Service notice: This website, myRegistry and the Security Interests Register (SIR) will be unavailable from Thursday 7 July at 18:00 until Friday 8 July at 02:00 due to scheduled maintenance.
Responses to the Consolidated AML/CFT Handbook webinar Q&A
Responses to the Consolidated AML/CFT Handbook webinar Q&AGeneral and next steps
Q: The amount of documentation emanating of late from the JFSC has placed considerable pressure on FSB's. Does the JFSC take this into account when considering circulation and the frequency of such circulation?
A: We understand and appreciate that industry maybe facing additional burdens given the increasing national and international regulatory developments.
One of our core aims as the regulator, is to keep industry informed about recent changes and updates that have taken place, or, that are due to take place by providing frequent and update information in line with our outreach and engagement plan.
Where the communication relates to activities that are within our control, we endeavour to ensure there are reasonable intervals to implement requirements, or respond to requests for data/information. Where possible we will consolidate information requests to reduce the frequency of these.
An example where we have done this, has been where we have carried out the exercise to consolidate the AML/CFT Handbook (the Consolidated Handbook) from four separate documents into just one. The initial proposal was for Consolidated Handbook to be effective on 31 March 2022 (two months after the Consolidated Handbook was issued which was on 31 January 2022) but due to requests from industry, who did not consider two months sufficient, and the deadline for the supervisory risk data collection exercise (30 April 2022) the effective date was deferred until 31 May 2022. Thus allowing extra time for industry to adapt.
Q: For those in industry wanting to volunteer to be involved in the further work on the Handbook, is the start date for this work in May/ June 2022? Or do you mean between now and then?
A: The start date for Industry engagement regarding the further Handbook work will be May/June 2022. We shall update those persons who have volunteered to be involved as we establish firmer dates.
Corporate Client Due Diligence
Q: Corporate CDD- If a regulated trust/CSP has numerous directors/signatories are they deemed as controllers for the purposes of applying ID measures to them, if they are changed on a regular basis, or is a signatory list acceptable along with the CDD for the entity
A: Regardless of how regularly the directors/signatories are changed if the Money Laundering (Jersey) Order 2008 (MLO) requires CDD to be applied then this is a statutory requirement.
Whether a director and/or a signatory of a company is a beneficial owner or controller will need to be assessed, as required by Article 3 of the MLO, on a case by case basis in accordance with a risk based approach and the three tier test (see Section 4.5 Paragraphs 124 to 126 of the AML/CFT Handbook for Regulated Financial Services Business (Existing Handbook) and section 4.5 paragraphs 179 to 180 of the Consolidated Handbook). Where it is decided they are beneficial owners and/or controllers then CDD measures will need to be applied.
Where directors and/or signatories of the company act on the company’s behalf the MLO requires identification measures to be applied for Article 3 (2) “(aa) identifying any person purporting to act on behalf of the customer and verifying the authority of any person purporting so to act” The Handbook further elaborates that this includes where a person has signing authority over an account (paragraph 109 in section 4.5 Existing Handbook and paragraph 165 in section 4.5 of the Consolidated AML/CFT Handbook).
Subject to where an exemption may be available.
Q: Can copy documents be for natural persons, legal persons and legal arrangements?
A: This is correct. Sections 4.3, 4.4 and 4.5 of the Consolidated Handbook set out how a supervised person may demonstrate they have obtained evidence of identity for natural persons, legal arrangements and legal persons respectively. An example of copy documentation we have set out for legal persons is a certificate of incorporation.
Electronic bank statements and utility bills
Q: So with an electronic bill, the customer has to forward the original email from the utility service provider containing the bill to you? Or can they just send you the pdf?
How must the emailed utility bill be forwarded by the customer to the TCB?
A: These two questions are similar and shall be answered together. Electronic statements and utility bills are covered in Section 4.3.2.1 of the Consolidated Handbook.
We have not stipulated that an electronic statement or utility bill must be forwarded to a supervised person in a particular manner (e.g. direct from the customer). However, the Consolidated Handbook notes that some types of electronic document are more susceptible than others to being stolen, intercepted, tampered with or otherwise amended, for example, a document sent by e-mail without any encryption. We also provide guidance on what steps a supervised person may take if they become concerned regarding the integrity of an electronic document.
Q: Would electric bills still need to be printed off and certified?
A: It would depend how the electricity bill has been received, if received electronically by a customer this would be in line with Section 4.3.2.1 of the Consolidated Handbook (i.e. if you are satisfied that the electronic electricity bill satisfies your obligation to obtain evidence in line with Section 4.3.2.1 you would not also need to print it off and have it suitably certified).
Q: Just to be 100%. If a customer forwards us on a local JEC bill via email that is now acceptable?
