Introduction
Background and Scope
The Channel Islands government is committed to ensuring that lawbreakers, such as money launderers and terrorists, cannot legalise the profits of crime via the Channel Islands or use its fund and business industries.
The Handbook is a report on the criteria of mitigating terrorist funding and financial fraud. The guideline covers business organisations and financial institutions for all specified investments.
If a firm or institution is complacent in laundering the profits of crime or funding terrorist organisations, it might face regulatory analysis, the reduction of its standing and criminal investigations. The participation of a specified firm with illegal profits or terrorist capital would also harm the integrity and status of the Channel Islands within the global finance environment.
Under the Channel Islands law, crimes are prosecutable, with the exclusion of a few small offences that concern public purchase. The scope of violations is broad and includes, but not restricted to, the following:
- Involvement in a criminal group and racket
- Terrorist acts and vices
- Funding branded nuclear warheads
- Human trading, smuggling and trafficking
- Sexual abuse and child exploitation
- Illegal sale of narcotic compounds and substances
- Unlawful arms marketing
- Marketing stolen products
- Fraud, inducement and tax invasion
- Piracy
- Ecological offence;
- Vandalism, homicide, robbery, trafficking, forgery, coercion and hijacking.
While the provisions within this guide cover all business investments that apply a risk-based strategy and client due diligence, some obligations in this Handbook are irrelevant to specific industries.
Handbook Purpose
The Channel Islands Handbook will assist companies to operate under the requirements of applicable laws on funding terrorism and money laundering to protect the system from abuse.
Money laundering is an act of concealing criminal proceeds to make them appear legit. ML is also the process of evading arrest, conviction and prosecution by disguising the origin of illegal proceeds of criminal activities.
Financing terrorism seeks to strengthen a group’s financial base or advance the cause of a minority movement. FT could be done with legitimate and illegal proceeds of business transactions.
The Channel Islands Handbook sets modalities to detect and counter money laundering and FT using compliance strategies approved by the Commission.
The Commission recognises the various tactics adopted by industries that are specified to prevent money laundering and terrorist funding. This guide attempts to embrace a technology-neutral position, allowing the company to choose any technological alternative (s) appropriate to satisfy its duties.
The Channel Islands Handbook introduced the concept of Money Laundering Compliance Officer (MLCO), who enforces compliance of all entities to the AML/CFT requirements.
The MLCO officer must monitor and test systems, investigate non-compliance, create effective control mechanisms, and report its findings to the Board of the Channel Islands.
With this directive, the MLCO is authorised to act as an MLRO as required in specific duties.
The FATF 2012 approvals say that companies need to possess an autonomous audit function to check AML/CFT compliance.
Under the risk-based approach, the Channel Islands created improvements to the principles and advice across the Handbook to allow companies to embrace a risk-based strategy.
The guidelines were expanded to include obligations on risk evaluations and introduce concepts like the weighting of risk variables.
Firms should consider all risk factors regarding business associations or transactions to ascertain whether their aggregate impact may increase or reduce the corporation’s risk exposure. Risk factors must be weighted based on their significance.
Under business risk assessment, the Handbook was expanded to include additional details about the appraisal and certification of evaluations.
The board has to take possession of and responsibility to the BRA and create the company’s risk appetite.
Failure to Meet the Required Standards
For any company, whether controlled or listed with the Commission, the consequences of any substantial failure to satisfy the criteria demanded, the Commission will invoke legal solutions.
The Commission will impose a variety of disciplinary and monetary sanctions, including the capability to remove, restrict or revoke the license of the business where applicable.
If the organisation is listed and controlled by the Commission, it must evaluate the failure of compliance by the company its supervisors, directors and employees. In defining whether the company aligns its business with honesty and aptitude and if a ‘natural person’ is appropriate, the Commission must refer to the compliance rules of Schedule 3.
Where the Commission does not govern the company, the authorities must refer to the compliance rules of Schedule 3 to consider the listing of the firm.
Data Protection
The law requires the company to organise and preserve records and certification. Where such documents and certification include private information, the company must comply with the Privacy and Protection Act for individuals within the EU.
The Financial Action Task Force (FATA)
As the name implies, The FATF is an intergovernmental organisation created by the ministers of its member authorities. The requirement for the FATF would be to establish criteria and to encourage the successful execution of legal, functioning, and supervisory steps for combating money laundering, funding terrorism and other associated risks to the integrity of the global financial system.
The FATF approvals and endorsements are recognised as the global AML and CFT regulations and standards. The FATF references establish a global standard that states should implement through steps adapted to their conditions. The FATF approvals and endorsements provide procedures and measures nations must
- change to identify threats and create policies and national co-ordination
- Mitigate money laundering, funding terrorism and proliferation of biological weapons
- Apply precautionary steps for the financial industry and other monetary institutions
- Set roles and responsibilities of its competent agencies
- Improve the transparency and accessibility of beneficial ownership data of authorised individuals, and legal agreements
- Facilitate global co-operation.
Corporate Governance
Effective corporate governance must all the board of directors to pursue goals in the interests of the company and its shareholders and should facilitate operational tracking to evaluate its compliance with anti-money laundering and counter-terrorism funding.
A corporate governance structure is the categorisation of mandate and duties among members, like the directors, administrators and other stakeholders and its requirements.
The establishment of an effective corporate governance system facilitates confidence and accountability for long-term expenditure, financial stability and company ethics.
Effective corporate governance creates a structure on guidelines, controls and processes of the company to mitigate money laundering and terrorism financing.
The Channel Islands Code of Corporate Governance
The company shall maintain superior standards of corporate governance to provide a controlled financial service business and respective managers using an efficient framework to discharge their responsibilities effectively and economically, the Commission.
Board Responsibility for Compliance
The board of directors shall handle the company effectively to observe, comprehend and assess the possible threat or risks, such as money laundering and terrorism financing. The management shall take possession of, and liability for the company risk assessments and evaluation.
The board must evaluate its risk appetite, the exposure to ML and FT activities based on its hierarchical structure, clients, nations, boundaries, and how it implements its services.
The evaluation shall consider the impact of threats recognised, which may surpass the aggregate of each risk component.
Based on its business hazard evaluation, the firm must adopt an effective strategy to counter tax evasion and financing of psychological oppression.
The management shall establish and sustain appropriate and effective strategies, controls, and procedures using the size, character and the complexity of its organisation.
These strategies, controls, and processes must allow the company to conform to the standards of the Commission. The requirements include:
- Organise, record and preserve business risk evaluations to categorise the underlying ML and FT threats and to specify its risk appetite.
- Facilitate threat evaluations of business associations and intermittent transactions to classify those that require ECDD and SCDD measurement.
- Employ adequate CDD obligations to sort and confirm the identity of clients, beneficial owners and other relevant stakeholders, whether natural people, legal officers and legal agreements and to ascertain the purpose and character of the company connection or intermittent trade.
- Employ ECDD guidelines to business associations and intermittent trades that score higher threat assessment of money laundering and financing terrorism.
- Apply SCDD guidelines in situations where the firm’s transactions on ML and FT have been measured as low.
- Facilitate trade and action monitoring.
- Monitor company associations on a scale appropriate to guarantee that unusual and questionable activities are emphasised and prioritised.
- Monitor clients, payees, beneficial owners and other stakeholders based on the EU recommendations.
- Report immediately to the financial intelligence service where the compliance officer suspects that the firm or individual is an accomplice in ML or FT activities.
- Investigate money transfers and payment transactions where the employee acknowledges incomplete or missing transfer data of the payer and payee.
- Evaluate prospective workers to ensure the integrity and competence of staff and directors.
- Approve and organise appropriate and adequate AML and CFT workshops and training to workers and managers.
- Manage, store, and maintain databases for timely retrieval and accessibility.
Board Oversight of Compliance
Under this obligation, the organisation shall maintain adequate coverage of all compliance requirements and policy provisions.
The board of management should consider the relevance and efficacy of its compliance agreement and its coverage for the inspection of operational transactions using the demands of Schedule 3.
Based on this obligation, the firm shall appoint the MLCO who will enforce and implement the company’s compliance policies to avert and detect ML and FT transactions.
The board must evaluate its risk assessment strategy and recommend whether to maintain an independent financial evaluation.
The board should guarantee that the compliance inspection coverage considers the size, character, and benefits of the company, which includes the threats identified in the company risk evaluation. The coverage includes a need for sample testing of their efficacy and adequacy of its policies, processes and operational controls.
The board shall deploy a risk-based strategy after specifying its compliance inspection coverage. Therefore, the policy must examine the suitability, efficacy and adequacy of the firm’s control systems based on its obligations.
This includes the following but not limited to:
- The implementation of CDD approaches.
- The firm’s management information.
- The testing and organisation of third party transactions.
- The proficiency of the money laundering reporting officer.
- The control of confidential disclosures under the financial intelligence service.
- The control and management of sanction threat and notices.
- The provision of AML and CFT workshops to guarantee quality training, knowledge and improved performance.
The board shall assign its duties but must review its compliance with the AML and CFT regulations and standards.
Where the company classifies any deficiencies based on compliance, the management must fix those deficiencies and provide recommendations for adoption.
Where a different entity manages the company, the obligation for its compliance must be evaluated by the board of the new entity.
Outsourcing Responsibilities
Where the company outsources its services to another institution, its board must manage the compliance process to prevent illegal transactions and operations.
If the company agrees to delegate or outsource its functions to another party, it ought to:
- Review the guidelines of the Commission.
- Apply a ‘term of reference’ explaining the provisions of this agreement
- Define the roles and duties of the company and the third party agent.
- Separate the functions of the reporting officer, the compliance officer and other outsourced agents.
- Guarantee proper supervision of the task undertaken with the third party agency or institution.
Before its approval to outsource its services, the company must conduct a threat assessment of possible exposures to ML and TF operations and must document its findings as a business risk analysis.
The company must investigate the threats identified with its assessment of an outsourcing agreement and conduct a continuous risk assessment process.
Where the firm approves the recommendation to outsource its services, the organisation must ensure that:
- The third-party provider:
- It has adequate knowledge, competence, and expertise.
- The firm understands the Commission’s AML and CFT requirements.
- Is adequately resourced to conduct its responsibilities.
- Has effective policies, methods, and techniques that reflect the changing trends in ML and FT transactions.
- Is evaluated and subjected to specific due diligence to guarantee the integrity of the outsourced agent.
- The assignment of the third party is observed and measured to guarantee it conforms to the recommendations of the Channel Islands handbook.
- The findings and documents of transactions submitted by the outsourced party are genuine, accurate, precise, clear and contains detailed information on the working modalities of the organisation.
- The accounts obtained by the outsourced party explain the strategy of its services and assessment procedure.
The board management must verify the veracity of reports provided by a third party to avoid intentional misrepresentation.
Where the company accepts to outsource its function to an unknown entity, the board must verify if the entity has the capacity and policy to detect and counter ML and FT operations. The company should consider whether outsourcing plans create challenges and aid money laundering activities.
Foreign Divisions and Subsidiaries
Under the Commission’s mandate, a company must guarantee that its subsidiaries or divisions comply with:
- The regulations of the Channel Islands Handbook.
- Conditions or regulations applicable in that territory or state that is compliant with the Financial Action Task Force.
The AML and CFT strategies must be aligned to suit the geographical trends of the substation.
The company must ensure that its foreign divisions execute policies, processes and controls that counter and detect money-laundering activities.
The strategies and controls must ensure that safeguards about the confidentiality and use of data exchanged between the company and its subsidiaries are secured.
Along with notifying the Commission of its findings, the company should ensure that proper controls are enforced in areas where compliance is ineffective.
The company must evaluate the AML and CFT process in areas of least resistance to prevent ML or FT transactions.
Where the company is a currency service supplier registered with the Commission, they must employ brokers to conduct its responsibilities.
Liaison with the Commission
The board of this company shall notify the Commission of any security breach or failure to implement its control and policies. This list is not definitive but could be used as a guide for the undersigned information. The company must notify the Commission when:
- The company clarifies its compliance monitoring agreements and categorises the regions of non-compliance
- The company receives red flags by a third party identifying regions where remediation work is advocated.
- The company receives a report by an informer.
- The company acknowledges that non-compliance exists across its subsidiaries or divisions and may have affected its policies and controls against AML and CFT requirements.
- The company discovers the outsourced party neglected its compliance policies and controls.
- The firm identifies any material of non-conformity between the parties involved and mutual trade with a related link to a state listed in the Commission’s business group.
- Any violation of the requirements attracts the Commission’s sanctions.
The Commission must be notified when the firm breaches its administrative protocols.
The firm shall exclude the following scenarios from the notification process when:
- The event or activity is isolated
- The action can be resolved without hesitation.
- The operation does not constitute a regulatory risk to the organisation.
- It cannot undermine the accuracy of:
- The CDD data of the client or stakeholder.
- The company’s knowledge of the beneficial ownership of the client.
- The company’s understanding of the function and planned action of the business transaction.
The company must record all transactions irrespective of its priority risk measurement. The Commission reserves the authority to request for all transactions without receiving any formal notification of compliance.
Where the company has decided that an issue deserves notification to the Commission, the Commission shall receive prior information even when the matter is under investigation.
While not a comprehensive list, these are instances where the Commission acknowledges the poor reporting process. It is a matter of poor reporting when:
- The company lacks the funds to undertake the necessary remediation work before informing the Commission
- The company has discovered no proof that a real financial fraud occurred due to non-compliance policies and controls.
- The board decides to postpone the notification process while it conducts a risk assessment analysis.
Key Persons
Money Laundering Compliant Officer
The firm must appoint a compliant officer (MLCO) to conduct its operations.
The appointment must be thorough under standard procedures. Therefore, the MLCO must
- Be a natural individual
- Be of supervisor level
- Possess skilled knowledge, ability and expertise to match a compliance function within the company
- Be utilised by the company within the same category as the firm (where it is suitable for the employee of their supervisor to be recommended)
The company shall ensure that the appointed officer:
- Has authorised access to the documents of the company
- Has adequate funds and assets to do their responsibilities
- Gets the collaboration of their company’s staff
- Is conscious of their duties
- Reports to the board regularly
The officer must observe and report compliance with policies, controls and procedures to mitigate, prevent and discover ML and FT.
The board is accountable for the company’s compliance operations such as setting appropriate and effective policies, regulations and guidelines to prevent and tack money laundering activities and terrorist financing.
Functions of the MLCO comprise:
- Assessing the observation and analysing of AML and CFT guidelines, processes standards and systems to evaluate their appropriateness and efficacy
- Exploring issues of non-compliance
- Setting standards to mitigate threats arising from the company’s compliance review to fix problems where necessary
- Acting as a contact person to address compliance challenges
The money laundering and complaint officer MLCO shall supervise oversight functions.
A natural person can act as the MLRO and MLCO simultaneously.
Money laundering Reporting Officer
Similar to the MLCO, the firm must appoint a natural person to discharge its mandate.
The appointment must be thorough under standard procedures. Therefore, the MLRO must.
- Be a natural individual.
- Be of supervisor level.
- Possess skilled knowledge, ability and expertise to match a compliance function within the company.
- Be utilised by the company within the same category as the firm (where it is suitable for the employee of their supervisor to be recommended).
The company shall ensure that the MLRO:
- Has authorised access to the documents of the company.
- Has adequate funds and assets to do their responsibilities.
- Gets the collaboration of their company’s staff.
- Is conscious of their duties.
- Reports to the board regularly.
The mandate of the MLRO empowers them to work without hindrance and act independently.
The MLRO has to be liberated to get immediate access to the financial intelligence service to report questionable activity.
Nominated Officer
A nominated officer acts on behalf of a reporting manager. The nominated officer shall receive the firm’s disclosures and other compliance operations.
The nominated officer must be a natural individual and should attain the manager level. The officer shall possess the right knowledge, ability and expertise.
All employees within the company should be mindful of the natural individual (s) to whom disclosures should be produced in the absence of the MLRO.
The obligations in this section do not apply where the company comprises one investor a license holder and a normal person enrolled as a prescribed business.
Risk-Based Strategy
Introduction
This section will help the company in carrying a risk-based strategy to mitigate the use of goods and services for money laundering and financing terrorism. The standard guidelines, following the Channel Islands Handbook, can be categorised into three main structures.
- Risk-Based Strategy: The guideline on this structure summarises risk-based strategy
- Investment Risk Assessment: The guidelines on this structure summarise business risk assessment associated with money laundering and financing terrorism. The regulation empowers the firm to conduct risk appetite.
- Link Risk assessments: the guideline under this section describes the applicable responsibilities for the running of risk assessments of existing and new business associations and intermittent trades.
