Service notice - myRegistry will be unavailable due to scheduled maintenance from:

·         5:30pm on Tuesday 23 December until 8:00am on Wednesday 24 December
·         6:00pm on Tuesday 30 December until 2:00am on Wednesday 31 December
·         12:30pm on Wednesday 31 December until 9:00am on Thursday 1 January

Our Security Interests Register will also be unavailable from 6:00pm on Tuesday 30 December until 2:00am on Wednesday 31 December.

Updates to our 2024 supervisory risk data collection

The Sound Business Policy (formerly Sound Business Practice Policy) referenced in this document has now been superseded. 
Read the updated guidance and policy.

Glossary

Defined terms are indicated throughout this document as follows:

AIF Code

Code of Practice for Alternative Investment Funds

AIF Regulations

Alternative Investment Funds (Jersey) Regulations 2012

AMLSP

anti money laundering service provider

Banking Code

Code of Practice for Deposit-taking Business

BBJL

Banking Business (Jersey) Law 1991

Certified Funds Code

Code of Practice for Certified Funds

CIFJL

Collective Investment Funds (Jersey) Law 1988

Codes of Practice

(or Codes)

collectively, the

Alternative Investment Funds (AIF) Code

Certified Funds Code

Deposit-taking Business Code

Funds Services Business (FSB) Code

General Insurance Mediation Business (GIMB) Code

Investment Business Code

Insurance Code

Money Service Business (MSB) Code

Trust Company Business (TCB) Code

DNFBP

designated non-financial businesses and professions as defined in part 3 of Schedule 2 of the Proceeds of Crime (Jersey) Law 1999

FSB Code

Code of Practice for Fund Services Business

FSJL

Financial Services (Jersey) Law 1998

GIMB Code

Code of Practice for General Insurance Mediation Business

JFSC, we, us

Jersey Financial Services Commission

IB Code

Code of Practice for Investment Business

IBJL

Insurance Business (Jersey) Law 1996

Insurance Code

Code of Practice for Insurance Business

independent registered NPOs

an NPO registered under the Non-Profit Organizations (Jersey) Law 2008 that does not use the services of a TCB registered person

MSB Code

Code of Practice for Money Service Business

NPO

non-profit organisation

Prescribed NPO

an NPO as defined under Article 1 of the Non-Profit Organisations (Prescribed NPOs – Additional Obligations) (Jersey) Order 2022

registered person

a person who is registered, or holds a permit or certificate, as applicable, under one or more of the regulatory laws

Regulatory laws

the AIF Regulations, the BBJL, the CIFJL, the FSJL and the IBJL

reporting entity

a registered person or a supervised person

TCB

Trust company business

TCB administered NPO

an NPO that uses the services of a TCB registered person

TCB Code

Code of Practice for Trust Company Business

SRDC

supervisory risk data collection

SBL

Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008

supervised person

a person that is subject to our supervision in accordance with the SBL

1 Executive Summary

1.1 Overview

1.1.1   As we prepare for our 2024 AML/CFT/CPF and other supervisory risk data collection (2024 SRDC) in January 2025, we wish to provide industry with advance notice of changes that will be introduced.

1.1.2   These changes are set out in section 2 of this guidance note, and include additional delayed questions as set out in our feedback paper on consultation paper no. 9 2023.

Other changes include:

the collection of data from Schedule 2 businesses serviced via AMLSPs

additional data required to assess the application of the Financial Action Taskforce’s (FATF) AML/CFT ‘group’ requirements

this data will be sought from certain DNFBPs, via an ad hoc data collection exercise in October 2024, and TCBs via the 2024 SRDC as a one-off exercise

the introduction of additional system driven data validation

the introduction of SRDC for independent Prescribed NPOs on an ongoing basis from next year onwards

in the short term, this will be collected via an online survey and transition to myJFSC for the 2025 reporting year

introduction of late filing fees for non-submission of SRDC requests

withdrawal of the TCB PTC workbook

a change to the population of supervised persons that will receive the long-term insurance business SRDC workbook

1.1.3   This paper also provides an update on proposed future changes to the SRDC which includes our proposal to delay the introduction of conflicts of interest categories, wire transfer purpose of payment categories and additional questions required for the Jersey Resolution Authority.