A: Yes that is correct. Section 4.3.2.1 of the Consolidated Handbook relates to the acceptance of electronic bank statements and utility bills.
Q: If a client poses for a photo in front of their residential address and sends it to us, can this be used as acceptable address proof?
A: No. This solution would not be consistent with any of the “safe harbours” as identified within Section 4, Paragraph 20 of the Consolidated Handbook.
Q: When saving say an electronically generated utility bill received, will it be recommended best practice that the accompanying email also be saved in our records?
A: We would expect Supervised Persons to update their policies and procedures regarding what they consider to be within their risk appetite and management when accepting electronic statements. Depending on the risk profile of the customer, the ability of the electronic statement to be tampered with and with consideration of the risks that arise when accepting electronic statements to evidence the address of a customer, additional steps may be appropriate to manage these scenarios.
The example given is one of the additional steps provided as guidance to Supervised Persons who are or becomes concerned regarding the integrity of an electronic statement (Paragraph 41).
Suitable Certification
Q: Would we need to receive the original certified copy or is it acceptable for a certify to send the document by email and for us to accept
A: Paragraph 52 of the Consolidated Handbook refers to two types of suitable certifications:
- A hand-written certification; or
- An electronic certification which is produced using software.
If utilising this section of the Consolidated Handbook to collect evidence of identity, Supervised Persons should accept either a physical document with a handwritten certification or a digital document with electronic certification affixed.
Q: Where the supervised person has received an original hand written certified document, and then scanned this document into the record keeping database with original being destroyed in line with internal record keeping, how does the supervised person demonstrate that this was robust enough? On the face of it may be seen that it is a 'copy of a copy' as only the pdf version of a document can be produced, and therefore appearing not up to standard, even though an original has been sighted.
A:Section 10 of the Consolidated Handbook refers to the ways a Supervised Person may choose to keep their records. Paragraph 4 of that section describes that records may be kept (1) by way of original documents (2) by way of copies of original documents (certified where appropriate) (3) in scanned form; or (4) in computerised or electronic form.
If it is operational practice to accept copies of original documents or certified copies, take copies of those documents for the purposes of meeting the Record Keeping requirements and then destroy the original this would be permissible under this section.
If Supervised Persons are concerned as to how they will demonstrate they have met their requirements in this regard, it may be useful to record such instances of destruction within the data of the filed copy, inclusive of what type of document was received, by whom and using what mechanism.
Q: Is it a requirement to authenticate certification by contacting the certifier in the absence of originals?
If a document is certified and we are provided a PDF copy and we contact the certifier directly to obtain confirmation of authenticity of the certification and the document, does the Commission consider this appropriate as an additional measures to accept without the need to obtain the "wet ink" original?
Why is it acceptable for a UK lawyer to certify a document (handwritten) and post to us, but not to certify (handwritten) and then scan and email to us?
A: As stated in Section 4.3.3 of the Consolidated Handbook, a supervised person may demonstrate that it has obtained evidence of identity when it obtains a true copy, signed and dated by the suitable certifier.
We confirmed during the webinar that a PDF copy of a certified copy e.g. a document with a hand-written certification, which is then scanned and sent as a PDF but not followed by the physical document, is not good evidence of identity when used in isolation. This is not mitigated by contacting the certifier. This position remains unchanged.
In the case of a hand-written signature, a supervised person is required to physically obtain the certified document. In the case of an electronic signature, the supervised person should refer to the guidance set out at paragraphs 55-56 of Section 4.3.3.
In the circumstances where a Supervised Person is not comfortable with the certified documents received or the risk profile of the customer would warrant it, contacting the certifier to authenticate the document may provide additional comfort.
Q: If the wording in a certifier stamp does not include "true likeness " wording - we have used other methods e.g internet to verify what the person looks like - Can we still use this in combination?
A: This is correct. Section 4.3.2 of the Consolidated Handbook states that evidence of identity may come from a number of sources, including one or more of the following:
- original documents;
- certified copies of documents;
- external data sources; and/or
- E-ID
A Supervised Person may, having regard to the appropriate Codes and guidance notes and providing the routes taken are suitably documented within a Supervised Person’s policies and procedures, utilise both a certified copy of a document supported by external data sources (e.g. using the internet to verify what a person looks like) in order to obtain evidence of identity for that individual.
Q: Is copy of copy like chain of custody - if you can trace back to the original you can use copies of copies... evidence of the chain is maybe ok as an additional measure
A: Although this scenario is heading in the right direction, it would not be considered within one or more of the “safe harbours” identified for the purposes of meeting obligations under Section 4 of the Consolidated Handbook. Those “safe harbours” are located within Section 4.3.2 within Paragraph 20.