Definition, Context and Importance
A risk-based strategy encourages the development of diagnostic measures that are linked with the ML and FT vulnerabilities identified with the company and to cope with these threats from the cost-effective and impartial way.
The firm must:
- Know its ML and FT threats,
- Create effective strategies and designs to:
- Classify
- Evaluate
- Prevent
- Handle and observe threats based on the demands of the Handbook
A risk-based strategy recommends actions to handle the ML and FT vulnerabilities confronted by the company:
- Classifying threats posed to this business from ML and FT and regions with higher risk score
- Analysing the likelihood of these threats occurring and its effect on the firm’s business operations
- Mitigating the incidence of identified risks and its consequence using proper and effective strategies, controls and techniques
- Handling the residual threats arising from vulnerabilities the company cannot re-evaluate
- Assessing and monitoring business risks identifying if there are trends in the vulnerabilities, which demand adjustments to the firm’s strategy, processes and regulation.
Under the risk-based strategy, it is vital that documentation is retained to ensure the board and senior administration will demonstrate their compliance.
A risk-based strategy begins with the classification and evaluations of threats that require managerial processes. The firm shall evaluate the risk of its involvement in ML and FT activities based on clients, countries, products and geographical locations.
In defining the risk-based strategy, the company must analyse and comprehend how the recognised ML and FT threats affect its enterprise. The analysis should consider a firm’s risk appetite and impact on its strategic goals.
With the deployment of risk evaluations and conclusions, the company can establish the foundation for a risk-sensitive method to manage and mitigate money-laundering activities. A risk-based strategy does not exempt the company from applying enhanced steps where it identifies prioritise risk variables as detailed this Handbook.
The regulations described in this Handbook do not prohibit the supply of any services or the endorsement of any client unless there are reasonable grounds to assume that the client or the owner is connected with ML or FT activities and operations. The risk-based strategy as described in this manuscript expects that the dangers posed by clients, nations, services, trades and delivery stations are recognised, evaluated and mitigated, and that proof of these assessments and controls are is recorded and reviewed periodically.
By embracing a risk-based strategy, the company must ensure that steps to avert or lessen money laundering activities or to finance terrorism are proportionate with the identified threat. Risk evaluations permit the company to make decisions about effective ways to allocate its assets and ascertain its tolerance for risk.
Systems cannot detect or prevent ML and FT operations. A risk-based strategy will balance the cost weight on the firm and its clients using an effective appraisal of the threat. The firm shall focus its controls where it is required and has many effects.
The Advantages of a risk-based strategy include:
- Knowing the ML and FT risks change across its clients, nations, locations and services
- Enabling the board to use its approach on specific, allowing managers to prioritise customers and investors
- Facilitating a cost-effective method of risk control
- Reproducing expertise and proportionality by modifying strategies and actions to risk assessment
- Allowing the use of these requirements for all relevant risk variables
- Permitting risk accumulation, evaluation, assessment, prevention and control measures
Businesses differ in size and operations materially. A strategy that prevents ML and FT actives in one transaction could be unsuitable in another. The section offers knowledge on risk variables that supports threat management framework.
Diagnosis and Mitigation of Hazards
Risk can be measured under three variables, and its assessment must apply control based on these factors:
- Threat: the firm shall classify threat as an individual, investor, stakeholder, product or service that has the capacity to trigger harm
- Vulnerability: The firm shall classify vulnerability as the likelihood of gaps, Channel, or weak links that can be abused, encouraged or facilitate the threat activity.
- Outcome: The firm shall recognise threat outcomes as the effect or impact of money laundering and FT activities.
Having recognised its weak links, the company should enforce strategic actions to mitigate and prevent its outcome. The firm must regulate vital controls or processes to decrease the risks identified. The recorded threat assessments will aid the company in creating its risk-based strategy.
The company shall adhere to standard practices as prescribed by the Commission and the NRA. Under their guidance, the firm shall prioritise risk variables, measure risk appetite and develop strategies to mitigate them.
Besides those mentioned previously, data about ML and FT risk factors could be sourced from different Channel or via accessible databases or tools that pool data from several resources. Information sources include but not limited to:
- Documents published by the UK, EU, and financial institutions
- Journals and statements released by law enforcement agencies such as financial intelligence service for example risk assessment reports, alarm notices and categories
- Data published by the Commission, which include but not limited to warnings and the justification of its activities and enforcement procedures
- Data from global standard regulator, for example, advice papers and press releases on target threats or mutual analysis intelligence connected to specific countries or geographical area
- Data provided by corporate industries such as risk categorisation and emerging dangers threats
- Intelligence printed by non-governmental organisations
- Data printed by respectable and dependable resources
Documenting and Maintaining reports about the outcomes of the company’s threat assessment framework will demonstrate how managers:
- Identify and assess the risk of aiding ML and FT operations
- Implements effective policies, controls and measures to handle and enhance ML and FT threat
- Ensures transparency of the board concerning the performance of its strategies, procedures and controls.
Threat Accumulation
The company must consider all risk variables to ascertain whether their collective impact may increase or reduce the company’s risk exposure and its impact on the control strategy deployed to mitigate the threat.
This type of approach is applicable to company business operations and individual investment relationships or intermittent transactions.
Additionally, other operational aspects, such as outsourcing might raise the threat level of each transaction. The firm shall evaluate third party transactions to prevent, detect and control the vulnerabilities of ML and FT.
Weighing Risk Factors
When a firm weighs the risk of any investment or transactions, the board must evaluate risk variables differently based on its relative significance.
When considering risk variables, the company should make an informed decision about the significance of each factor assessment as it relates to money laundering activities and transactions.
The weight of the threat score may vary between products and customers. When considering risk variables, the company should ensure:
- The threat score does not reflect one risk variable
- Financial factors do not affect the risk evaluation
- The threat score does not affect another higher risk category
- The firm can overrule any mechanically-generated scores. The justification to overrule the threat score must be recorded
Where the company uses software programs to assign threat scores, the board must understand its calibration. The firm must show evidence that the threat assessment was computed based on standard practice.
Policies, Strategies, and Controls
The Channel Islands handbook describes the modalities and obligations for effective policy, control and strategy. The company should:
- Create effective control systems and procedures approved by its committee that are appropriate to detect, prevent and manage:
- Threats identified in its risk evaluations and assessments
- Risks related or applicable to the company and identified by the NRA
- Examine and monitor the execution of these policies and improve them where necessary to facilitate risk mitigation and control
- Adopt effective measures to mitigate prioritised risk dangers identified in the business enterprise.
The company’s policies should consider the nature and sophistication of its operation with the threat identified in the business risk evaluations. The risk evaluations must be detailed to demonstrate the method by which the analysis was conducted.
Business Risk Assessments
Introduction
A critical component of a risk-based strategy requires the company to identify regions where its goods and services could be subjected to the vulnerabilities of ML and FT. the firms shall adopt effective actions ensure that all identified risks are mitigated via the control mechanism.
The company’s risk evaluations aid the company in creating the assessment and provide a means to determine the level to its services are to money laundering activities.
The board shall communicate all business investment risks assessment and risk appetite to the managers of operations and compliance.
Such awareness and communication will provide information on the firm’s daily operations, employee job description, and threat assessment process.
Structure and Content
The firm shall conduct an appropriate and structured business risk assessment on money laundering vulnerability and FT operations.
In executing the company risk assessments according to Schedule 3, the company must ensure that threat evaluations ML and FT operation are different from one another, clearly covering various vulnerabilities and shall reflect effective strategies to mitigate the risk score.
The arrangement of the company’s risk evaluations is an issue to be determined by the company. Irrespective of the structure used, it is necessary that the company’s risk evaluations must be recorded in accordance with the Channel Handbook. The firm shall package its assessment analysis in one file system.
The firm shall conduct the business risk assessment based on:
- Clients status and beneficial owners of consumers
- States and geographical areas
- Goods, services, trades, delivery stations and specifically on ML or FT threats that might appear in:
- The development of new goods and new business techniques before such goods are accessible and practices embraced
- The utilisation of emerging technologies for both the new and pre-owned goods before such technology is utilised and embraced
The company risk tests should consider the findings of the NRA and reveal whether the identified threats are applicable to the firm’s business investments and its efficacy in mitigating these risks.
In accordance with the provisions of the Channel Islands handbook, the firm will consider all risk variables prior to deciding:
- The degree of risk of all business investments
- The company’s risk appetite
- The proper mitigation strategy to adopt and implement
Along with identifying areas of exposure ML and FT threats, the business risk analysis must include references how the company manages vulnerabilities, controls systems and procedures.
Industry businesses should have generic threat variables. The company may establish risk factors variables specific to its operations and must be evaluated in the business threat assessment.
The company cannot replicate any business risk evaluations prepared by a different institution or use non-tested appraisals that identify ML and FT vulnerabilities. Each treat assessment should be verified to ensure it aligns with the firm’s control policies and procedures.
The approach in embracing a non-tested evaluation concept could create new vulnerabilities in classifying and recognising ML and FT threats specific to its enterprise. As a result, the firm may combine inadequate materials and control systems that are inappropriate in risk assessment operations.
The recommendations of this Handbook prescribe that:
- Business risk evaluations cannot be copied or lifted from another company’s website or database. Each organisation must deploy strategies that are tested within its business operations to detect and mitigate money laundering activities and financing terrorism.
- A business risk assessment must not be created with generic data. Such actions show that the board cannot manage its ML and FT operations.
- A business risk assessment must contain unsubstantiated and generalised references to the threats faced by the company. For example, a reference of low-risk appetite means there is a significant likelihood the firm’s services and goods can be used to fund terrorism. Such assumptions cannot be accepted, except there is strong evidence that details how the analysis was conducted.
- A business risk assessment must concentrate on remote risk variables and geographical location.
Sometimes threats could have variations or a range of risk classes; for instance, there might be investment risks created by the client’s applications, or crime risk caused by ML and FT transactions. The company could combine theses risk without affecting individual characteristics of each vulnerability.
Risk Appetite
The company’s risk appetite is a significant element in executing its business risk assessments, establishing the quantity of ML and FT threat they can accept. Having recognised the ML and FT risk for the business, identifying the quantity of such a threat is a fundamental component of the plan to mitigate its vulnerabilities.
The board is responsible for aligning the company’s risk appetite with its framework for risk-taking and evaluation. Risk appetite describes the amount of threat a firm is willing to accept while conducting its business operations. It also defines the firm’s risk threshold and boundaries, beyond which the company shall apply on control measures and regulations.
Based on this definition, the company’s design of risk appetite must comprise a qualitative report and a quantitative approach to facilitate its risk appetite. The qualitative report describes profiles customers, countries or geographical locations, while the quantitative measures show the firm’s priority classification, tolerance to risk factors, operational guidelines and resource limitations.
In computing its risk requirement, the company ought to be rational with its business design. A company anticipating business transactions or operations from clients and countries with a higher risk index, supplying huge risk merchandise or services or using a large proportion of high-risk associations could pose a high-risk appetite, and its business risk assessments must be created accordingly.
The firm could use this non-exhaustive collection of queries to establish and create its risk appetite.
- What are the strategic aims of the company? Are they valid?
- What risks could these goals create for the company?
- What will be the substantial risks the board is can accept?
- What will be the substantial risks the board must reject?
- Does the board understand the character and extent of risks it can accept and still achieve its strategic goals?
- Has the board and management team analysed the capacities of the company to handle the perceived risk?
- What ability does the company have to handle risks?
- Do workers of the company know their function and responsibility of managing risk?
- How much does the company invest in compliance and risk management operations? How much is needed to prosecute its risk management operations?
Inspection
The firm shall inspect, and review is threat evaluations annually but could enforce quarterly supervisions when modifications in business trends are noticed.
As the actions of this company may change, the corresponding ML and FT threat could be adjusted. Business mergers, the debut of a new service or product, a restructuring or a reversal of supplier engagement are only a few of the events that could affect the type and classification of risks to which the company could be vulnerable. Based on these assumptions, the firm shall review and inspect its control mechanism to ascertain that it remains effective and potent.
Note that other functional changes, such as worker numbers or alteration to policies, can affect the tools necessary to handle ML and FT threats.
Where modifications to the company’s risk evaluations are created, the board must ascertain if these changes would influence the revised risk evaluations and make any adjustments it considers ineffective.
Risk Factors
The firm shall use the examples below to assess the risk factors of any business interaction. The summarised list highlights the variable risk assessment in ML and FT activities.
Client threat:
- The nations, territories and geographical areas by which clients perform their business transactions.
- The sophistication of client ownership arrangements.
- The sophistication of authorised persons and legal agreements.
- The utilisation of introduced professional structures.
- The approval or use of intermediary connections.
- The number of company investments labelled as priority risk.
- The amount of customers and stakeholders classified as PEPs and their affiliated regions and territories.
Product and Service Threat:
- The character, scale, diversity and sophistication of the services and goods of the company.
- The markets based on geography and type of customer.
- The supply Channel utilised by the company.
- The value of each transaction.
- The character, scale and geographic regions related to funds collected by the customers.
- Whether the firm permitted unidentified third parties operations.
Other possible sources of threat include:
- Internal or external audit report
- Classification of FT and ML operations and case studies
Business Practice and Products
The firm shall evaluate its operations before embracing new products or company practices to ensure that risk evaluations have identified and evaluated any ML and FT threats arising from the adoption of new trends and products.
References to brand goods must be classified as goods under evaluation that has new ML or FT threat priority assessment.
References to business procedures describe methods and process by which the firm adopts different goods and services.
New Technologies
The firm shall investigate the business treat of new technologies to detect and mitigate any ML and FT risks.
New technologies interrupt the shipping or trade Channel of conventional goods and solutions and the production of new brands using enhancements in innovation. Examples of emerging technologies include the utilisation and adoption of ledger design for securities logistics through the swapping of virtual assets.
The threat assessment of emerging technologies must include the testing of ML and FT vulnerabilities are inherent in the adoption or use of automated procedures to ensure that appropriate security architecture is deployed and implemented. This includes assessing the innovation with the estimated use of this technology and the vulnerabilities caused by its deployment.
It is not mandatory for the firm to expand its threat assessment in highly specialised analysis on specifications and performance. The aim of this risk evaluation is to assess the ML and FT vulnerabilities and to recognise effective control designs required to mitigate and restrict the company’s exposure.
If the company decides to approve the adoption and deployment of new technologies from an existing architecture, the board must accept the risk assessment undertaken, and the approvals shall be documented for future reference.
After conducting the first threat assessment of new or growing technologies, the company should regularly examine and review its evaluation, obligation and inspection of its ML and FT operations, as explained in the Handbook.
Relationship Threat Assessment
Introduction
The section of the Handbook describes the standard practice and guidelines for risk assessment in a business contract. The connections between both parties involved in the transaction describe the core relationship between them.
The company’s business risk evaluations and risk appetite can be used to evaluate its relationship agreement. The relationship threat assessment is the evaluation of new or existing business operations or trade contrary to the parameters determined within the firm’s risk appetite and transactions identified in the company risk assessments.
There may be a situation where threats of ML and FT are significant, and ECDD control procedures must be enforced. Likewise, there may be circumstances where the company may deploy SCDD measures since it has evaluated and classified the company’s operations or trade as low.
Control and Mitigation
The company shall consider a few parameters of risk exposure. The list is not limited to the following:
- The firm shall conduct a relationship threat evaluation before approving any business relationship.
- The Board must regularly review the relationship threat assessment to detect emerging trends and make appropriate adjustments.
The firm shall make an informed decision based on the outcome of its relationship threat assessment. The firm may decide to cancel existing arrangements or notify the Commission of its findings, as stated in the Handbook.
Where the Board considers and reviews its relationship threat assessment, the firm shall test the business risk appetite and threat factors based on:
- Customers status and profile
- The state or geographical area
- The merchandise, service, trade and delivery station associated with the investment relationship or trade.
The company must consider other variables when evaluating a relationship threat assessment. The firm shall consider:
- Whether in which the merchandise or service provided has life insurance coverage.
- The purpose of the business association.
- The worth, quantity, value and frequency of transactions.
- The anticipated duration of the association and business relationship.
The company’s consideration of the client’s status and profile should identify the investor’s status, links with MT or FT operations, or whether the customers are natural persons or have a legal arrangement.
Where the firm reviews the relationship threat assessment, the board must place its risk factors above any other threat components.
Based on the aforementioned guideline, the firm shall consider all risk factors before evaluating its relationship threat assessment.
Trade, according to Commission Rule (3.75) should contain an assessment of the economic or business justification for the company associated with the client.
The company’s processes can provide standardised profiles for its risk assessments where the board accepts its approach as efficient to handle the threat of business relationship or mutual trade. However, where the company has a varied client base or a variety of products and services are available, the firm must create a more organised and rigorous method to demonstrate that the board exercised an informed decision.