1.1.4   In the future, additional questions may be included on products and services as recommended by Jersey’s 2024 MONEYVAL report.

2 Updates to the 2024 supervisory risk data collection

2.1 Customers conducting Sound Business Practice Policy activities

2.1.1   In our additional supervisory risk data consultation paper No. 9 2023, we proposed adding a question asking for the number of customers that carry out any activity listed in table 2 of our Sound Business Practice Policy.

2.1.2   Feedback from industry was that this information was held, but not easily extractable. Respondents had no electronic data fields to record it, so they would need to manually identify the information. We acknowledged this in our feedback paper on consultation paper no. 9 2023, and advised that this question would be deferred and requested in the 2024 SRDC. We recommended industry make appropriate adjustments to client records to enable easy extraction of this data.

2.1.3   The 2024 SRDC will include this new question within each of the sector workbooks.

2.2 Complaint categories

2.2.1   In our additional supervisory risk data consultation paper No. 9 2023, we proposed adding an additional conduct related question asking for the number of complaints recorded in the period, in the following categories:

poor administration, including customer service

customer due diligence process

fees/charges

mis-selling/unsuitable advice

withdrawal/refusal of services

fraud

on-payment of claim

transaction error

2.2.2   These categories mirror those used by the Channel Islands Financial Ombudsman (CIFO), and would allow us to analyse the volume of complaints received by industry versus the number referred to CIFO.

2.2.3   Categorising complaints is also helpful for reporting entities to identify patterns of complaints, as required by the Codes of Practice.

2.2.4   In our feedback paper on consultation paper no. 9 2023, we delayed the introduction of this question and recommended reporting entities introduce categorisation.

2.2.5   We intend to include this question in the 2024 SRDC exercise. For the first year of reporting, the data may be provided on a best endeavours basis until these categories are fully embedded into reporting entities’ complaint procedures.

2.3 Schedule 2 supervised persons using an AMLSP

2.3.1   The 2024 SRDC exercise will be the first year supervisory risk data is collected on supervised persons serviced via an AMLSP.

2.3.2   We intend to collect this data by issuing each AMLSP a workbook containing the names of each Schedule 2 business (the customer entity) it provides AMLSP services to. The following data will be requested:

the risk rating allocated to the customer entity by the AMLSP

the total number of customers of the customer entity, as at the reporting date or during the year ended on the reporting date

number of unique politically exposed persons by country[1], who are customers or beneficial owners and controllers of customers, of the customer entity

customer entity total income for the year end

number of internal suspicious activity reports handled by the customer entity and the number externalised to a Financial Intelligence Unit[2]

2.3.3   As this is the first year collecting data from this population, we will only ask for these five footprint risk data points, except for the DNFBP groups data referred to in 2.4.3 below. Additional data may be sought at a later date to better inform our understanding of the specific activities carried on by these customer entities.

2.3.4   AMLSPs will be requested to provide the data on behalf of its customer supervised persons. However, the liability to provide the data falls to the supervised person (the AMLSP customer that holds an SBL certificate). This means the late filing fee referred to in section 2.7 below, would be levied on the supervised person not the AMLSP.

2.4 DNFBP groups data collection

2.4.1   The Financial Action Task Force (FATF) require jurisdictions to understand the group structures of DNFBPs[3] by collecting data, and analysing risk in order to apply ‘group’ requirements when deemed necessary.

2.4.2   For the 2024 SRDC, we will be seeking additional data (see section 4, appendix A) on DNFBP group structures[4]. This data will be used to inform our risk understanding of the applicability of the recently amended FATF Recommendation 23, which clarifies “the requirements in Recommendation 18 on group-wide programmes against money laundering and terrorist financing apply… to DNFBPs operating under the same structures as financial groups”. It will also be used to inform whether similar data should be collected on an ongoing basis from certain DNFBPs.

2.4.3   We intend to collect this data in two phases:

Phase one: an ad hoc data collection exercise for DNFBPs supervised by our DNFBP/NPO/VASP team. These are DNFBP entities as defined in paragraphs 18 to 22 excluding paragraph 23 (TCSPs) in Part 3 of Schedule 2 of the Proceeds of Crime (Jersey) Law 1999. This will consist of a short workbook covering the questions listed in appendix A. The data collection will be issued via myJFSC with a 4 week submission timeframe. We intend to issue this data collection in early October 2024.