Electronic Identification Measures
Q: When accepting E-ID you mention additional steps required. What are your expectations in this area?
A: Our expectations regarding what additional measures could be considered when considering utilising an E-ID provider is contained as guidance within Section 4.3.5 of the Consolidated Handbook.
Q: If video certification was to take place but using a passport verifier type software i.e Worldcheck One could this be considered?
A: It would depend on the purpose and capabilities of the software. If utilising one of the safe harbours to collect and evidence identity, we would expect that they would be in line with the guidance provided for suitable certification or the guidance for E-ID.
We are unable to comment on specific applications being utilised.
Q: If the E-ID provider is limited to fulfilling the function equivalent to a suitable certifier, would that still be outsourcing?
A: If the E-ID application is being used to certify documentation, we would expect that this certification is in line with the guidance provided within Section 4.3.3 of the Consolidated Handbook, which is inclusive of the requirements of a suitable certifier.
The application of the Outsourcing Policy and Guidance Notes would depend on the interpretation of the Policy within the context of a specific Supervised Person and whether they would consider the Outsourcing Arrangement to be material. That said, the Outsourcing Policy and Guidance Notes are currently being reviewed and we expect to be in a position to consult on the revised Outsourcing Policy and Guidance during the course of 2022.
Q: You have noted that industry will need to consider the Outsourcing Policy when seeking E-ID solutions. Are you able to confirm either way whether or not a notification will be required? And if a notification is required, and a no objection is received, can the E-ID solution proposed be considered as approved by the JFSC, or could supervised persons still be criticized under examination for using a product which does not meet the correct interpretation of an acceptable solution by the JFSC?
A: The application of the Outsourcing Policy and Guidance Notes would depend on the interpretation of the Policy within the context of a specific Supervised Person and whether they would consider the Outsourcing Arrangement to be material. The Policy was originally drafted to enable businesses to make their own determinations as to whether any Outsourcing is material and requires notification to the JFSC. The Outsourcing Policy does not remove the responsibility of the Supervised Person of their regulatory obligations however provides a framework of our expectations when activities have been Outsourced how Supervised Persons should assess and manage that arrangement.
The Outsourcing Policy and Guidance Notes are currently being reviewed and we expect to be in a position to consult on the revised Outsourcing Policy and Guidance during the course of 2022.
Q: Why is eID outsourcing when using a suitable certifier is not? It is an electronic application in the same way that WorldCheck is. You are in fact bringing the process in house and controlling the risk better than a suitable certifier, so this is the opposite of outsourcing.
A: The application of the Outsourcing Policy and Guidance Notes would depend on the interpretation of the Policy within the context of a specific Supervised Person and whether they would consider the Outsourcing Arrangement to be material.
The reason why we suggested that the Outsourcing Policy and Guidance Notes are considered in this context is that we are aware that many E-ID applications are different from one another in the services they provide to Supervised Persons. In some scenarios, the process is being “brought in house” enabling Supervised Persons to control the risk, in other scenarios, the process is being managed and controlled by a third-party, with oversight from Supervised Persons under an Outsourcing Arrangement.
We are unable to comment on specific applications being used.
Q: Will there be a 'default' or preferred provider for e-id measures be introduced? The GoJ's has a relationship with Yoti already for Covid status certificates and OneGov. Is something is being developed for wider industry use with this relationship?
A: As mentioned in the Webinar, we are exploring all options with the Government of Jersey and Industry at this time in relation to the use of E-ID providers. We anticipate that we will be able to provide an update on the options currently being explored in the near future. If you have particular suggestions regarding this area, particularly with regards to developing and framework which is easier to navigate we would welcome your thoughts and suggestions. Please send the same to innovate@jerseyfsc.org.
Residential Address: Overseas
Q: With reference to 4.3.7 Residential Address: Overseas and the current AML Handbook. It states that you cannot obtain a verification of address via a home visit but if the country is regulated and an equivalent jurisdiction and the person who would visit said address is regulated, cant that be accepted?
A:Section 4.3.7 does not prohibit the use of a home visit as a way to obtain evidence of identity. Paragraph 110 of the Consolidated Handbook (paragraph 56 of the current Handbook for Regulated Financial Services Business) provides examples of situations where an individual may be unable to provide evidence of their principal residential address using the sources set out at Section 4.3.2. An example of this is where an individual is resident in a country where, due to social restraints, evidence of a private address may not be obtained through a personal visit. The phrase ‘may not be obtained’ in this context means ‘might not be possible’ e.g. it might not be possible to obtain evidence of identity via a home visit in some circumstances.
The guidance notes to Section 4.3.7 provide that a supervised person may demonstrate it has obtained evidence of identity through a home visit. The guidance also provides for alternatives where a home visit might not be possible e.g. a “locator” address.