The company must provide a transparent proof about the basis it conducted and evaluated the relationship threat assessment.
Where the company fails to identify and detect all the risk factors of the business operations due to some mitigating variables, the board shall report and document these mitigating obstacles in its operational database. Such documents will be used to evaluate the effectiveness of its policies and controls.
Depending on the outcome of the relationship threat assessment, the company has to decide:
- The scope of the identification data to be accessed on the principals of each trade operation and exchange.
- How to verify each classification data
- How to deploy SCDD control procedures where at which the firm’s investment transactions were evaluated as being low risk and exhibits poor compliance.
- The level by which the company’s business relationship should be tracked on a continuing basis.
Investments from Complex Reports and Instructions
The Commission announces investments from reports, advisory notices, press, which emphasise possible threats from specific nations, territories and geographical places. The information and sanction laws associated with the Channel Islands Handbook must be used when reviewing the relationship threat evaluation.
High-Risk Factors
In cases where the company must comply with CDD controls, it should execute ECDD steps because of the high-risk business associations and trades. The firm shall consider these processes without exception.
- The investment connection or trade where the client or stakeholder is a politically exposed person (PEP).
- Where the company is a financial service business, the business connection or link is described as:
- A correspondent bank relationship.
- A business investment that supplies solutions.
- A business association or an investment trade.
Risk Factors
The risk factors contained within these sections are only for guidance and are supplied as examples of variables, which the company can consider when undertaking a relationship threat evaluation. These factors are not exhaustive and prescribed as a record. Therefore, the company shall estimate and determine what is right in the conditions of the business links or trade.
The examples do not prevent the company from deploying a risk-based strategy.
The firm must have a holistic perspective of risk associated with a business relationship or trade as established in Section 3. The existence of isolated threats does not categorise the firm’s operations as a lower or higher risk. However, in agreement with Section 3, certain risk variables have a higher risk margin to the overall investment evaluation than others.
Where the firm establishes that some clients or their actions abuse ML or FT regulations, the compliance officer should enforce higher risk management in AML and CFT. The risk strategy must be effective and appropriate to its variable.
Client Risk Factors
The board must consider several risk options associated with the clients and beneficial owners. The board must consider the threats related to:
- The client’s professional or business operations
- The client’s (and valuable owner’s) status and integrity
- The client’s (and beneficial proprietor) character and behaviour.
Risk factors that must be evaluated when testing the client’s business operations include:
- Does the client have links to businesses that are associated with higher risk variables such as building and estate investments, pharmaceuticals, weapons trade, and health care services, extractive businesses?
- Does the client have hyperlinks to businesses that are associated with higher ML or FT risk such as casinos?
- Does the client have connections or relationships with business investments that demand significantly?
- Where the client is an authorised person, what is the goal of their establishment?
- Does the client have any connection to some PEP such as directors PEPs? Do the activities of the PEPs exercise substantial control over the client or beneficial owner? Based on the regulations of Schedule 3, the board shall employ ECDD steps.
- Does the client or investor occupy a notable position or influential status, which may allow them to misuse the position for personal gain? For instance, are such official government agents or ministers that could award contracts, business investment agreements, and decision-making associates of high-profile athletic bodies or policymakers?
- Is your client an authorised individual subject to regulatory conditions that guarantee reliable details regarding the client’s personal transactions and trade?
- Is there proof that the client was sanctioned for failure to abide by AML and CFT guidelines?
- Does your client own a public liability investment or venture from a state or region with low levels of corruption?
- Is your client’s history consistent? Are they grey areas that require clarification? What is your client’s source of wealth?
The board shall consider the following risk factors when classifying the threat associated with a client’s integrity and reputation.
Are there any media reports or other pertinent sources of information regarding the client? Are there claims of criminality or offences against the client? If the answer is yes, are such dependable and credible? The company shall determine the authenticity of accusations based on the sources and independence of the origin of such information.
The company must note that the lack of criminal convictions may not be enough to dismiss cases of fraud.
The firm shall determine whether the client or associates had their assets frozen because of illegitimate or administrative proceeding or accusations
Does the company proof to assume that the client or their associates had their accounts frozen for fraud?
Does the company have any information concerning the client’s personal records, investments, and trade?
This risk factors could be relevant when evaluating the danger associated with a client’s character and behaviour. The company must understand that evidence against some clients may be revealed after the business contracts have been signed. Therefore, compliance must adhere to specific control measures to detect and prevent fraudulent activities. The firm must reference these questions when considering the client’s risk factors based on their behaviour.
- Does the client have valid reasons for not showing their personal status? Is the client an asylum seeker?
- Does the company have some doubts regarding the veracity or accuracy of their client’s or personal and business status?
- Are there any signs that the client might close any trade exchange or business transactions with the firm? Can the client avoid compliance issues with the firm?
- Are your client’s possession and control arrangement transparent, and does this make sense? If the client’s possession and management structure are opaque or complex, is there a clear business or legal rationale?
- Is your client an authorised individual or legal arrangement that could be applied as a private asset holding plan?
- Will there be a solid reason for changes in the client’s possession and management structure?
- Does the consumer allow transactions that are complicated, unusual, or large or have an abnormal or unexpected pattern with no obvious economic or lawful purpose and rationale? Are there any reasons to assume that the client is attempting to evade certain thresholds, like the ones subject to compulsory coverage?
- Can the consumer enter needless or unreasonable heights of secrecy? Is the client reluctant to discuss identification information, or do they disguise the authentic nature of their investments and operations?
- Can the board establish and prove the client’s source of wealth either through inheritance, contracts or business investments?
- Can the consumer use unauthorised services and goods that failed the compliance test?
- Is your client an NPO whose actions could be mistreated for FT functions?
Countries Risk Variables
The board must identify threats associated with the cline’s links, regions, countries and geographical area.
The company must note that the character and goal of the business connection will often determine the significance of nations and geographic risk variables. For instance:
- Where the capital utilised in the investment connection or trade have been generated overseas, the degree of establishing offences in ML, FT and the efficiency of the nation’s legal strategy will be relevant.
- Where funds have been obtained from or delivered to regions or countries where terrorist offences and activities are present, the company must investigate the extent of such activities, the character and purpose of the business links and trade.
- Where the client is still an FSB, the company should pay special attention to the adequacy of supervision.
- Where the client or beneficial stakeholder is an authorised person or lawful agent, the company should consider the degree to which the nation or territory where the client or beneficial shareholder is enrolled efficiently complies with global tax transparency criteria.
The company shall consider the following risk variables when classifying the efficiency of countries’ AML and CFT program:
- Has the nation been classified with mutual analysis as having tactical deficiencies in its CFT and AML programs? Based on the Schedule 3 regulations, the firm shall apply ECDD controls where the client or beneficial shareholder has a relevant link to a nation that does not deploy or insufficiently apply the FAAT regulations.
- Are there sufficient and reliable source concerning the quality of and efficacy of regulatory authorities and supervision? Examples of credible resources include evaluation reports from the FATF regional figures. The firm must understand that a client’s membership with FATF and other related agencies does not imply that the nation or territory’s AML and CFT program is sufficient and powerful.
Risk variables the company should consider when differentiating the level of FT threat related to a state or location include:
- is there reliable information implying that a nation or territory offers support or funding for terrorist actions?
- Is the state subject to monetary sanctions, embargoes or processes associated with terrorism, funding of terrorism or proliferation issued by the UN?
Risk variables the company should consider when identifying a nation or territory’s degree of transparency and taxation compliance include:
Will there be advice in more than one plausible and reliable resource, which the nation has been certified compliant with global tax transparency and data sharing criteria? Is there proof that applicable rules are implemented in practice?
Examples of data sources include reports from the International Forum on Transparency and OECD that measures tax obligations, evaluations of the nation’s devotion to exchange of data-dependent on the regional figures and IMF assessments.
Has the nation been dedicated to and efficiently executed the report standard act enacted and adopted by the G20 in 2014?
Does the nation have reliable and reachable beneficial customer’s registers?
Risk factors the company should consider when identifying threats associated with the level of established offences to FT and ML in a geographical area include:
- Will there be advice from reputable public resources concerning the level of offences to FT and ML such as corruption, organised crime and tax fraud? Sources of the reports include corruption indices, OECD reports about the execution of the anti-bribery conference and the UN.
- Will there be advice from a reliable source concerning the potential of the nation’s judicial and investigative procedure to efficiently investigate and prosecute these offences?
Goods and Services Threat Factors
When identifying threats related to goods, services or trades, the company should classify risks associated with:
- The degree of transparency or opaqueness this item, service or trade represents.
- The complexity of goods, support or trade.
- The size or value of goods, services or trade.
Risk variables that may be applicable when categorising threats associated with a commodity, service or trade transparency include:
- Do client’s goods or services permit them to stay anonymous or conceal their identity? Examples of these services comprise bearer stocks, fiduciary payments, individual asset holding vehicles, or legal instructions that operate behind the scenes.
- To what degree can third party associates in a business agreement or transaction make decisions?
Risk variables that may be applicable when classifying threats associated with a commodity, service or trade include:
- What is the degree of complexity of the investment transactions? Are there multiple parties in the business transaction?
- Can the business permit payments from third parties and even overpayment? Where third party obligations are anticipated, does the company identify and customer profile? Do transfers subject to AML and CFT standards fund services and goods?
- Can the company measure threats to its brand or innovative service?
Risk factors that may be applicable when classifying threats associated with a commodity, service size include:
- What are the methods of payments for goods and services? Does the transaction allow multiple account payments?
- To what extent would the products facilitate or promote high-value trades? Are there any limits on trade values or amounts of premium that may prevent the usage of the solution or support for both ML and FT functions?
Logistics Channel Risk Variables
The company shall consider the following obligations when categorising the threat associated with goods delivery and shipment:
- The level by which transactions are conducted anonymously
- The number of silent investors or intermediaries the company might use to secure and delivery products.
The company shall consider the following obligations when categorising the threat associated with service delivery and shipment:
- Can customers be identified during the delivery process? What strategy is in place to identify anonymous clients? Has the firm taken measures to avoid impersonation or identity fraud?
- Has the client been represented with another associate of the same financial category? If yes, to what extent may the company rely upon this launch as the satisfaction that the client will not introduce the company to excess ML or FT threat? What has the company done to show they use CDD measures?
- Has the client been represented with a third party? What has the company done to show that: (i) The third-party associates employs CDD steps and retains records based on the FATF standards.
- The third party and associates must provide copies of personal identification in accordance with the guidelines of the Handbook.
- The grade or status of business associates and the third party’s CDD standards are effective and valid.
- Has the client been introduced via an agent, in other words, without immediate company contact? What evidence does the company have to show that the broker has information the company knows its client and the threat linked to the business enterprise?
- When the agents or brokers are used, to what extent have they engaged in the firm’s daily transaction? How does such information influence the firm’s strategy on customer identification and threat assessment?
- Where the company accepts business brokers; is there evidence of compliance with AML laws?
Customer Due Diligence
Introduction
The use of customer due diligence (CDD) steps to company relationships and operations vital for two reasons:
- To assist the company, verify the client’s claims of personality, profile, business investment and compliance. CDD measures provide a direct link to evaluate third party associates or issues of legal barriers against the business relationship.
- To assist security institutions and law enforcement agencies with information about their clients. Such information will be used to investigate cases of non-compliance and fraud.
This section highlights the Commission rules and supplies advice about CDD techniques to be implemented in a business relationships and operations. The section provides policies, controls and procedures needed by the company to satisfy the requirements of Schedule 3.
The material of the Chapter ought to be read in combination with the subsequent three chapters: 5. Natural Clients; 6. Accreditation; and seven. Legal Counsel and Legal Contracts. These chapters establish the CDD measures to be implemented based on the sort of client transaction.
Reference must be made in chapters 8 and 9 because the sections provide details of ECDD steps for high-risk transactions and improved measures for people that have particular higher risk variables. The chapter also highlights the conditions where the company can employ SCDD strategies and features of such measurement.
Overriding Obligations
In accordance with the regulations of this handbook, the company shall apply customer due diligence when:
- Setting a firm relationship
- Conducting a business transaction
- The firm suspects or has a proof of suspecting:
- Its clients and beneficial owners are engaged in ML or FT operations.
- That customers are engaged in transactions as a third party for individuals who operate ML activities.
In accordance with the rule of this Handbook, where the company:
- Creates a theory of conspiracy of ML or FT activities with a client or investor
- And believes that enforcing the CDD measures will expose their actions, the firm shall suspend the process, but will rather make a disclosure pursuant to Section I of the terrorism law.
Where the company is a payment service provider, it is necessary to employ CDD controls when executing transactions via cable transfers from the conditions detailed in Chapter 14 of the Channel Islands Handbook.
In relation to clients, investors and beneficial owners the company shall:
- Reject and avoid creating business accounts with fictitious and anonymous identification names.
- Keep accounts in accordance with the demands and requirements of Schedule 3 and the Commission Rules.
- Take steps to prevent any business transaction with shell banks or financial houses.
- Take appropriate steps to ensure the institution does keep a correspondent banking connection in which the respondent bank is proven to allow its accounts for a shell lender.
Effective CDD policies and processes are critical components of a successful AML and CFT structure and are critical for the company because they:
- Constitute a dynamic part of risk management, giving the foundation to identify, assess, detect, prevent and manage business risks.
- Assist to protect the company by reducing the likelihood of using the organisations as a tool or channel for crime, money laundering and financing terrorism.
- Assist the company to maintain the business conditions of client and third parties within a business connection or trade, since the board can verify their identities and supply them with the solution or service requested.
- Assist the company to recognise variables that are uncommon and can detect abnormal transactions that are linked with money laundering or FT operations.
Thus, CDD is a continuing and accumulative process, the extent of which depends on the threat and specific conditions of a business connection or trade.
Key Principals
Paragraph 4 of Schedule 3 defines the four categories of third parties associated with the business connection or trade (mutually known in the Handbook as “key flaws”) and sets out the manner the CDD steps must be applied to each classification.
- The Client
- The third party associate that could act on behalf of the customer
- The beneficial investor of the customer
- The third party who acts on behalf of the beneficial investor.
The Client
The firm shall identify the cline using different classifications tools and strategies to verify their profile and status.
Chapters 7 and 5 of the Channel Islands Handbook show how to enforce the CDD measures where the client is a natural person, or even an authorised person and lawful contract.
A Third Party Claiming to Act on behalf of the Client
In accordance with the regulations of Schedule 3, any person or third party calming to act on behalf of a client shall be classified. The authority to act and identity of such associate must be verified before approving the transactions. The client shall be recognised and that individual’s identity and ability to act will be confirmed.
Examples of third party agents include a natural person, authorised signatories (or equivalent) acting for or on behalf of an authorised investor or legal structure, agents with the powers of attorney, supervisors (or equivalent) that are acting on behalf of a legal individual and those acting on behalf of the client in a company relationship or mutual trade.
In taking steps to verify the profile and identity of any individual claiming to act on behalf of their client, the company should consider the threat posed by the business relationship, the materiality of the jurisdiction assigned to the associate and effect of a third party issuing instructions on funds transfer or assets delivery.
Examples of controls the company might choose to verify the ability of an individual to act on behalf of their client include a copy of their authorised signatories, power of attorney or other jurisdiction or mandate providing the individual who has the capacity to act on behalf of their investors.
The identification and confirmation of the identity of each individual identified according to Handbook shall be completed in accordance with chapter 5 of the Channel Islands rules.
The Beneficial Investor of the Customer
Reasonable steps shall be required to confirm the third party identity utilising identification information and these measures will contain techniques to comprehend the ownership and management structure of the client.
The definition of a beneficial owner varies because of the class of legal individual or lawful contract involved with the relationship or trade. Handbook.
The term ‘reasonable steps’ implies deploying strategies that are commensurate with the ML and FT activities, which have been identified within the business relationship or trade, to verify the ownership and management structure of the client and confirm the third party agent who acts on behalf of the client.
Where the business link or trade is a high-risk operation, the steps to comprehend the ownership and management structure of the client will be higher than usual for low risk transactions. Such activities might require the company to collect detailed data about the client regarding the business ownership. Likewise, measures regarded as reasonable to confirm the identity of this beneficial investor or associate with be higher for a high-risk operation and might require the company to undertake strict tests on the investor or acquire a robust identification detect and prevent transactions that facilitate money laundering activities.
The Third Party who Acts on behalf of the Beneficial Investor
The firm shall determine if the client is acting on behalf of an associate. The board shall implement measures to recognise the other person and acquire sufficient identification information.