Phase two: for the remaining entities (TCSPs,[5] including those serviced via an AMLSP), this data would be requested at the same time as the 2024 SRDC in the following form:

TCB registered persons will be requested to provide their data in a new ad hoc DNFBP groups workbook, issued at the same time as the 2024 SRDC with the same timeframe for completion.

TCSPs serviced via an AMLSP will be requested to provide data under a separate tab in the AMLSP 2024 SRDC workbook.

2.5 Non-profit organisations data collections

2.5.1   The data we received from NPOs as part of the 2023 SRDC exercise has provided a valuable source of information to inform our risk understanding of this sector. This information will help inform our supervisory risk model and future national risk assessments.

2.5.2   The proposal for the 2024 SRDC is to collect data from all:

TCB administered NPOs in the same way as we did this year, in respect of 2023 data

this would be a workbook provided via myJFSC and the questions will remain the same

independent Prescribed NPOs using an online survey, in a similar way to how the 2023 SRDC was collected

2.5.3   We intend to collect supervisory risk data from the above referenced NPOs on an annual basis.

2.5.4   The 2024 SRDC will not apply to independent registered NPOs (those who are not Prescribed NPOs).

2.5.5   We plan to move the data collection submission process for independent Prescribed NPOs to myJFSC, our online platform for communicating with registered persons. This will allow all supervisory risk data to be collected, using the same mechanism for all other reporting entities. Outreach will be provided to this sector to support them with the migration to myJFSC. It is anticipated that the 2025 SRDC for independent Prescribed NPOs will be collected via myJFSC in 2026. 

2.6 Data validation and integrity checking

2.6.1   In the Section I – Global Footprint workbook there are eight mandatory questions that apply to all reporting entities. Our guide to integrity checking your Section I risk based supervision data sets these out in section 2, extract shown below.

Question Number

Data required (summary text)

Data type

A1

Full name of reporting entity

Alpha numeric characters

A2 and A3

A2 must be completed by a reporting entity registered to carry on one or more of: (a) deposit-taking; (b) trust company business; (c) investment business; (d) fund services business; (e) AIF services business; (f) money services business; (g) general insurance mediation business (class P or Q); and (h) insurance business

X to indicate all that apply

A3 must be completed by a reporting entity:

(i)   registered to carry on a Schedule 2 Business such as lawyers, accountants and lending.

(ii) which is a regulated business carrying on any activity listed with question A3.

Dropdown menu

(Yes ; No)

A17(a)

Total income (as an absolute value e.g. GBP 10,000)

Number

A17(b)

Estimate of income from regulated Schedule 2 business activity for the same period as reported in A17(a) (as an absolute value e.g. GBP 8,000)

Number

A18

Number of employees (full time equivalent)

Number

A19

Number of employees (full time equivalent) working in compliance and risk

Number

A21

Total number of customers

Number

2.6.2   We have identified that reporting entities are not always providing responses to these questions.

2.6.2.1 To highlight the mandatory nature, we aim to make this clearer within the workbook and incorporate submission data validation.

2.6.2.2 Therefore, where a workbook is submitted and the portal identifies that these questions have not been answered, the submission will not pass validation, and an automated email notification will be sent to the submitter to explain why.

2.6.2.3 The submitter will then be required to resubmit the workbook with these fields populated.

2.6.3   We encourage all Reporting Entities to conduct their own data integrity checks on their SRDC workbooks before submission. Our guide to integrity checking can be used to support with this process.

2.7 Late filing fees

2.7.1   In 2023, we introduced a new Code of Practice requirement under:

section 2.5, paragraph 76 of the AML/CFT/CPF Handbook “When in receipt of a risk Questionnaire from the JFSC, a supervised person must complete and return it by the deadline provided”

section 6 of the Codes of Practice “Where the JFSC so specifies (whether in the Code or otherwise) a registered person must notify or provide information by means of the JFSC’s online portal”.

2.7.2   These new code requirements place an obligation on reporting entities to submit, inter alia, supervisory risk data to us.

2.7.3   In addition, the fees notices provide that registered persons and supervised persons shall be liable to pay a late filing fee for failure to file or deliver any document to us, under the provisions of the Regulatory Laws or the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008 (SBL).

