Guidance on evidence required to prove legitimate search of the Obliged Entity Beneficial Owner Register

Glossary

Term	Definition
Accessing party/ies	The Relevant person or their representative as defined in Article 8A of the DPI Law
Beneficial owner	Defined in Article 2 of the DPI Law as ‘an individual who ultimately owns and controls ….’
CDD	Customer Due Diligence as defined in Article 3 of the MLO
DPI Law	Financial Services (Disclosure and Provision of Information) (Jersey) Law 2020
FATF	Financial Action Task Force
MLO	Money Laundering (Jersey) Order 2008
OEBO register	Obliged Entity Beneficial Owner register
Obliged entity/ies	Relevant person who is obliged to perform CDD tasks in accordance with the MLO and will be granted access to the OEBO register
Relevant person	As defined in Article 1 of the DPI Law

Background

On 11 September 2024 the States Assembly approved an amendment to the DPI Law to reflect the FATF recommendation that Obliged entities, referred to in the DPI Law as a "relevant person", or their representatives will be able to access certain personal information held by our Registry (central register) relating to the individual beneficial owners and controllers of a Jersey entity, strictly for the purposes of assisting with their CDD obligations pursuant to the MLO. This information must not be used for any other purpose and can only be disclosed in the circumstances detailed in Article 8B (2) of the DPI Law.

From the 24 February 2025, the lead administrator for the Accessing parties of the Jersey Obliged entities and their representatives have been permitted to access the OEBO register through myJFSC and are subject to the requirements of the DPI Law.

Searching capabilities of the OEBO register

The exact entity name or registered number must be entered to complete searches. This information can be found using the Registry entities search on our website.
An Obliged entity will be able to see the following details of a beneficial owner or controller of an entity (but not the details of any minors):

• name and any former name or other names by which the individual is or was known
• address for correspondence
• residential address
• nationality
• occupation
• gender
• date of birth
• place and country of birth

Registry Supervision Inspection team

With effect from January 2026, when the Registry Supervision Inspection team undertakes an inspection, they will be accessing the audit log held by the Accessing party and the central registry and will be selecting a sample of the Obliged entity’s OEBO registry searches to check that the searches have been undertaken for a legitimate purpose. The DPI Law creates offences if searches were not undertaken for a legitimate purpose or if supporting evidence of the search is not provided, which includes fines and imprisonment of up to 5 years.

Pursuant to Article 8C (1) of the DPI Law, we will be requesting that evidence be provided to us to support the legitimacy of a search. This could include:

• prospective and/or successful client or customer onboarding documentation
• the declined business register

In addition to the above, the Registry Supervision Inspection team will be requesting confirmation that the information has not been used for any other purpose. We anticipate a number of ways to demonstrate this including:

• explanation of use
• maintaining a record of correspondence in which the information is shared
• maintaining internal policies on CDD which limit its use

If searches are deemed to have been undertaken for any purpose other than completing the Obliged entity's CDD in accordance with the MLO, this constitutes a breach of the DPI Law and will be referred to the attorney general for possible prosecution.

Responsibilities of the Jersey entity

The Obliged entity is responsible for ensuring its employees, including contractors, only access the register for legitimate reasons, therefore the board of an Obliged entity must ensure that:

• employees understand the DPI Law and potential penalties for misuse
• users of the OEBO register are removed upon cessation of the employment relationship
• policies and Procedures are in place for usage
• a periodic role-based access control review by the lead administrator for the Accessing party takes place to ensure responsibilities are adhered to

Discrepancy reporting

The OEBO register does not verify or validate the particulars of Beneficial owners and controllers entered in the central registry by Obliged entities (or their nominated persons). Limited partnerships (other than separate and incorporated limited partnerships) are not legal entities so are not included as part of the OEBO register.

A discrepancy report will allow users of the OEBO register to report any discrepancies to us that have been identified between the information held on the central register, and other information available to the Accessing party.

Before reporting a discrepancy, please check that your information obtained from sources other than the OEBO register is current (within 3 months); if not please engage directly with the entity for updated information before reporting the discrepancy.

Upon receipt of a discrepancy report, we will notify the nominated person of the entity that a discrepancy has been identified by issuing a letter via email with details of the type of discrepancy.

If you receive a discrepancy notification as a nominated person, we expect you to:

• take action by assessing the discrepancy noted in the letter
• verify the details on the central registry match the entity’s records
• either confirm no discrepancies exist or file an updated associated party (UAP) submission

Timely assessment of discrepancy notifications is expected, and an entity is required to notify us within 21 days of becoming aware of any error or inaccuracy in the details on the central registry.

Failure to action a discrepancy notification may result in the entity’s risk rating being increased and it potentially being subject to an ad hoc inspection by the Registry Supervision Inspection team.

Receipt of a discrepancy notification is not necessarily a trigger event that would require a nominated person to refresh the nominated person's own CDD in relation to the entity. Assessment of current records held in relation to an entity may be sufficient.