The term ‘reasonable measures’ means taking steps that commensurate with the ML and FT threats which have been identified in its transactions and trade. The company must identify and classify the third party on whose behalf that the company has decided that the customer represents. Where the threat assessment is high, the firm shall adopt strict adherence to detect and prevent risk outcomes and vulnerabilities.
The company should consult with the CDD steps of the Handbook to deal with challenges that fall within this category.
Guidelines, Strategies and Controls
The company must adopt effective guidelines, controls and measures in area, which describe how to label and check the identity of the client, beneficial shareholder and other important flaws of operations, business transactions and investments.
The company must evaluate based on risk analysis, how much identification info to collect, what to confirm, and how to confirm it, to ensure they gather necessary evidence on the identity of the client, beneficial investor or other crucial principal.
The company’s guidelines, processes and controls concerning its CDD steps must:
- Be risk-based oriented to distinguish between what is expected in low threat transactions and high threat relationships and what to expect in situations that are neither high threat nor low risk.
- Permit improved measures to be implemented in the situation where such steps are required in accordance with Schedule 3.
- Cause the least weight for clients, beneficial investors and other agents as approved in the Channel Islands Handbook.
- Not curtail access to financial services such as licences or passports.
- React rationally to special groups that require attention and good conduct. The term special groups refer to foreign students or the elderly.
Identification data supplying evidence to confirm address and identity may come from different sources such as physical or electronic records, databases and digital resources. All these Sources may vary in their ethics, suitability, reliability and autonomy. For example, some identification information can be supplied by authorities after due diligence was undertaken in a risk assessment via federal identification cards and passports, though other identification info could be used to carry out the investigation.
The company should consider the appropriateness of identification information before its approval, such as its origin and if identity checks were conducted by the regulatory authority or issuing body. The company must also consider the vulnerability of a record to forgery when deciding its acceptability.
Where the company cannot access the physical documentation utilised to confirm the client’s identity or a replicate certification is supplied, the board must ensure the records are verified and certified by an appropriate third party.
Additional advice about the strategies, controls and processes needed to certify the client and business investor are found in Chapter 6 of the Handbook.
Where the company lacks knowledge of the identification information obtained to confirm identity of the customer, appropriate steps must be undertaken to show that the identification data is real. Proof of the actions taken by the company must be stored as evidence of understanding and decisions concerning the files obtained.
All important files (or parts thereof) have to be known by an employee of the company and that understanding needs to be recorded and stored in the appropriate file.
The translation of the proof of actions must be evaluated on a case by cases basis since the compliance officer may have a different meaning to each case file and data. The company should document its comprehension of the record and where applicable the reason not to interpret the information.
Notwithstanding the aforementioned process, the company shall translate all important files (or parts thereof) at the request of an authorised institution or Commission.
Where identification information approved by the company to verify the identity of the beneficial owner or investor contains the individual’s signature or a photo, the company must ensure that copies of each document is retrieved and stored for reference purposes.
Timing
The documentation and verification of the customer’s status and profile must be conducted before establishing a business relationship or transaction. The verification process shall follow the guidelines in the Channel Islands Handbook.
There may be instances where the verification of identity cannot be completed before the business investment or transactions are established. The firm has the mandate to allow such likelihood, given that the board is satisfied with the reasons for the delay
Identify verification of customers and beneficial stakeholders must be completed after the institution of a business relationship. Such evaluation shall be conducted after the board might have assess the risk assessment template for each transaction. It is important to note that:
- The confirmation shall be done after the Board’s approval.
- The requirement to confirm the client’s identity shall not disrupt the ordinary conduct of business.
- Effective guidelines, controls and procedures must be enforced to mitigate exposures from transactions without restriction, number, forms and/or volume of trades, which may be achieved, or the observation of intricate contacts being transported beyond the expected norms of investment and trade.
The regulations of this Handbook does not permit reconsidering documentation of customers or beneficial stakeholder after the commencement of business activities, except where beneficiaries have been Identified by category and are unknown to the company at the initiation of operations.
Where the confirmation of the identity of a client occurs after the business connection, the company should have proper and effective guidelines, controls and procedures to handle the risk arising from the delay. The firm’s regulations, strategies, controls and procedures should include:
- Demonstrating that it is not a high risk transaction
- Observing the business relationship to guarantee that each confirmation of identity is completed during the business transactions.
- Ensuring capital obtained cannot be passed to third parties.
The company must know that there may be events where the conditions are such that a business transaction was created or trade was completed and the identification and confirmation processes was not completed. Under such situations, the board must refer to section 4.7 of the Channel Islands Handbook
With respect to periodic trades, if the identification of the client is understood, confirmation of identity is not compulsory in cases where payments are below £10,000 (whether independently or connected), except situations when it shows that two different transactions under the minimum threshold are linked to form a substantial one-time trade.
Business Acquisition and Clients
There may be situation in which the company acquires another established business with based associations or profiting out of a predetermined company, or non-Bailiwick institution or a list of customers in the Bailiwick.
Before buying the organisation or group of clients, the company should run enquiries on the seller to establish the amount and the appropriateness of identification information concerning the clients of the specified investment or firm.
Where deficiencies at the identification information are recognised, the company has to determine and execute effective reforms to mitigate its impact deficiency. The company must inform the Commission on its adjustments as stipulated in the Channel Islands Handbook.
Along with conducting due diligence on the seller, the company can rely on the documentation and data previously accessed by the merchant for its customers and relationships in which the following standards are fulfilled:
- The seller is the Appendix C firm
- That the company has assessed the customer due diligence guidelines, controls and measures operated by the seller were acceptable, such as account of the findings of some applicable testimonials by the Commission and other regulatory bodies.
- The company collected identification information (or copies) for every business relationship.
Where the company removes the databases of a specified business, the board shall adhere to the record requirements as stipulated in the Channel Islands Handbook.
Failure with Customer Due Diligence
Based on Paragraph 9 of Schedule 3, where the company could not comply with the requirements of CDD, the board shall:
- Terminate or close the existing business investment.
- Reject the approval of a new business entity, customers, legal arrangement or third party investor.
- Consider whether the board will notify the Commission and make a full disclosure based on the guidelines in the Channel Islands Handbook.
It should be noted that the closure and termination of a business operation might be difficult because of the legal or contractual reasons beyond the control of the company. The timing of this decision for an established investment may depend on the character of the inherent properties or solutions. For example, while a financial institution may close an account and return the client’s funds, the mandatory redemption of an investment at a collective investment scheme especially where it is rigid or the evaluation dates are infrequent, can be debatable.
Where a business termination cannot be concluded, (for instance, when the company loses contact with the client) the company should enforce controls and procedures secure, suspend and block its resources and money until the business connection with the customers are established or the organisations has implemented the policy act on dormant accounts.
Where the business closure or investment termination is not possible, for whatever motive, the company handles and mitigates the business risk efficiently until when the investment relationship could be resumed.
Where funds have been obtained, the firm shall return such funds to its origin whether or not the source is a natural person or third party investor. Where the company cannot return the money to its source, for example, where the lending bank has been terminated, the company must take proper measures to return the capital to the exact same party in a different form.
Where it is not possible to return the funds to the customer (if the applicable party no longer exists), the company shall return such funds to an appropriate third party and record the justification for those actions taken.
Where the company has been closed and cannot create a business transaction or trade, the firm must evaluate the conditions for such collapse and inability to enforce the CDD steps and if these justify a disclosure process to the FIS.
Shared Investment Schemes
Duty for Investor CDD
As part of the modality for authorisation of a close investment scheme, the board shall nominated company that is licensed under POI Law to fulfil the requirements of Schedule 3 and the Channel Islands Handbook for investors.
The nominated company must notify the Commission that it has been selected for the application procedure before the authorisation of their CIS.
The nominated company should treat all investors to the CIS as customers and guarantee the applicable provisions of Schedule 3 are fulfilled. For example, testing relationship risk, distinguishing and confirming the personality of depositors, shareholders, beneficial shareholders and other important principals.
While the utilisation of CDD steps could be performed by a third party the nominated company shall be liable for ensuring appropriate identification data are documented for shareholders as it satisfies the applicable requirements of Strategy 3 and the regulations of the Channel Islands Handbook.
Where the nominated company provides solutions to some CIS, the traded stocks on the exchange platform must be done in accordance with the requirements of the Channel Islands Handbook.
Where the company provides services to some CIS and has not been nominated under Paragraph 4.57, the company shall serve the CIS as its client and conduct the CDD prerequisites to obtain a CIS authorisation by the Commission.
There may be events where the nominated company will change during the business relationship of a CIS, for example, the consequence of a reversal of designated supervisor. Where the company becomes the nominated company, the board must notify the Commission of its placement after approval.
Where the company is nominated with previous investors, the board shall consider the requirements of the Channel Islands Handbook.
Notifications created according to Commission Rule 4.63 shall be filed through the submission portal.
Assessing and Verifying the Identity of in CIS
This part details the duties for the adoption of CDD steps to investors and applies where the company:
- Has been selected in accordance with paragraph 4.57 of the Channel Islands Handbook.
- Is acting as a supervisor or a third party of a non-Guernsey collective investment scheme?
The fundamentals the CDD duties for a CIS shareholder is an understanding that the inclusive agreements in which interests at a CIS are provided to investors will ascertain the CDD Steps to be implemented.
When undertaking its duties, the company shall evaluate the vulnerabilities of CISs and the methods in which customers might compromise the CISs for ML or FT activities. The cases or scenario includes:
- CISs are dispersed using a point-to-point communication foundation, using those CISs comparatively measures and the capacity to transfer business holdings between various parties.
- OECISs, especially those with regular (weekly or daily) business operations can offer reduced holding time and higher turnover ratio.
- Regardless of demands for the long-term character of CISs that leads to restricted ML functions, the modalities of use might appeal to money launderers because of the capacity to create income and growth.
The firm shall categorise investment into four categories, with each representing specific threats and its obligations about the CDD measures to be implemented. The evaluation shows the party that requires management analysis for every category of business.
The strategy of investment associate to be viewed as a Client
- Where legal or natural associate or an authorised investor buys shares in a CIS in their own accounts, rather than on behalf of additional parties, the company shall convert the investor to a customer and apply CDD controls.
- An investor who within its economic action buys the components of stocks or shares in a CIS and exercises control within the investment to the advantage of a third party, where the investment is an Appendix C firm acting as an intermediary, the company shall treat the investors as a client provided its risk assessment is low. The regulations of this disclosure shall be carried out in accordance with the rules in the Channel Islands Handbook.
- A business client that operates with its name and registered proprietor of shares but takes instructions for third parties will have its funds returned to the enrolled or beneficial owner of those units or shares at the CIS.
- A company’s client, for example, a fiscal intermediary’s client, in which the business enterprise is not the registered proprietor of the stocks, the company shall treat the investors as their clients and enforce CDD to the buyer, such as the beneficial shareholder in accordance with all the requirements of Schedule 3. Where the customer fulfils the definition of the Appendix C industry, the company could consider fixing the intermediary as an introducer in accordance with the demands of the Channel Islands Handbook.
CIS Traded on a Listed Market
This section pertains to authorised and enrolled CECISs, included as employers, whose stocks listed on a recognised stock exchange or other publicly held firms.
This strategy is recognised by IOSCO in its AML Guidance for CIS issued in October 2005 that says: closed stocks or shares or Listed CIS and public businesses or financial institutions do not have specific anti-money laundering obligations.
With respect to publicly listed firms, the FATF reveals its position on the conduct of listed stocks in its method of evaluating technical compliance with the FATF recommendations and the potency of AML/CFT systems dated February 2013 that states:
Where the customer or proprietor of the listed stock and subject to regulation demands (either from stock market rules or via beneficial ownership) is the major shareholder of the business, it is not compulsory to verify or classify the identity of the client or beneficial investor of these companies. The appropriate identification information can be obtained from a general register, from the client or by other trusted sources.
The board must understand that the stocks of some traded CECIS cannot be sold directly to shareholders, but are issued, distributed and exchanged through brokers, merchants, market intermediaries and investors. Therefore, a listed CECIS and a nominated company cannot interact with investors before accepting an investment or approving a corporate activity such as share or dividend distribution.
Where the CECIS are listed on a recognised market, it is not compulsory for the company nominated by the CECIS under Paragraph 4.57 to classify and verify the identity of shareholders.
Where the company was nominated in accordance with the Channel Islands Handbook, the board must acknowledge the procedures to enter the CECIS and consider the threat introduced by the scheme as stipulated in Schedule 3 of the Handbook.
Enhanced Customer Due Diligence
Aims
This section considers market relationships and trades evaluated by the company as:
- Introducing a higher risk of ML or FT while considering the requirements of Paragraph 3 and the regulations of the Commission.
- Involving more than one risk variables as highlighted in the Channel Islands Handbook.
The firm shall test and assess the appropriate CDD measures to implement.
In cases where the company shall execute CDD measures, it must deploy ECDD based on high-risk business associations and trades. In accordance with the guidelines in the Channel Islands Handbook and Schedule 3, the firm shall consider:
- An investment or business transaction where the client or investor is a politically exposed person.
- The situation where the company is a financial service business or an investment relationship, which is:
- A correspondent bank association
- An investment business that involves the supply of solutions by a single FSB to different customers as stipulated in the Channel Islands Handbook.
- A business transaction or trade operations:
- In which the client or beneficial investor has a link connection with a nation that:
- Offers support or funding for terrorist actions or does not enforce the FATF recommendations.
- Is identified as a nation where such control is effective and appropriate. The board must deploy its control measures where:
- It considers the firm a high-risk operation. The board shall issue regular warnings, press statements and notices based on the requirements of the Channel Islands Handbook and the NRA.
- Business operations or trade that has been evaluated as a high-risk transaction.
- A business connection or trade where the client, the valuable owner of the client, or some other authorised person from the possession or control arrangement that has warrants or shares.
The firm must use enhance strategies and controls on all business transactions whether they are prioritised as high threat, low threat operations or relates to:
- A customer who is not resident in the location of the business
- The supply of personal banking solutions
- A client who is an authorised person and can be used for private holding investments.
- A client that is:
- An authorised person using nominee shareholders
- Managed by a nominated person which shareholders as stipulated in the Channel Islands Handbook.
The obligations for this section require that ECDD steps be implemented in most high-risk operations. The need to employ advanced or enhanced measures to mitigate specific higher-risk variables as set out in Paragraph 5(2) of Schedule 3 applies to investment links or trades from low to higher threat value.
The availability of many risk variables as listed in Schedule 3 may not automatically equate to a higher risk for the transaction or business operation as being large. Based on the regulations of the Channel Islands Handbook, the company must consider the accumulative impact of all threat variables and its influence on the business relationship or transactions and operations.
Strategies, Approaches and Controls
Enhanced Customer due Diligence Measures (High threat operations)
The company must permit effective techniques, controls and procedures follow ECDD Steps in which the company has approved, considering the conditions and demands of the trade or business transaction.
In accordance with the regulations in Schedule 3 and the Channel Islands Handbook, ECDD shall mean:
- Procuring management approval prior to business investment or trade.
- Procuring management approval to facilitate and continue operations with an existing business investment of a foreign PEP.
- Implementing effective control systems to evaluate and ascertain the source of payments and funds from:
- The client
- The beneficial investor
- Conducting regular analysis, observation, evaluation and applying selective checks on prioritised transactions or trade in accordance with the regulations in the Channel Islands Handbook.
- Implementing one or more of the following controls as appropriate for the trade or business operation.
- Acquiring information about the client personal details such as the volume and worth of their assets or beneficial owners.
- Affirming additional aspects of the client’s identity.
- Acquiring additional information to comprehend the purpose and character of the business relationship and mutual trade.
- Taking effective steps to establish and understand the origin of funds in accordance with Schedule 3.
The company shall take the following steps in accordance with Schedule 3:
- Broadening the company’s knowledge of their purpose and operations by collecting information on the explanations for its transactions and deliverables.
- Authorising independent study by a professional firm or adviser pertaining the business and showing requirements of each transaction via links with the client or beneficial investor.
- Where the client is an authorised person, identifying and confirming that the identity of supervisors and other managing officials are accurate and in accordance with the recommendations of the Channel Islands Handbook.
- Acquiring information from staff offices or representatives located in a jurisdiction where the client has a business relationship.
The firm shall consider the following ECDD steps to tackle certain threats originating from a high threat assessment:
- In cases of existing market investments, where the board considers its risk assessment as high priority, the firm must obtain a senior management endorsement for any payment operation.
- The initial payment shall be performed through an account in the client’s name with an Appendix C enterprise.
Enhanced Measures (High threat variables)
The company’s strategies, controls and guidelines shall require the execution of enhanced steps as detailed in the Handbook.
Where there is more than one threat factor in a business transaction, the company shall apply effective measures to mitigate each risk variable found within the business enterprise or trade.