2.7.4   There are a minority of cases where reporting entities fail to comply with our requests for supervisory risk data. Reporting entities should be aware that failure to comply with supervisory risk data collection requests is a Code of Practice breach and may result in the application of a late filing fee.

2.8 Withdrawal of the trust company business private trust company (PTC) workbook

2.8.1   Following changes in 2023 to the Proceeds of Crime (Jersey) Law 1999, PTCs are now required to register their Schedule 2 business with us meaning that we will hold data directly from PTCs. As a result, there is no longer a need to seek this information from the PTC’s TCB provider and the TCB PTC supervisory risk data collection workbook will be withdrawn from the 2024 SRDC.

2.9 Applicability of the insurance business sector workbook

2.9.1   The insurance business supervisory risk data collection workbook is applicable to insurance businesses conducting long-term businesses.

2.9.2   Following our publication of guidance on the interpretation of 'in or from within' for the purposes of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008 in September 2023, a significant number of Category A insurance business permit holders notified us that they do not meet the “in or from within” test set out in the guidance.

2.9.3   Consequently, these Category A insurance business permit holders will not be required to complete the insurance business supervisory risk data collection workbook, as it only applies to supervised persons registered to conduct long-term business as set out in paragraph 15 of Part 2 of the Proceeds of Crime (Jersey) Law 1999.

2.9.4   All insurance business permit holders, including those referenced above, will still be required to complete the Section I: footprint supervisory risk data collection workbook.

3 Future changes

3.1 Prudential questions

3.1.1   The three prudential questions proposed in our additional supervisory risk data consultation paper No. 9 2023 were delayed as advised in our feedback paper on consultation paper no. 9 2023.

3.1.2   These questions were delayed while further consideration was given to collecting this data through established prudential reporting mechanisms. Our review of the existing prudential reporting mechanisms concluded that these three questions will not feature in future SRDCs.

3.1.3   However, the review identified that enhanced data validation of prudential reporting is required due to a small number of data integrity issues identified.

3.1.4   We published these issues in our 17 April industry update: submitting financial statements? Don’t forget to validate your data.

3.2 Conflict of interest categories

3.2.1   In our additional supervisory risk data consultation paper No. 9 2023, we proposed adding two conflict of interest questions to the annual SRDC. Following feedback from industry, we agreed to delay the introduction of these questions while further consideration is given to the scope and categories suggested.

3.2.2   We will use the output from our 2025 conflicts of interest thematic examination programme to inform our understanding of how entities, across different sectors, manage the risk of conflicts of interest, and in particular, how these conflicts are categorised.

3.3 Wire transfer purpose of payments

3.3.1   In our feedback paper on consultation paper no. 9 2023,we advised industry that we would delay inclusion of purpose of payment questions and work with the ISO 20022 standard and its purpose codes and descriptors. This is the most pragmatic approach to attaining universally accepted categories.

3.3.2   In April 2024, the Bank of England (BoE) announced that it would defer the mandated adoption of ISO 20022 for financial institutions to Financial Institution Clearing House Automated Payment System (CHAPS) payments (the first phase of mandatory adoption) from November 2024 to May 2025 in line with industry feedback. The BoE plans to roll out mandated adoption of ISO 20022 across all CHAPS payment channels in November 2027 (final phase).

3.3.3   Our feedback paper states “should there be a delay to ISO 20022 implementation we will proceed with requesting data in the appropriate categories to ensure that the delay does not impact on our ability to effectively supervise ML/TF/PF risk. Equally, in the interim, to ensure that there is effective and adequate supervision of transaction monitoring to and from higher risk jurisdictions, supervisory testing/examinations may be conducted during 2024 and 2025 as part of our on-site programme.”

3.3.4   Our financial crime examinations programme has, and will continue to assess the effectiveness of supervised persons’ transaction monitoring. Since the publication of our feedback paper, there have not been any significant findings in relation to wire transfer transaction monitoring.

3.3.5   FATF Recommendation 10 on customer due diligence, and the interpretative note, requires financial institutions to understand the rationale for transactions and conduct ongoing monitoring of the business relationship, including scrutinising transactions on a risk-based approach: “obtaining information on the reasons for intended or performed transactions[6]”.

3.3.6   This recommendation has been incorporated into our regulatory framework[7] and requires supervised persons to monitor transactions, which should include reviewing the purpose of a payment.

