; (iv) Proprietor; and / or (v) Director. In these cases, the records of the Relevant Person (such as the conflict of interest register, where such existed) did not include sufficient details as to how conflicts were being effectively managed / mitigated.

3.12.4 In one case examined by the SEU, a member of the compliance function was also the Chair of the new business committee. Direct involvement of compliance in the new business take-on and authorisation process can challenge the independence of the compliance function. Whilst this may be necessary and manageable in a very small operation, it should be avoided where possible and, where it features, requires additional oversight and controls.

4   Conclusion

Out of a total of 37 Relevant Persons involved in the examination, 96% resulted in findings.

Of the sample of 17 Relevant Persons examined by the SEU[3], there were 66 findings relating to the relevant areas detailed within this paper. These findings were in respect of the Order, the relevant Handbook and the relevant Code(s) of Practice.

Of the sample of 20 Relevant Persons examined by the PSU[4], there were 46 findings relating to the relevant areas detailed within this paper. These findings were in respect of the Order and the relevant Handbook.

Whilst there were some significant findings in regard to the specific regulatory obligations of the MLRO, these findings were in the minority, which provides a positive indication that in most cases the MLRO appeared to be adequately meeting their obligations.

As shown in the graph above, there were two areas which reflected a considerable number of findings across Relevant Persons examined by the SEU and the PSU:

i) Procedures; and

ii) Training and awareness.

Procedures are key to the implementation of effective systems and controls surrounding the prevention and detection of money laundering and the financing of terrorism. It is imperative that procedures are tailored to the business, mapped against the Jersey regulatory requirements, adequately maintained, and effectively adhered to. In order to avoid barriers to adherence, it is also important that procedures are clear and easy for Relevant Person’s employees to understand and use.

Another important control over the prevention and detection of money laundering and the financing of terrorism is to have employees who are: (i) alert to money laundering and financing of terrorism risks; and (ii) well trained in the recognition of notable transactions or activity which may indicate money laundering or financing of terrorism activity. Training is to be tailored to the business and reflect the relevant Jersey regulatory requirements. Testing must then be conducted to monitor whether the training provided is effective, and relevant action taken if necessary.

A further area which provided a number of findings in relation to the Relevant Persons examined by the SEU was in regard to oversight by the Board / Management. A robust corporate governance framework, of which risk management is an integral part, is important to ensure that a Relevant Person is adequately directed and controlled. The Board / Management have substantial responsibilities for the prevention and detection of money laundering and financing of terrorism, and whilst they are assisted in fulfilling these responsibilities by appointed MLCOs and MLROs, they must ensure adequate oversight of these roles, in order to demonstrate adherence to the regulatory framework.

All Relevant Persons involved in the examination have received direct feedback and where findings have been identified, they are subject to a formal remediation plan having been submitted to and agreed by the JFSC, setting out actions to be taken and timescales to complete them.

The seriousness of findings varied and where appropriate, further action has been taken, which in the case of 8.1% of the Relevant Person’s examined, has resulted in a formal referral to the JFSC’s Enforcement Department for further consideration.

It is expected that the Board / Management of Relevant Persons who were not involved in the examination also review this paper and consider their own arrangements to ensure strict adherence to the regulatory requirements.

Each Relevant Person in Jersey must recognise the role that it must play in protecting itself, and its employees, from involvement in money laundering and the financing of terrorism, and also in protecting the Island’s reputation of probity.

 

5   Glossary of Terms

AML

Anti-Money Laundering

Board

Board of Directors

CFT

Countering the Financing of Terrorism

Codes of Practice

Means, collectively, the:

› Code of Practice for Deposit-taking Business;

› Code of Practice for Fund Services Business;

› Code of Practice for Investment Business; and

› Code of Practice for Trust Company Business

Handbook

Includes, where relevant, the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for Regulated Financial Services Businesses and the three Handbooks for Prevention and Detection of Money Laundering and the Financing of Terrorism for the Legal Sector, Accountants, Estate Agents and High Value Dealers

JFCU

Joint Financial Crimes Unit

JFSC

Jersey Financial Services Commission

Management

Senior Management

MLCO

Money Laundering Compliance Officer

MLRO

Money Laundering Reporting Officer (to include any appointed Deputy Money Laundering Reporting Officer(s), unless stated otherwise)

Order

Money Laundering (Jersey) Order 2008

PSU

Pooled Supervision Unit

Relevant Person

Means a person carrying on financial services business in or from within Jersey; or either (i) a Jersey body corporate, or (ii) other legal person registered in Jersey, carrying on a financial service business in any part of the world (as defined under Article 1(1) of the Money Laundering (Jersey) Order 2008)

SAR

Suspicious Activity Report

SEU

Supervision Examination Unit

[1] Including, where relevant, the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for Regulated Financial Services Businesses and the three Handbooks for Prevention and Detection of Money Laundering and the Financing of Terrorism for the Legal Sector, Accountants, Estate Agents and High Value Dealers

[2] The areas of good practice observed and referenced herein should not be taken as formal guidance issued by the JFSC as they may not be relevant or appropriate to every Relevant Person.

[3] Representing the following licence types: Deposit-taking Business, Investment Business, Funds Services Business and Trust Company Business.

[4] Representing the following licence types: Lawyers, Accountants, Estate Agents, High Value Dealers, Casinos, Lenders and one Relevant Person registered to provide the service of otherwise investing, administering or managing funds or money on behalf of third parties.