ECDD measures for High Threat Factors
There may also be situations where a large risk relationship is detected during payment, and the firm shall employ ECDD steps and implement appropriate enhanced steps to mitigate the threat factors.
Based on Commission Rule 8.12, enhanced measures applied should be unique to higher risk variable(s) within a business link or trade. However, there might be scenarios where an enhanced step taken handles different threat variables or the ECDD measures implemented by the company also mitigate a higher risk variable(s).
For instance, the firm could provide private banking solutions to a foreign PEP client and the board is satisfied that the ECDD measures employed for a PEP are effective and appropriate to mitigate the threat associated with the banking solutions.
The guidelines, controls and measures of this company shall facilitate the threat assessment analysis of prioritised risk variables. The strategy permits the placement of appropriate and enhanced measures suitable to mitigate the risks identified.
Source of Business Funds and Wealth
The board shall implement reasonable measures to understand the origin of payments made during investments, trade and business operations. In accordance with the regulations of the Channel Islands Handbook and Schedule 3, the firm shall investigate the funds of
- The client
- The business owner who may be a politically exposed person (PEP).
The enforcement of appropriate control measures to establish and determine the client’s source of wealth and the steps to establish how the funds are used within the business relationship are significant facets of due diligence procedure. These measures help the company in showing that such funds are not proceeds from money laundering activities and are consistent with the company’s understanding of the client, the beneficial owner and the essence of its business relationship or trade.
The company must deploy effective ECDD control systems and policies to ascertain the origin of any capital and wealth of the customer, beneficial investor or third party. In accordance with Schedule 3, the firm shall conduct regular checks to verify the effectiveness of each ECDD control and determine its impact on mitigating higher risk factors in a business relationship.
The origin of funds refers to the action, which created specific funding for business or trade. Source of wealth differs from the origin of capital, and it describes the actions that created the net value of the client or beneficial investor, both internal or external transactions and operations.
The company shall ascertain the origin of funds and wealth, record and document the proof of the risk assessment analysis on the implications of the client’s source of funding, geographical location and the spare of business operations that generate revenue.
In evaluating what constitutes ‘reasonable measures’ to investigate the client’s source of wealth, the company shall consider specific risk factors within the business operations and its appraisal. The list of risk factors to consider in the analysis is not limited to the following but include the form and complexity of the client or beneficial investor, the client’s economic activity, occupation and the motive of the services supplied by the business.
Data on the origin of wealth and business financing can be retrieved from the investors or beneficial owner, and the magnitude to which such information collaborates shall be commensurate with the threat. However, the company can manage an investment where it could prove the source of funding without corroborating the information since it satisfies the understanding about the investment or trade and the threat assessment are comparatively low and commensurate with goods or services of the investing firm.
The company may have a natural customer situated in its authority while using its products or solutions to get a comparatively small capital, which makes it a higher risk connection or geographical risk. In this scenario, placing reliance on the data provided by the client on the origin of wealth and funds as part of the company’s ECDD measures can be regarded as ‘reasonable’. This assumption is true because it agrees with the knowledge and information about the client through CDD steps, ECDD controls and the enhanced methods of evaluation.
The term ‘reasonable measures’ provides collaborating client data where he or she is a citizen of a high-risk state, and the sources of wealth cannot be easily verified or assessed in accordance with the structures and policies of the Channel Islands Handbook.
The level by which the company corroborates the client’s identification data is a function of its threat assessment rather than a universal approach. Where corroboration of the client’s information is demanded, the company shall apply one of the following options:
- Commissioning a different and dependable report from a professional agency.
- Acquiring sensitive collaboration information such as investment agreement, contract deeds and payment voucher.
- Where the company operates as a group, retrieving reliable data from different members, the investment is compulsory.
- Where the company operates with a third party, the board shall gather relevant information from trusted sources.
- Where the customer was nominated or introduced to the company, the board shall collect relevant information from the introducer.
- Where data is publicly accessible through paid databases, receiving advice from a trusted private or third party source is compulsory.
- The firm shall acquire financial statements and audited reports from relevant data agencies.
It would be inappropriate for the company to use the client’s response to the application form, considering that such answers could be vague and incomplete. The firm shall seek confirmation of all relevant data before permitting the business relationship. The firms must collaborate with the client’s source of wealth and other vital information.
Likewise establishing the origin of capital involved in the investment operations cannot be restricted to bank transfers and deposit locations. The actions taken by the company shall be purposeful and attempt to establish the source of capital and the reason such funds were obtained.
The duty to enforce measures to ascertain the origin of capital goes beyond the initiation of trade or business relationship. Monitoring arrangements should consist of checking if the company’s business relationship represents the threat assessment status of the investment.
Relationship between SCDD and Enhanced Measures
It is possible to employ SCDD steps to various business operations as stipulated in the Channel Islands Manual. The firm shall apply enhanced measures to mitigate the business risk assessment.
Where the company evaluates the client’s ML and FT operations to be low, they shall enforce SCDD control mechanism to a natural resident with a private asset-holding vehicle, provided the company implements an enhanced procedure to satisfy that the deployment of a private asset holding is authentic and legitimate.
It is normal for the company to apply SCDD controls where it proves that the threat assessment of ML and FT danger too low provided an enhanced procedure would be used to mitigate the threat connected to a non-resident client. For example, to ascertain and understand why an Appendix C company is receiving professional services from the Bailiwick rather than at its home authority.
Politically Exposed Persons (PEP)
Introduction
Because of their influence and position, politically exposed clients could misuse their positions to facilitate ML offences, such as inducement, corruption or running operations associated with FT. Where a PEP includes links to nations or business industries where corruption is more prevalent, the risk is further improved.
PEP standing itself does not incriminate people or their partners and related associates. However, being a politically exposed persons means the client or beneficial investor shall be evaluated with ECDD steps, and a national PEP or global organisation must be subjected to ECDD procedures to determine the threat assessment of each transaction and business operation.
There are no specific methods of employing ECDD steps for exposed persons. The goal of this measure will be contrasted with the kind of PEP, the threat identified, the essence of the PEP’s position and capability to affect the business relationship.
Identifying Politically Exposed Persons
In accordance with the requirements of the Channel Islands Handbook, the company shall investigate the client or beneficial investors to ascertain if he or she is a politically exposed person. The firms shall classify customers as domestic, international or foreign PEP.
As mentioned above, the Channel Islands Handbook categorises PEP into three groups.
- ‘Foreign PEP’: A person who possesses a dominant status or appointed in a noble position of a nation or territory apart from the Bailiwick.
- ‘Local PEP’: a person who possesses a dominant public purpose, elected to act in the Bailiwick.
- ‘Global organisation PEP’: a person entrusted with a dominant role by a global organisation.
Based on the classification of PEP, a dominant role for a public function includes:
- Heads of government.
- Heads of political parties or senior politicians
- Heads of government institutions and senior colleagues
- Heads of the judiciary
- Senior army officials
- Heads of state-owned institutions and agencies
When categorising whether an individual’s status represents the definition of a PEP, dominant or prominent must be translated as those individuals in positions of seniority from the regions covered by Paragraph 8.37. Other rankings or junior directors are excluded by definition.
The term ‘notable, dominant, or prominent’ cannot be classified as a degree of seniority, which activates the necessity to categorise a PEP based on a variety of variables that include the function held by the person, the distinct legislative framework of the government or organisation involved, and the powers, duties impact of specific status.
The board must refer to the regulations of the Channel Islands while identifying a politically exposes person. Based on the guidelines of the Handbook, a person cannot be classified as a PEP when the individual:
- Does not meet the criteria of a PEP as defined by the ML Act or FSB rules.
- Relinquish or ceases to act as a prominent or entrusted member of the classified institutions.
The firm shall refer to Appendix E for listing public positions that cover local PEP. The individual shall cease to represent the term when removed from such public positions listed in Appendix E. the firm cannot represent such natural persons in the risk relationship assessment when they cease to hold prominent public positions.
The government in other authorities can publish lists comparable to Appendix E of natural persons categorised within the definition of a PEP. The classification permits the company to classify an investor as a PEP. Consequently, these classes will depend on the recommendations in chapter 8 and the risk assessment of other variables.
In deciding whether an investor or proprietor is a PEP, the company could contemplate:
- Whether to use templates of the UK, US, EU on corruption and financial fraud to investigate if a client or owner, is a legal or natural person who occupies a dominant public role in a foreign state or territory, or international institution.
- Whether to corruption or fraud templates of Guernsey or Alderney to investigate if a client or beneficial investor is a legal or natural individual whose is a current holder of a dominant public role in the Bailiwick.
- Searching for confirmation by a client or investors with an application format question if they hold a dominant public function or government position within the Bailiwick or, local, or international affiliation.
- Using valid databases to search and identify the role or status of the investors, natural person or shareholder.
Where the company determines that someone who is the client or beneficial investor in a business relationship or intermittent trade is an international PEP, it will execute ECDD concerning that company relationship or business transaction.
Where the company identifies a client or value investor is a national or global organisation PEP, the board shall collect sufficient information to comprehend the characteristics of the public function, which the natural person was entrusted and evaluate its threat assessment in compliance with Paragraph 3 of the Channel Islands Handbook.
Where the firm believes the investment operations have been categorised as a high-risk transaction, the board must employ ECDD steps in accordance with the regulations of the Channel Islands Handbook.
Where the company concludes that the transaction or trade with the local or global PEP does not pose a higher threat, it is not compulsory to employ ECDD steps, assuming the company has implemented SCDD or CDD controls and some other enhanced procedures required according to Paragraph 5(2) of the Handbook.
Where the company classifies the foreign PEP as a manager acting or purporting to act for a customer and does not fall within the definition of proprietor the company should include in its threat analysis the essence of this PEP’s function and reason for the public status.
Where the company has decided as part of its own relationship risk evaluation that its transaction or trade may pose several risk outcomes, the board could employ CDD controls and enhanced procedures based on the threat demand.
For example, a foreign retirement scheme investing to a CIS might have members who are PEPs, holding their own stance to the committee by virtue of the political situation and without the capability to exercise ultimate effective control within the retirement scheme. Such persons do not have a financial interest in the capital involved with the investment or operations, and the likelihood of using their connection to launder assets, funds or the funding of terrorism is reduced.
International Organisation PEPs
The definition of PEPs involves a normal person who is or was entrusted with a dominant public role by a global organisation. The definition covers members of senior administration or people entrusted with equal functions such as supervisors, councillors and the board of directors.
The Handbook describes an international institution or firm as an entity:
- That was created with a formal political arrangement between its member nations who has the standing of a global treaty
- The presence that can be recognised by legislation by its members
- That cannot be described as a resident institutional component of the nation where it is situated.
Cases of global businesses as described in this Handbook include the UN, IMF, World Bank and NATO.
Global organisations such as the sports federations are exceptions to the definition in Schedule 3, but have similar payment and business transactions as international organisations; in such cases, the firm should implement ECDD measures where the threat assessment is high. The methods of implementation depend on the threat evaluation score of the business risk.
Family Members
The Company must detect and evaluate the possibility of abusing a family business transaction or intermittent trade with a relative of a PEP. The misuse or abuse of rights may include funds transfer of crime or facilitating the positioning and concealment of these profits without special relation to this PEP.
Based on the regulations of the ML and FT Act, the relative of any PEP shall comprise without limitation:
- A spouse
- A spouse, being a person who is regarded by the legislation of the nation or territory where the prominent role is entrusted as a partner
- Parents
- Children
- Father-in-law
- Grandchildren
The listing of relatives in the Channel Islands Handbook has no exception, and the board shall apply proactive measures or risk-based approach to detect any anomalies within the immediate family members. The evaluation and application of enhanced procedures depend on the societal, cultural and economic structure of the nation of the PEP. Consequently, the variation of people that qualify as immediate relatives is relative and conditional.
In determining who should be classified as an immediate relative of a PEP, the company should ascertain the impact and influence of the PEP on business operations and transactions. The firm must evaluate the level of threat via the relationship with the immediate relative.
The evaluation will cover factors like the effect of relatives on business transactions and the magnitude of their size. In certain cultures, the number of household members that are regarded as associates might be rather small, while in other circles, the list of family members might be huge and expand in many clans.
Business Associates
A business associate is considered as a client with close ties with investors or shareholder. A business associate is a client who could act on behalf of other investors in a market transaction.
Persons who qualify as business associates or partners include individuals that may not be grouped as immediate relatives. The list of business associates includes, but not limited to members of a political party, members of a civic organisation, labour or employee association as the PEP and company partners or partners, particularly the ones that share beneficial ownership of an authorised individual or legal arrangement.
Just like an immediate relative, the translation of whether a person could be a close partner or family relative depends upon the societal, cultural and economic context of their business connection.
Where the company determines that the client is an immediate relative or close partner of a national or global PEP, the board should handle that individual based on the requirements in Schedule 3 and the Channel Islands handbook. The grandchild of a national PEP ought to be treated under the provisions for national PEPs.
Former PEPs
On the likelihood for PEPs to use their status to facilitate financial fraud, the firm shall enforce the default recommendations for foreign PEPs. The firm shall apply ECDD measures as it relates to the client or beneficial owner.
Regardless of the above, there might be situations where the transaction involves individuals who held public portfolios and were deemed neutral or low-risk entity.
The flexibility regarding the interval by which all-natural persons must be categorised as PEPs shall be done in accordance with the Channel Islands Handbook. The declassification timescale for:
- A foreign PEP cannot be declassified
- For an international organisation PEP, they can never be declassified (however, family members of international PEPs can be declassified after seven years).
For a local PEP, the declassification period is five years.
Details about the demands of PEPs are supplied within the subsequent sections establishing the measures to adopt for former PEP.
National PEPs, Family and Close Associates
The firm shall delist a national PEP rather five years after the individual ceased to hold the public role. The firm shall apply the rule when a senior director of the company satisfies that:
- They know the source of the money or business transaction.
- There is no justification to treat the client as a PEP.
For individuals that fall within the demands of Schedule 3, the company can declassify the client as a national PEP after a span of five decades. The date shall begin from the ay the customer or their associates relinquished any notable public role in the Bailiwick.
Where, through the course of operations, the client or investor becomes a former national PEP, account of the preceding function as a threat assessment is not mandatory, assuming the standards in Paragraph 8.69 are fulfilled.
Where the company identifies that its client was entrusted with a public role in the last five years, the company must consider such case as a variable when undertaking its threat evaluation in accordance with Commission’s rule.
Global Organisation PEP and Close Associates
The company will declassify a global organisation PEP after seven years of holding a dominant role. Consequently, the senior director shall show and document records that:
- It comprehends the source of funds for the trade and transaction.
- There is no justification to treat the individual as a PEP.
The requirements in Paragraph 8.73 do not apply to:
- The head of the global organisation.
- An individual with the power to guide the spending of significant amounts.
- Associates or family relatives that could at on behalf of the PEP about business investments.
In deciding whether a global organisation PEP falls within the definition as prescribed in the Channel Islands Handbook, the company should consider if:
- The global organisation PEP has/had jurisdiction to assess assets, funds, resources, capital, policies or tasks of the firm.
- The global organisation PEP has/had accessibility, control or influence over cash flows and accounts of its business.
- The organisation PEP has/had control in awarding contracts or comparable projects for the firm.
For persons falling within the category as referenced in Paragraph 5(4)(b) of the Channel Islands Handbook, the company may declassify a client after seven years, which starts the day such an associate ceases to be a prominent or noble public holder.
Where through the course of a business connection the client or beneficial investor becomes a former global organisation PEP, the consideration of their preceding function as part of the threat analysis is not required if the board meets the requirements of the Commission.
Where the company identifies that the client or beneficial investor in a business relationship or trade held a public position within the global organisation in the last seven years, the board should consider such variable when undertaking its threat assessment according to Commission guidelines.
Foreign PEPs and Business Associates
The company shall declassify a foreign PEP who ceased to function as a public official after seven years provided a director of the company document a report that the organisation is satisfied that:
- It establishes and knows the origin of the individual’s wealth and the capital for investment.
- There is no justification to treat the individual as a PEP.
Under the guidelines of Paragraph 8.79, the above provisions do not apply for:
- A head of government or state
- An individual with the power to regulate the spending of significant amounts
- Individuals that act as a third party or relative on behalf of the PEP
In deciding whether a client can be classified as a foreign PEP, the firm shall consider if:
- The overseas PEP has/had accessibility, jurisdiction, control or influence on state resources policies or finance.
- The overseas PEP has/had control within regulatory powers to restrain mechanisms designed to prevent and discover ML or FT activities.
- The overseas PEP has/had control over contract approvals or acquisition.
- The overseas PEP has/had accessibility, jurisdiction and control over the state-owned businesses.