3.3.7   Based on the above, we will delay the inclusion of purpose of payment questions within our wire transfer supervisory risk data collection workbook until the 2027 SRDC, collected in 2028. On a risk-based approach, we also intend to limit the scope of the questions to higher-risk jurisdictions.

3.4 Jersey Resolution Authority questions

3.4.1   In our additional supervisory risk data consultation paper No. 9 2023, we proposed including 25 additional prudential data questions, primarily to inform the JRA’s critical function assessment of the banking sector.

3.4.2   Following feedback from industry, the inclusion of these questions was deferred to enable the JRA to have more time to fully review the feedback and amend the questions, as appropriate. The JRA committed to work with us and industry, to agree on a final set of questions. This process is underway, and in August 2024, the JRA held workshops with industry in this respect. 

3.4.3   However, further work is required. It is acknowledged that banks will need time to develop system capability to capture all requested information. Therefore, these questions will not be included in the 2024 SRDC. 

3.4.4   The JRA is considering whether to request 2024 data directly from banks and plans to consult with industry in Q4. We will continue to liaise with the JRA and industry and this may result in inclusion of relevant questions in future years (i.e. 2025 or beyond). 

3.5 MONEYVAL Mutual Evaluation Report

3.5.1   On 24 July 2024, the MONEYVAL fifth Round Mutual Evaluation Report[8] was published and contains recommendations to obtain more granular inherent risk data pertaining to key areas, such as products/activity risks, transactional activities by customers (including links to certain products/services) and high-risk customer groups.

3.5.2   We will take these recommendations into consideration for the 2025 SRDC, which is due to be collected in 2026. This will likely result in reporting entities being requested to provide additional data on their products/services/activities.

4 Appendix A: DNFBP groups data collection questions

 

Question

1

Do you consider the reporting entity to form part of a traditional DNFBP group?

If you answered ‘Yes’ to question 1, please move directly to question 3(a).

2

Do you consider the reporting entity to form part of an other DNFBP group?

If you answered ‘Yes’ to question 2, please complete questions 3-5. If you answered ‘No’ to questions 1 and 2, no further action is required.

3

If yes to question 2, please confirm the relationship between the reporting entity and the controller of the other DNFBP group (e.g., direct shareholder).

3(a)

Provide a summary of how the traditional DNFBP group/other DNFBP group operates in practice.

4
  1. How many other entities in that group?
  1. In which jurisdiction is the entity responsible for setting the group wide programmes domiciled?
  1. What activities do the entity referred to in 4(b) undertake?
  1. Do you have shared customers across the group?
  1. Do you have any shared compliance arrangements? If so, what are they?

5.

Does the traditional DNFBP group/ other DNFBP group, of which a reporting entity is a member:

a

Maintain policies and procedures by which a relevant person within a traditional DNFBP group/other DNFBP group, which carries on financial services business or equivalent business, may disclose information to a member of the same traditional DNFBP group/other DNFBP group, but only where such disclosure is appropriate for the purpose of preventing and detecting money laundering or managing money laundering risks.

b

Maintain adequate safeguards for the confidentiality and use of any such information by the reporting entity

c

Monitor and manage compliance with, and the internal communication of, such policies and procedures (including the appointment of a compliance officer for the traditional DNFBP group/other DNFBP group) of the reporting entity

d

Screen employees of the reporting entity

[1] The country (or countries) that has resulted in their PEP status (rather than country (or countries) of residence)

[2] Either in Jersey or overseas

[3]  DNFBPS as defined within Part 3 of Schedule 2 to the Proceeds of Crime Law including Trust Company Businesses

[4]For the purposes of this data collection and in accordance with the Article 11A of the Money Laundering (Jersey) Order 2008, “Traditional DNFBP Group(s)” includes a group of persons falling within Part 3 of Schedule 2 to the Proceeds of Crime (Jersey) Law 1999 (designated non-financial businesses and professions including TCSPs) if there is, in relation to the group, a parent company or other legal person that exercises control over every member of the group.

[6] Interpretative note to Recommendation 10, paragraph 20 https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/FATF%20Recommendations%202012.pdf.coredownload.inline.pdf

[7] AML/CFT/CPF Handbook Section 6.2, paragraph 37

[8] FATF and MONEYVAL (gov.je)