For all other overseas PEPs falling within the specified requirements, the company could declassify a natural person who is a foreign PEP after seven years. The date shall count from the day the affiliated overseas PEP, family relative or close associate relinquished his or her public position.
Where during the course of business operations, the client or beneficial investor ceases as a PEP, the company cannot enforce ECDD measures as described in the Channel Islands.
Where the company confirms that the beneficial investor still holds a public position, the board shall continue to assess each transaction in accordance with the regulations of the Channel Islands Handbook. The firm shall treat the customers as a foreign PEP.
Correspondent Relationships
Correspondent bank relationship is a business link that exists between one or more baking institutions. With the correspondent accounts, financial lending institutions could conduct business and supply services among their shareholders. Additionally, there are similar connections in different fields of the financial services industry.
Based on the definition, the company shall employ ECDD measures to a company relationship or trade that represents a correspondent banking service or comparable to such a connection since it supplies solutions to other lending institutions.
Based on the recommendations in Strategy 3, the company shall:
- A correspondent banking relationship with a shell lender
- Takes appropriate steps to detect and discontinue any business operation with a correspondent banking association that allows its account to be used by a shell lending investment.
The firm shall enforce the appropriate measures for transactions and operations associated with security trade and funds transfers. The company shall:
- Collect sufficient information regarding the reason for such transaction or funds transfer.
- Investigate the correspondent bank to ascertain its public standing and status. The firm shall also determine if the institution has been flagged for money laundering or FT activities.
- Evaluate the bank’s CFT and AML mechanisms, policies, control procedures, regulations and operations to test its impact in mitigating, detecting and preventing money laundering and financial crimes.
- Get board approval before instituting new correspondent links.
- Conduct an appraisal of the bank’s CFT and AML policies and document them as reference materials.
Where a correspondent investment requires a third party account, the company must take appropriate actions to show that:
- The client (the respondent establishment) complied with the mandatory CDD control procedures in accordance with the regulations of the Channel Islands Handbook.
- That the respondent establishment can supply relevant identification reports of its clients and the correspondent accounts.
The company shall enforce effective controls and procedures when approving a correspondent relationship or other financial solutions agencies.
High-Risk Nations and Territories
The company must have proper and effective managing systems in accordance with the requirements of the Handbook. The management systems shall cover shell bank operations, high-risk assessment of different countries and geographical areas.
The firm will employ ECDD control measures to business relationship or trade where the client or beneficial investor has links with territories that:
- Offer support or funding for terrorist actions or does not apply the FATF endorsements.
The firm shall refer to the term ‘relevant connection’ with a customer who:
- Is a national government, public authority or Nation
- Is a politically exposed person within the same territory or resides in the geographical area.
- Has business investments and can be identified in the territory.
- Generates funds and income from:
- Resources owned with the client or investor from the territory.
- Income originating from the territory.
- Has relevant business links with the nation or territory as stipulated in the Channel Islands Handbook.
The company should have policies, processes and controls to categorise countries that fall within the demands and requirement of the Channel Islands Handbook.
In determining whether a nation provides support and funding for money laundering activities, the firm shall seek information from credible and valid databases and enforcement reports.
Besides falling within the demands in Schedule 3, the firm shall apply the NRA in its risk assessment analysis to prioritise the threat level of each business relationship.
As a part of its strategies, procedures and controls, the company needs to:
- Be more conscious of concerns about flaws in the AML and CFT systems of different nations or territories.
- Consider any company from threat evaluations and reports issued from by the Commission.
In assessing the strategies, control measures and policies of each country, the company shall consider:
- Reports and press statements issued by the regulator and enforcement watchdogs. These agencies include the UN, IMF, World Bank and FATF.
- Findings of accounts issued by respectable sources such as crime watch agencies and US state department.
- Circumstances where the state or territory has not been subjected to anti-money laundering controls.
- Its experience in operations and threat assessment evaluation. The firm’s experience could indicate flaws in the ML or FT execution in the country or broader concerns (by way of instance, the incidence of medication or person trafficking or governmental corruption).
Shares and Warrants
The company shall employ ECDD controls to any investment relationship or trade where the client or some other authorised person from the possession and management structure of the client owns some bearer shares.
A bearer share is equity possessed by any person that has the physical document or certificate. The bearer instrument cannot be documented as a register element.
Where the company’s risk appetite permits the client or investor to own and manage the bearer shares, the company should have proper and effective strategies, processes and controls to mitigate the threat posed by their usage.
Where the company manages and controls a market transaction or business relationship, the board shall apply some ECDD measures to ensure compliance with the regulations and obligations of Schedule 3. The firm shall:
- Ascertain and investigate the motives why the client, investor or other authorised people that control or has possession and management structure of the client has bearer stocks or warrants.
- Have custody of their bearer stocks or warrants and ensure compliance in location and immobilisation. The firm shall confirm the quantity of transaction and place of their bearer shares or warrants. Custodians of these bearer stocks or warrants shall notify the firm of any alterations to documents in their possession.
The company must enforce the above-mentioned guidelines, controls and procedures in any business relationship or trade no matter whether the recognised bearer share or warrant signifies a sum under the appropriate threshold for possession or management of the authorised individual.
Enhanced Measures
The company shall comply with the requirements of the Channel Islands Handbook on every business relationship, whether high-risk or low-risk operations. Therefore, the firm shall enforce enhanced measures on clients and business payments. The list includes:
- Non-resident clients in the Bailiwick
- The supply of personal banking services;
- A client, which is an authorised person, utilised for private asset holding functions
- A client that is:
- An authorised person using nominee investors.
- Controlled and managed by an authorised customer with nominee investors.
This Handbook describes ‘enhance measures’ as the act and process of applying and enforcing effective and appropriate actions and decisions to detect, prevent and mitigate money laundering activities during business relationship and trade.
The firm shall note as a precautionary measure, since its business associations or trades may include more than one investment, the company must adopt enhanced measures based on the risk factor of each individual business. Such action prevents and mitigates varying degree of risk factors that accompanies each investment, exchange or trade transactions.
For example, a trustee builds a trust relationship for a client to whom it implements enhanced steps as established in Section 8.9. The agent then functions as the client in a business transaction with different investors in which, acting as a trustee, they create accounts a personal bank. The lender will employ enhanced steps to mitigate the threats related to its client being a private asset holding vehicle and provide personal banking services as detailed in Sections 8.10 and 8.11 of the Channel Islands Handbook,
Non-Resident Client
Non- resident clients who attempt to develop a business relationship or run trade operations with a company in the country will normally have valid reasons for such business. However, such clients may carry higher threat or likelihood of ML or FT transactions. For example, moving illicit funds from their country, a territory of residence or concealing the origin of capital from an official of their current location.
Based on these assumptions, the firm shall apply the following measures to non-resident clients or investors with business relationships in the country of residence.
- The firm must ascertain or investigate the client’s reasons to establish a business relationship or conduct trade operations in the country of residence.
- The firm shall employ external information sources to gather data on the client and the country threat evaluation to construct a client’s business and risk profile comparable to a resident client.
- The firm shall apply appropriate and effective strategies and control to investigate and ascertain the client’s source of funds and consider the mode of operations complies with the regulations of the Channel Islands Handbook and strategies on Money Laundering.
In accordance with the regulations of the Channel Islands Handbook, the firm shall investigate and document detailed explanations of its investigation and analysis on the reasons for the client’s business relationships or transactions. The documents must be clear and easy to understand. The reasons given needs to be detailed and purposeful. The firm shall avoid subtle reasons such as tax preparation, asset protection or comparable investments.
Where the company determines that the reason for the business relationship or trade is tax preparation or tax reduction, the company shall comprehend the inherent tax justification for the investment or mutual trade. Where concerns have been raised relating to the rationale, the company shall request for a duplicate of the tax ruling or agreement form to ascertain the client’s arrangements.
Where the firm shall ascertain the source of its investment capital and funds, the company should consider transactions that generated such comprehend the provenance of their capital and any possible consequences to these funds being transferred funds and the threat implications of transferring or moving the proceeds into the Bailiwick. For example, the firm shall determine if the client tries to evade or circumvent funds controls by simply transferring the illicit funds.
Personal Banking Services
Personal banking is defined as the supply of personalised banking or investment solutions to clients in a managed relationship. It might involve complicated, customised structures and higher value trades across multiple nations and territories. Such clients may pose varying levels of business threats on activities that facilitate ML and FT.
For the purposes of the section, personalised services shall be regarded as a private banking facility when it satisfies the following standards:
- When it is provided or suggested to private customer or clients (either directly or via an authorised individual or authorised arrangement) identified from the company as being qualified for the support based on the net value.
- Where it entails high volume investment.
- When it is a non-standardised arrangement.
- Where it is designed to meet the client’s needs.
The firm must understand that personal banking services are not solely for banks a lender (with the exclusion of collecting deposits) but can be extended by a company authorised under the POI Law. A company authorised under the Trustee Law who facilitates private banking solutions as its responsibilities cannot be described as private banking merchant.
Based on the submissions above, the firms shall apply one or more of the following enhanced measures under a personal baking service.
- Assessing every transaction, agreement data and information acquired as part of the company’s CDD policies to ensure the client’s investments data complies with its regulations and remains relevant.
- Where trade tracking thresholds are employed, the firm shall ensure that effective measures were used and contemplate whether should be decreased to provide increased oversight of trades linked to the company relationship
- Applying appropriate and effective measures to investigate and ascertain the client’s source of wealth during business transactions to avoid threats of supporting money-laundering activities.
Where the company provides private banking solutions and other retail transactions providers, it must classify if the customer uses private banking solutions in accordance with ML laws or if the goods and services are categorised as transactions for retail banking solutions. If such transactions are retail investments, the firm does not require any enhanced control measures.
The Client is a Private Asset Holding Vehicle
The expression ‘private asset holding vehicles’ describes all legal persons or private agreements created by natural persons to the particular intention of holding resources for the investment. Whilst there are a few motives for establishing a private asset-holding vehicle, using such solutions as either an authorised individual or private arrangement may conceal the origin of wealth or the identity of the beneficial investor of the transaction. Private asset holding vehicles poses a greater threat, which makes it more challenging for the company to set up the true beneficial ownership of a client.
Notwithstanding the aforementioned assumption, the threat associated with personal asset holding transactions could differ based on the likelihood that a controlled corporate and trust service supplier provides corporate solutions to the private asset holding vehicle. This will consequently determine the degree of the improved measures to be implemented from the company to the client.
In accordance with regulations of the ML Act, this section highlights enhance measures the firm can apply to customers who require personal asset holding services.
- Ascertaining the intent and reason for a private asset holding service as opposed to a valuable beneficiary investor holding assets. The firm shall ensure that the client’s motive for such migration is authentic and legitimate.
- Applying effective measures and control systems to detect and determine the client’s source of wealth and funds used for business transactions.
The firm shall apply Paragraph 5(2) where the client is a third party, and the personal asset holding agent acts as a trustee for the business investor.
Where the firm investigates the intent and rationale for using the asset-holding vehicle, the board must document its conclusion and detailed analysis for future references. The reasons given must be detailed and purposeful other than tax preparation, asset protection or similar business deals.
Where the company determines that the reason for using the private asset-holding service is for tax preparation or tax reduction, the company should ascertain the inherent tax justification. Where concerns have been raised on the client’s motives and rationale, the company shall request explanatory documents and duplicates of the customer’s tax ruling or taxation information to evaluate the business arrangements and agreements.
A Client with Nominee Shareholders
There could be strong reasons for a client utilising nominee investors during business transactions. For example, the client may solicit their support to facilitate management solutions and reduce prices by permitting the nominee to provide crucial company activities.
Notwithstanding the above mentioned, as detailed the Handbook, the use of nominee investors create avenues and channels to conceal accurate possession and management by dividing beneficial and legal ownership. Using nominee investors poses a higher risk, which makes it challenging for the company ascertain the true beneficial owner of the client’s proceeds and operations.
For the purposes of detecting and preventing fraudulent transactions, involving the use of nominee investors and legal shareholders, the firm shall apply the following enhance measures to mitigate and align its policies in accordance with the requirements of the Channels Islands Handbook.
- Ascertaining and satisfying itself concerning the reasons why the client or an authorised person who acts on behalf of the customer is using nominee investors.
- Utilising external information sources to gather information about the fitness and propriety of their nominee investor (like their controlled status and standing) and the country’s risk priority.
- Where the nominees are classified under intermediary relationships, the company shall apply to enhance measures in accordance with the Commission’s regulations.
Where the company establishes a business association or trade with a CIS that is authorised or filed by the Commission and has not been nominated as the party responsible for implementing CDD steps to shareholders, the firm may not employ enhanced steps in such transactions and business agreements.
Simplified Customer Due Diligence (SCDD)
Introduction
This section enumerates procedures and steps for business relationships with low threat evaluation. It sets the capability to employ SCDD steps in investment operations or trade transactions and defines simplified steps that could be implemented.
This chapter must be combined with Chapters 4 to 7 of the Handbook because it provides crucial CDD obligations with specific requirements for all types of natural persons, legal investors and lawful agreements the company could manage as business links and operations.
SCDD procedures
The overall demand is that investment relationships and trades must pass different CDD steps in accordance with Schedule 3. The measures include the capacity to identify and classify the client’s identity and take sensible, appropriate measures to validate the identification of the beneficial investor.
These circumstances are examples where the business threat assessments have been categorised as low in ML and FT activities:
- A Bailiwick client where the company recognises the aim and motives for the business relationship or agreement.
- A business transaction or agreement where threats associated with the investments are low, and data regarding the client’s identity is accessible, or where sufficient measures and controls are enforced.
- A business transaction or agreement where the client is an Appendix C enterprise.
There could be circumstances where threats ML and FT was evaluated as reduced from the Bailiwick based on its NRA. In such conditions, the company shall implement SCDD steps to identify and confirm the identity of clients and beneficial investors.
The SCDD measures implemented by the company ought to be commensurate with all the very low hazard factors and should connect simply to connection approval measures or to facets of continuing monitoring (excluding sanctions screening). Examples of possible steps could include:
- Decreasing the confirmation steps applied to the client or legal owner in accordance with the requirements of the Channel Islands Handbook.
- Decreasing the level of monitoring and evaluation of transactions according to the client’s financial threshold.
- Conducting minimal analysis or executing specific steps to ascertain the objectives and motives for the agreement or business relationship. The firm shall always infer and classify the intent and character from each trade deal or transaction.
The company shall review its threat assessment on each business agreement and determine whether the identification information is valid and appropriate for the revised risk evaluation of each operation. The firm shall apply these submissions when it understands the conditions that trigger the business risk and SCDD steps.
Where the company approves a decision to apply SCDD steps, a detailed proof, which reflects the motive for such decision, shall be stored for reference purpose. The documentation should offer a justification for the firm’s decision, such as why it was necessary to enforce SCDD steps in the business agreement and threats analysis of ML and FT.
In accordance with the regulations in Schedule 3, the powers to apply SCDD controls shall not be used in cases:
- Where the company doubt that parties to a business agreement or transaction are engaged in vices or activities that support ML or FT.
- Where the threat evaluation to a business relationship or trade is low.
Bailiwick Residents
Where the client, beneficial investor or other essential principal in the business agreement is a natural person, the firm shall enforce SCDD measures in accordance with the Channels Island Handbook. Where the company has decided it can apply SCDD procedures because the threat has been assessed as low, it might elect to confirm the client’s name, date of birth and residential address.
The firm must understand that not all residential customers in Bailiwick might have a low-risk score. The company shall ensure that investment threat appraisal is undertaken.
Where the firm considers that threats to trade relationships or business transactions are higher than normal, it should implement CDD or ECDD measures in accordance with the regulations of Schedule 3.
Bailiwick Public Authorities
Where the client or beneficial investor to business operation is a prominent person in Bailiwick, the company may choose to use SCDD steps. However, in cases where SCDD procedures are implemented, it is optional to use all the verification steps for the public authority.
The company has to recognise and verify the identity of the Bailiwick’s notable authority, including:
- The title of the authority
- The character and status of the prominent person.
- The location and address of the individual.
- The titles of managers associated with authority.
The firm shall consider the following list as examples of portfolios described as public authorities:
- A government unit or agency
- A body created by legislation;
- A parish authority
- An organisation owned majorly by a public authority.
Where the legal customer is empowered to act on behalf of a public authority during employment, it is not mandatory to verify the identity of such individual. The firm shall verify the client’s authority to act or make decisions for the public authority.
Investment Structures Registered by the Commission
Where the client or legal owner of the business agreement is a CIS authorised or filed with the Commission, the company shall categorise the CIS are the main agent based on the demands of its CDD policies.
Based on this assumption and for the purpose of verification, the firm shall collect evidence and proofs that the CIS is duly registered and authorised by the Commission.
Where a legal person who acts for a CIS is employed by the same institution, it is not compulsory to enforce measures or CDD policies. However, the firm shall verify the authority to act on behalf of the collective investment scheme.
For instance, where a lending agency is launching an account to get a CIS authorised or enrolled with the Commission, the lending institution may classify the CIS as the client to be assessed and identified.
Appendix C Firms
The term ‘Appendix C’ as described in the Channel Islands Handbook refers to nations or territories the Commission is empowered to regulate its financial service business (FSB) or prescribed business (PB) to detect, prevent and mitigate ML and FT activities or operations in accordance with FATF recommendations. Appendix C shall be reviewed periodically to add and delete listed counties based on their threat assessment, agreement and policies as prescribed by the Commission.
The evidence that Appendix C contains countries that enforce FSB or PB regulations does not mean these nations have effective measures to tackle money-laundering activities. Therefore, compliance with the FATF recommendations differs from its adherence to effective policies and control systems.
The categorization or classification of countries as Appendix C does not mean that business activities in these territories are low risk nor does it imply that any business associate, client or owner with links to such nation shall be categorised as a low-risk investment.
Where the client has been classified as an Appendix C industry, and the motive for investment is known, subject to Commission with the exclusion of conditions in Paragraph 9, the confirmation of the identity of this Appendix C Company is not compulsory.
Where a client or associate is mandated to act on behalf of Appendix C, it is not compulsory for the company to investigate or confirm the identity of the individual. However, the company needs to verify the individual’s ability to act on behalf of the Appendix C enterprise.
The company is not mandated to control FSBs or PBs from the authorities listed in Appendix C if they comply with the requirements in Appendix C. The company can impose higher standards compared to the minimum criteria identified in the Handbook where appropriate.
The requirements and provisions of this paragraph should not be implemented for an Appendix C firm because the customer or beneficial owner shall act only as a trustee or fiduciary of a trust.
Classification of Appendix C Nations and Zones
In categorizing countries and territories, the firm shall exercise its mandate in accordance with the requirements of schedule 3. The firm shall consider the following obligations.
- The firm shall consider the ML and FT threat associated with nations, territories and geographical areas
- The firm shall determine the level of collaboration it expects from relevant governments in these nations and regions.
The firm shall also consider the jurisdiction of all countries listed in Appendix C. The list of concerns includes:
- The authority’s membership of the FATF.
- Reports and evaluations by the FATF or other regional figures for compliance with all the FATF recommendations;
- Good governance pointers
- The extent of illicit activities such as arms running, drug trafficking and corruption within the province of authority.
- The level of terrorist activities and terrorism financing operations within the regions of authority.
When reviewing tests performed from the FATF or alternative institutions, the firm shall monitor and observe:
- The reports, assessment, and recommendations of FATF guidelines as stipulated by the Commission.
- the evaluation, appraisal, and ratings of compliance of the listed countries on AML and CFT operations based on the FATF’s ‘Immediate Effects’ in controlling business operations.
Receipt of Cash as Identity Confirmation
Where the client and beneficial owner investors are identified, and the board clarifies its operations and business investments as low risk, the company will consider the receipt of payments, funds transfers or cash to confirm the client’s identity.
To manage this provision and obligation, the firm shall ensure that:
- Cash transfers, funds and other payments are made from an Appendix C investment.
- Cash transfers and funds payment are made by clients or beneficial owners.
- Payments are paid into the client’s account (third party transfers and payments are not permitted) or in the title of the authorised practitioner acting on behalf of the buyer.
- No modifications can be carried out for any service or product, which allow money to be received from or paid to a third party.
- Cash transfers or withdrawals are not allowed except by the client or beneficial owner, investor on a Face-to-face verification where the identification of the customer could be verified, and cash transactions can be confirmed.
Where the investor has been approved, and some demands were not followed, a thorough investigation and confirmation of the identity of the client and beneficial investor shall be conducted in accordance with the requirement of Schedule 3 and the Channel Islands Handbook.
Where the company suspects that customers or beneficial owners may have concealed certain parts of their transactions to evade compliance with CDD measures, the bard shall cancel receipt verification for those individuals.
The company has to maintain documentary proof to show that its measures were detailed and effective, and business risk is low. Such evidence shall be used as a reference for future undertakings.
Intermediary Relationships
The term ‘intermediary relationship’ describes the situation where the company proposes a business agreement with an arbitrator who acts as a third party agent to several clients. In such a scenario, the firm deals directly with the third party agent who becomes a liaison or acts on behalf of the beneficial owner. Where the company has evaluated the ML and FT threats of such proposals with the third party as low risk, the board shall clarify the intermediary a customer and implement its CDD measures rather than identifying and confirming the identity of the beneficial owners.
The company should be mindful that money launderers are drawn to complicated services and products, which operate globally within a corporate and safe financial environment. Therefore, the company must be vigilant to the threat of an intermediary relationship agreement.
Subsequent sections in this Handbook highlight standards that must be fulfilled to get approval for a third party investment. In such conditions, the company will not have a direct association with the arbitrator’s client and shall not employ CDD steps, unless the board considers it appropriate for the investment relationship.
Risk Assessment
The company shall evaluate the threat assessment of an investment relationship before approving the intermediary agreement or transaction. This type of assessment will permit the company to ascertain the threat of trust for the intermediary and consider whether it is acceptable to classify the individual as the company’s client. Alternatively, the firm shall consider:
- Deal with the arbitrator as an introducer in accordance with the recommendation of the Channel Islands Handbook.
- Employ CDD steps to the client who acts as an associate or third party.
Criteria for Placing an Arbitrator Relationship
When creating or approving an intermediary business agreement, the company must enforce CDD steps to ensure that the arbitrator is:
- An Appendix C investment.
- Owned by a nominee subordinate vehicle of an Appendix C investment that enforces strategies, controls and measures in accordance with the requirements of listed nations and business.
When the firm’s evaluation shows low risk for an intermediary business relationship, the board can implement CDD measures based on its prerogative. However, as a minimum rule, the company shall;
- Access, investigate, verify and confirm the identity of the intermediary.
- Collect written confirmation from intermediary as they:
- Affirm the intermediary has proper risk-grading processes to distinguish between the CDD needs for elevated risk low-risk relationships.
- Comprise proof that the intermediary enforces effective CDD steps for its clients. The measures include ECDD controls for PEPs and other high-risk investments.
- Includes adequate information to enable the company to understand the function and motive of the intermediary’s business or agreement.
- Confirm that the intermediary shall manage all business accounts and has supreme control for all service or product.
Where an intermediary agreement has been created, the company shall prepare and keep documents and evidence of the following:
- The rationality of its decisions that the threat assessment is low;
- It has implemented CDD controls on the intermediary
- The intermediary relationship is associated with the supply of goods or services, and it complies with the regulations of the Channel Island Handbook.
In situations where the standards for an intermediary relationship are not effective or cannot be implemented, the link or agreement cannot be classified as an intermediary relationship.
Where the company has decided, according to its regulations, it cannot use the intermediary as the client, the board shall classify the associates of the intermediary the company’s customers and shall apply CDD steps based in the regulations of Schedule 3 and the Channel Islands Handbook.
The firm shall consider whether it is safer to apply CDD measures to investors, shareholders, beneficial owners and legal agreements rather than the intermediary who acts on their behalf.
The firm shall apply the following procedures according to the Commission’s rule when dealing with the intermediary’s associates and clients. The firm shall:
- Open person accounts in the titles of all consumers on behalf of whom the arbitrator was authorised to control and employ CDD procedures.
- Create accounts in the intermediary’ name provided the company collects the list of clients being managed by the intermediary and apply CDD obligations to prevent ML and FT activities.
Classifying Products and Services
The firm shall consider and classify an intermediary as a customer when they operation or provide one of the following products or services:
- Investment of business capital to back your life company’s policy obligations.
- Conducting different restricted investments with a POI licensee in accordance with regulated FSB and POI laws. In such situations, funds may not be transferred to a third party unless the individual is the source of wealth.
- Investments in a CIS or NGCIS venture. The beneficial owner shall control the investment account.
The Business of Life Company Capital
Where the company is accredited under the Banking Law and supplies services to life insurance firms via the launching of an account to facilitate business transactions for the company’s policy obligations, the board can classify the life insurance business as its client.
Where a firm licensed or authorised by the POI regulation and the insurance company is financing its policyholder capital in a CIS authorised by the Commission or an NGCIS, the firm can classify the life insurance as its client.
If the investment or account includes a coverage identifier, the company shall procure a legal document or undertaken from the insurance agency stating it is empowered and authorised to conduct the affairs and operations of the beneficial owner or policyholder in the Bailiwick.
Investment Activity
Where the company is accredited under the POI Law and conducts regulated activities with another controlled FSB, the company can treat that controlled FSB because of its client.
Where the company acts under these provisions, any funds obtained by the intermediary shall not be returned to another party, unless the associate or third party has the source of wealth and the company accepts that participation of the third party does not support ML or FT activities.
Transactions for Collective Investment Schemes (CIS)
Where the company was nominated in compliance with Paragraph 4.57 and investment conducted in a CIS or NGCIS with an intermediary, the nominated company shall categorise the intermediary as its client.
Investments conducted in a CIS through an intermediary as explained under Commission Rule 4.70 (a) where the identification of the inherent shareholders cannot be revealed to the CIS or the nominated company is a global practice and authorised by the IOSCO and ESAs.
Notwithstanding the aforementioned, the capability of investors to invest in a CIS in an anonymous transaction raises the threat of a CIS being used for ML or FT operations. Such assumptions are vital where there are few investors who are authorised to manage and control assets in a CIS via a third party or associate. By implication, it is possible for investors to control more than 25% of the stock’s value via an intermediary and still conceal his or her identity of the business.
The nominated company must understand that some CIS may have fewer investors and such underlying factors do not affect its classification. CIS firms with fewer investors could be hedge funds, private equity capital agencies, or real estate. CISs with few investors of high net worth have a higher threat factor to carry out ML or FT operations than institutional funds.
Personal asset holding vehicle shall not be empowered, mandated or registered under the POI Law. The POI law states that ‘ a CIS is any arrangement relating to the property of any description (including money)…in which the investors do not have day-to-day control over the management of the property to which the arrangement relates (whether or not they have any right to be consulted or give directions)’.
The nominated company must know that a licensed or registered CIS may possess the characteristics of a private asset-holding vehicle.
Where the nominated company applies an intermediary’s provisions in a CIS, the nominated company must have evaluated the threat level of the CIS used by these investors of private asset holding automobile as low. The decisions of the assessment shall be recorded and analysed as a decision-making tool.
In conducting its evaluation according to the guidelines of the Commission, the nominated company shall observe the mode of shares distribution, the mandate attached to each unit of stock or shares, any unusual relations involving share or unit holders and board members or parties associated with the CIS.
The evaluation undertaken by the company shall form its threat assessment for the CIS or conducted and registered as a separate appraisal.
Where the CIS operates with institutional shareholders via specialised intermediaries, the threat of such scheme obtaining a private asset holding vehicle for few investors considered as beneficial owners in accordance with the Bailiwick’s Beneficial Ownership program could be low risk.
A CIS may be created by an Appendix C investment as an in-house business for its clients and could act as the intermediary for such customers. In such cases, the nominated company shall investigate the CIS’ supply and performance to ascertain the risk threshold of each transaction. However, the firm may determine that the threat of the CIS is used as a private asset-holding vehicle is low.
Where the nominated company has assessed the risk of a CIS used as a private asset holding vehicle is minimal, the board shall not classify the intermediary as its client and has to verify the intermediary’s links and employ CDD steps to investigate them. The intermediary’s links could be associates, beneficial owners or principal officers.
Pooled Bank Accounts
Financial lending institutions and other related banking solutions receive pooled deposits from FSB and other associated organisations. The pooled accounts may include payments from more than one client and are held for an undisclosed period.
Where the company is authorised and empowered by the commission in accordance with banking laws and identifies accounts under its provisions, the firm shall treat such accounts as its customers. This provision is valid for:
- Accounts owned by a fiduciary and empowered or authorised by the commission or equivalent authority in the Bailiwick. Such accounts must meet the requirements where:
- The holding deposits in a short term basis.
- The holding of deposits by management services or an intermediary.
- A deposit account created by a company of lawyers or associates authorised by the commission in the Bailiwick.
- A customer deposit account created by a company licensed in accordance with the POI law or other equivalent jurisdiction
- A customer deposit account created by a company licensed in accordance with IMII Laws or other equivalent jurisdiction, where the managers of the insurance institutions regulate funds.
The obligations in Paragraph 9.72 are permitted for subsidiaries that:
- Has only clients with the Bailiwick.
- Applies similar AML and CFT strategies, controls and procedures as the trustee in the Bailiwick.
For the obligation in Paragraph 9.72, deposits are kept for a short period when they are held anonymous for 40 days.
Where a company is authorised by the Commission and holds funds for a trustee on behalf of a global lender falling within the definition of an Appendix C investment, the company shall classify the overseas agency as its client in compliance with Section 9.6 of the Channels Island Handbook.
Creating a Pooled Banking Agreement
Where the company operates has accounts in line with the provisions of the Commission and the contract agreement was evaluated as being low risk, the company can exercise its judgment regarding the CDD steps to be placed on the account holder in the specific conditions. However, as a minimum standard, the company must:
- Identify and confirm the identity and status of the account holder.
- Get written authorisation from the account holder that:
- Verify the account holder adopts effective threat assessment processes distinguish between the CDD measures suitable for high-risk contracts and low-risk agreements.
- comprises sufficient assurance that the accounts holder applies suitable and effective CDD steps for its clients (owners and other principals associates), such as ECDD control for PEPs and other high threat transactions or operations.
- Includes adequate information to comprehend the function and planned nature of each contract or investment terms.
- Affirms that the account holder has the sole power to manage and control the bearer account based on its product and service.
Where a business contracted has been approved and created for the account holder to manage a pooled account, the company must have documentary confirmation of the following:
- The effectiveness and transparency of the procedure to evaluate the threat assessment of the account holder and the rationality of its decisions that it is a minimal risk measurement.
- Assurance that the board implemented CDD steps concerning the account holder.
- That the contract relationship with accounts holders relates solely with the provisions for creating such transaction based on the obligations in the Channel Islands Handbook.
Where the company operates a pooled account for the account holder that:
- Excludes the provisions in Paragraph 9.72
- Was evaluated to contain some likelihood of fraud or raises concerns with the account holder’s activities,
The company must declassify the account holder because all clients must enforce and comply with the CDD controls in accordance with the regulations in the Channel Islands Handbook.
The company should always consider if the threat would be managed better if its team applies CDD controls on the client, valuable owner or investor rather than classify the associate, trustee or account holder as a customer.
Natural Persons
Introduction
The objective of this Chapter is to assign obligations on how to collect data or personal information from a natural person who functions as a trustee in at least one of these capacities within a business contract.
- A client
- A beneficial investor
- A natural person who acts on behalf of a client
- A natural person that authorises the client to act on his or her behalf.
Accepting that a natural person who acts in one or more of the abovementioned capacities falls within the provisions of the Channel Islands Handbook shall satisfy the following:
- The individual operates in accordance with the details provided in the identification form.
- That the client or beneficial investor represents who they claim to be by checking his or her identification information and confirmatory proof of identity.
This section highlights the requirements for a natural person and the characteristics on which the natural person can be classified using an appropriate identification technique in accordance with the provisions of Schedule 3.
The obligations of this section apply:
- When setting a business contract or trade agreement
- When executing a business transaction.
- Where parties within the business contract or trade agreement change or cease to operate with the firm.
Identifying Natural Persons
Where the company mandated to categorise a natural person in accordance with Paragraph 7.1, the board shall retrieve pertinent information regarding the identity of the natural person that contains:
- Name
- Any prior names (like a maiden name)
- Main residential address
- Nationality (such as cases where the natural person hold more than one citizenship)
- Any job currently or previously held and names of the organisation, institution, or job title where appropriate.
In accordance with the provisions of the Channel Island Handbook and in compliance with CDD controls, the company shall decide whether the client or beneficial investor is a PEP and if the board confirms such assumption, it must determine if the client is a national or international politically exposed person (PEP).
Confirming the Identity of Natural Persons
In accordance with the requirements of the Channel Island Handbook, the company shall confirm the client’s identity with identification appraisal data, the degree of which depends on the nature of investment and trade agreements. As a minimum standard requirement, the firm shall confirm the client:
- Legal name
- Registered date of birth
- Area, location and specific residential address.
The firm must confirm the following for natural persons associated with the trade agreement or investment contract provided there are classified as low risk:
- The associate’s place of birth
- The associate’s nationality.
To verify the aforementioned data and information, the firm shall use the following identification guidelines as appropriate:
- Passport bearing a photo of the natural person. The resolution must be high to avoid facial controversies.
- National or government authorised identity card bearing a photo of the natural person.
- Military identification card bearing a photo of the natural person
- Driving permit or license is bearing a picture of the natural person
- Electronic information databases that are independently stored for reference purposes.
The examples mentioned above are not exclusive. There are some forms of identification information that could be applied to produce a similar evaluation to identify a natural person. The firm is at liberty to apply such procedures provided they comply with the provisions of the Channel Islands Handbook.
Irrespective of its kind, the company has to be satisfied with the validity and veracity of the identification data used to check the documentation of a natural person, and its appropriateness shall depend on the assessed probability of the investment contract or trade agreement. The firm shall be vigilant because certain records might be prone to fraud than others or possess minimal measures of controls to detect the likelihood of money laundering activities. For example, some jurisdictions might issue driving licenses without due diligence being conducted on the account holder.
When changes alter the client’s status and profile (for instance, a change of title), the company must employ a risk-based method of upgrading that individual’s CDD records and determine whether further identification process shall be enforced to verify and confirm the change.
Besides the aforementioned verification measures, the company shall employ ECDD steps to the business relationship or mutual trade. The ECDD control mechanisms must include inter alia, comprising sets of measures as deemed effective and appropriate to verify and confirm the business contract or trade agreement in accordance with the provisions of the Commission.
Examples of supplementary aspects of the client’s identity, which the company could confirm in cases where the client is classified as a natural person. The firm shall verify the client’s job or previously held assignments in accordance with the provisions of ECDD obligations.
Verify the Client’s Residential Address
Listed below are acceptable procedures to verify the home address of a natural person:
- A utility bill in the client’s name or authorised credit card or banking account statement of transactions.
- Proof of correspondence from a government institution in the Bailiwick of Jersey.
- Private, corporate, commercial or digital data resources
- A letter from Appendix C investment where the client has an approved business agreement, and the customer’s residential address has been verified and confirmed.
- A property or tenancy contract
- A private visit to the client’s residential address.
- An electoral identification card is showing the clients address.
Where a normal person’s main residential address changes throughout the course of business, the company must confirm the new claim and document its findings in accordance with the provisions of the Channel Islands Handbook.
International Natural Persons
There may be times when a normal person who is non-resident in the Bailiwick cannot verify his or her residential address with the methods set out in Paragraph 5.15 above. Examples of these individuals include inhabitants of states without postal deliveries or even street addresses that use office boxes or even companies’ addresses for mail delivery.
Notwithstanding the aforementioned, it is critical for security reasons that the firm must determine, verify and trace the client’s residential address or other than documenting the customer’s post office boxes and other particulars.
Where the company has decided that a person has a legitimate reason for failing to comply with the identification process and may be removed from the business contract or trade agreement, the firm can validate the client’s home address using non-specific methods, provided the board is satisfied with the effectiveness of the verification procedure. The firm shall also confirm that the new methods of verification will not create new threat activities during business operations.
A good illustration of such an alternative strategy can be a letter by a manager or officer of a reliable overseas employer confirming the residential address of the customer or providing detailed evidence of its location.
Internet Bank Statements or Utility Bills
Where the home address of a natural person could be confirmed via a bank/credit or bill payments, the default procedure is to request for a post-delivery form from the customer. However, the reception of these items through the conventional postal system should be replaced with internet billing, shipping manifest or bank statements sent via emails.
Examples of digital online statements include:
- Internet banking statements from a renowned leaning institution, government agency, credit card merchants are bearing the full names of the account holder or natural person.
- An online utility bill or tax deductions are bearing the full names of the account holder or natural person.
Where the company agrees to use an electronic invoice as confirmation evidence for a natural person’s residential location, the board must be satisfied with the legitimacy and authenticity of the electronic statement introduced.
The company shall understand that some internet bank statements or tax utility bills can be altered to suit their fraudulent motives. If the board raises the threat threshold for such digital resources, the company is empowered to enforce any practical and proportionate measures ascertain whether the threat is confirmed. If the board confirms the likelihood of such a threat, it must verify whether the document can be accepted or rejected.
A good example of a measure the company could apply on the veracity of a record would be to confirm the information of the document from an independent source.
Electronic Verification
Electronic verification is described as the use of digitised systems or programs to confirm the identity of a normal person by fitting specified private information against digitally Captured bodily documentation or separate digital data resources.
An electronic affirmation can be utilised to confirm any combination of these required data points. Where an electronic confirmation system cannot confirm all the required data points, the company shall employ additional procedures to ensure such natural persons are verified in accordance with the provisions of the Commission and the Channel Islands Handbook.
Electronic verification systems vary by range and mechanism. For example, these verification tools could be digital capture, identification information of facial recognition or self-capture of uncertified documentation with a natural person utilising an interactive program from a computer or phone. A picture (or even a series of photos or a movie) of natural persons can be assessed and retrieved via Internet applications. Such documents can be verified independently to mitigate fraudulent activities or compromised standards.
Although digital verification reduces cost and time in collecting identification and information data for natural persons, the company should not forget the likelihood of additional threats on its use. The firm must determine the process and degree of inspection and support to avoid and mitigate avenues or areas of abuse.
Knowledge and comprehension of the performance and capabilities of digital systems show proof of suitability. The firm must confirm that these systems have the capacity to corroborate identification information. The use of different confirmatory links to match information emphasises the confidence of credibility.
Independent Data Resources
Independent information sources offer Broad selection of confirmatory proof on natural persons, and the technique has become more accessible. For example, independent information has become easy via public information and the development of commercial databases used by research companies. In accordance with the provisions of Schedule 3, data sources include:
- Electoral forms
- Phone directories
- Payment cards or debit card verification
- Business solutions providers; and
- Digital checks supplied by commercial bureaus.
Where the company schedules to verify the identity of natural persons, whether directly or via the third party, the board must ascertain the comprehension of the depth and quality of the verification technique to identify its customers.
Independent information sources may be utilised to confirm individual elements or a combination of data points. Where an independent data source does not meet the requirements of the Commission, the company shall apply one or more steps to ensure customers are verified in accordance with the demands of the Handbook.
When relying on individual data sources to confirm the client’s identity, the company should ensure that its origin, quality and scope of the information is appropriate and adequate and such design allows the firm to list and document its findings.
Safeguarding against the Financial Exclusion of Bailiwick Residents
There may be times when a Bailiwick natural person may encounter problems in providing proof of his or her residential address using the specified identification technique. Such scenarios may include:
- A short-term job permit for clients that do not have a permanent residential address.
- A natural person living apartments provided by his or her employee. In such cases, the resident natural person may not directly pay for utility bills or tax deductions.
- A Bailiwick student is residing in a university, school, college or shared lodging, who does not directly pay for services.
Where a natural person has a genuine reason for not providing the requested files and may be excluded from obtaining the company’s services, the firm shall provide an alternative way of affirming the client’s Bailiwick residential location. Listed below are examples of alternative ways of confirming the client’s residential address:
- A letter by the head of their family where the customer resides affirming that the applicant resides in the Bailiwick address. The letter of introduction creates a link between the natural person and the family head and proof that the family head resides in the Bailiwick address.
- A letter from the proprietor of the residence affirming that the client leaves in the purported property.
- A letter by a manager or supervisor of the employer confirming the residential address of the customer and the duration of employment. In cases of a short-term permit, the client’s residential address shall be verified, and measures to verify the authenticity of the document.
- In the case of a Bailiwick undergraduate, a letter from a Bailiwick parent or guardian shall be accepted, and a letter of admission must be obtained from the school. The pupil’s residential address must be investigated and appropriate measures applied to verify the authenticity of such a declaration.
Certification
Introduction
Certification is a procedure where a natural person undergoes personal and profile data identification. The individual employs a third party to verify the authenticity of links between his or her profile and identify data. The certified evaluation information is offered to the company as confirmation of the client’s identity.
A third party certification mitigates the threat of transacting business agreements with anonymous clients who are principal agents of the trade agreement. Additionally, it protects against the threat providing fraudulent identification data that does not correspond to the person whose identity must be confirmed.
Client certification has two functions:
- The process provides confidence to the parties of the business contract showing the true profile of each identity.
- It confirms that the client, as the owner of the documents needed or provided to complete the certification process.
Certification demands that third parties must be natural persons of high public status. However, with improvements in engineering, the third party could be an automated system, which acts a certifier based on series of control integration.
This section is divided into three segments and supplies different requirements for client certification, depending on the technique to be utilised:
- Natural persons confirming physical proof identification information.
- Natural persons attesting scanned documentation information.
- Digital ways of verifying identification information.
Obligations
For the certification process to be efficiently managed, the certifier must be a reliable third party that has witnessed and seen the initial identification information and where the information includes physical identification, the certifier must have met with the client. These procedures must be followed to ensure compliance with the standards of certification.
To ensure compliance with the obligations of the Commission, the company should have the following agreements:
- A coverage or processes that reflect the business’s risk appetite towards relying on the identification information;
- An effective policy for third party associates that are considered appropriate by the Commission.
- Processes allowing the company to verify the arrangement of these third parties with accredited identification information upon which the board intends to use.
The company needs to exercise caution when taking accredited identification information, particularly where such data arises from a nation recognised to represent a higher risk or by non-compliant institutions, agencies or entities.
Prerequisites for Natural Person Certifiers
Although there is no format to be adopted by the certifier, the company must ensure the certifier dates and signs the certificate and offers sufficient information to validate the following:
- That the certifier has seen the true copy of the client’s identification information confirming their identity or home address
- That the certifier has seen the client or natural person who requires approval and identity verification.
- Sufficient information about certifier to enable the company to undertake the necessary evaluation of the suitability of this certifier when the need arises.
The certification details shall be given by the certifier as a photocopy on the identification data or attached as a cover letter or other detailed reports that accompany certification data.
In accordance with the Commission’s regulations, the phrase ‘adequate information’ means:
- The identity and names of the certifier
- The prominent position or public portfolio held by the certifier
- A detailed report of contacts associated with the certifier (email address, phone numbers or residential address).
The Commission rules that certification can be conducted in two ways, namely:
- A paper-format document where the client’s certification is signed and stamped on a photocopy of the identification data or attached accordingly.
- An electronic or digital certification where the identification data is printed and stamped.
The procedure for electronic certification follows the same rules for the paper format verification. Where the certifier approves and accepts the identification information supplied by the client, the officer can then append his or her signatures using digital imprint. The certifier will apply an electronic signature similar to a digital replica of the identification information. The proof of certification shall be retrieved and sent electronically to the board.
Where the company utilises an online method permitting natural persons to re-evaluate their identification information electronically or receives identification information that was licensed by a natural person, the board must ensure that it satisfies itself concerning the authenticity of this certification process that granted such approval.
Where the company wishes to allow soft-copy accredited identification information, the rule is to use digital accredited (or equal) identification information utilising the procedure set out in Paragraphs 6.12. (b) and 6.14 above. However, there may be instances where the certifier may not have internet access and is unable to certify documents, and where the supply of hard-copy certification through postal methods is unfeasible.
Where the company receives identification information insured by Paragraph 6.12 electronically, the board has to be satisfied concerning the authenticity of this identification information supplied and the receipt of this identification information in soft-copy type does not create a high-level threat to the company.
In satisfying itself concerning the authenticity of this scanned soft-copy identification information obtained, the company shall consider, among other elements, the sort of identification information used and the origin of the record (s) obtained.
Evaluating the Appropriateness of Natural Person Certifiers
Where photocopy identification information accredited by a natural person is approved, irrespective of the form of identification, the firm shall ensure that the certifier is qualified and the appropriate person to validate the identification information according to the assessed threat threshold. The firm shall measure the level of reliance it hold on the certified document based on the provisions in the Channel Islands Handbook.
In line with the provisions of the Commission, the firm shall establish strategic policy controls to determine if someone is qualified to categorise and certify documents based on the threat assessment of the business contract or trade agreement. The firm shall also consider if it could rely on the certified identification data. Under the policy, the firm shall consider whether the certifier:
- Is connected to or associated with the client whose identity has been certified.
- Retains a proper public position under confidence and whether individual profiling was conducted on the certifier
- Is a part of an expert body that undertakes independent supervision of compliance?
- Followed due diligence to meet the requirements for authorisation as part of its modalities to ensure compliance with the certification process.
- Works in one or more institutions forming a part of a group where the company adheres to the provisions of AML and CFT policies, controls and procedures.
- Is subject to specialist principles or a part of the industry body enforcing ethics for the certifier’s behaviour.
The company’s plan for checking the appropriateness of a certifier must include measures where the board deems it suitable to confirm the credentials of their certifier.
As part of the provisions stipulated in the Channel Islands Handbook, the firm shall consider the following instruments when confirming the qualifications of a certifier. The firm shall consider:
- The standing and public records of the certifier
- The firm’s experience of accepting licensed records from clients with similar occupation or country.
- The adequacy of control systems to mitigate ML and FT activities in the locations where the certifier operates.
- The magnitude by which the firm’s control systems applies to the certifier.
Certification Requirements for Digital System Certifiers
Along with the paper-based procedure of identity verification, firms also adopt digital designs of collecting identification information. The details of such a procedure can be retrieved from Section 5.6 of the Channel Islands Handbook.
As technology has evolved and applications improved, higher controls have been integrated into the validation procedure that has successfully enhanced the demand for certification. These digital controls offer powerful confirmation of a client’s identity along with the corroboration between the natural person and the identification information adopted for such certification. The examples below highlight the components of digital requirements:
- A regulation for photos to be obtained during the system’s use. The application is programmed to take photos when the client is positioned before the camera.
- The addition of anti-impersonation steps (a necessity for the client to repeat phrases, words or passcodes ordered by the company during a video chat).
- The corroboration of these pictures to confirm the client’s physical looks and online photographs.
- A procedure where the pictures are privately confirmed either with a trained person or computer program, to verify the credibility of the identification information utilised to confirm the client’s identity.
- The corroboration of biometric data such as fingerprints and voice identification to verify, detect and match the client’s records with physical proofs.
- The use of geotagging to verify the place where the user interacted with the machine.
Where the company adopts a method of electronic confirmation of the natural person, the board must evaluate the veracity of these controllers within the machine to ascertain whether it will rely on the outcomes generated or if further steps are essential to match the present controls.
The measures undertaken by the company could comprise:
- Requiring a representative of the company to be current together with thebe available with the client when the software is preloaded.
- Issuing applicants a unique code of identification to ensure that all photographs are tagged during confirmation.
Certificate of Accreditation for Individuals and Legal Counsel
Where the company is provided with records to verify the identity of an authorised person that are duplicates of the originals, the board must ensure that all clients have been confirmed by the business secretary, manager, supervisor or a third-party certifier.
Where the company is provided with records to verify the identity and legal position of an agency or institution using duplicates of the originals, the company must ensure an agency official a proper third-party certifier accredits them.
Where the company is provided with records to verify the legal position of trust using duplicates of the original forms, the company must be certain they are licensed by a representative of the Act or by a proper third-party certifier.
Certification must be supplied in an identical format as stipulated in Section 6.3 of the Channel Islands Handbook, either via a hard-copy record or an electronic imprint signature applied to a digital copy of the document.
While there are no special requirements concerning the wording used, the company has to satisfy itself the natural person certifying the record is qualified based on the provisions of the Commission for business contracts or trade agreements.
Chains of Duplicate Certified Documentation
The approval of initial identification information and data licensed in accordance with the provisions of the Commission protects the contract from fraudulent identification data that do not tally with the identity of the natural person or customer. The advantages of this strategy are restricted; however, it supports the certification process where files have now passed through different certifiers, and the connection between the client and the company is now distant.
Based on this concern, should not place emphasis on photocopies of licensed identification information, rather the board must consider acquiring the first certified copies of the client’s identification data.
Where the company accepts copies of the client’s identification information, the following criteria need must be adopted:
- A photocopy of the client’s identification information supplied by an Appendix C firm.
- The Appendix C industry has verified the copy supplied is a true replica of this Identification data that it retains;
- The Appendix C firm must verify a qualified natural person must have certified true copies of the client’s identification information submitted to the company and the identification information given to an Appendix C industry. The firm must ensure that the certifier was eligible to make such judgments to avoid fraudulent activities.
- Where the verification data replicated by the Appendix C industry relates to the confirmation of the natural person, the company shall ensure that the photocopy of the identification data provides proof that the client is who they purport to be.
In accordance with the provisions of the Commission, this section provides examples of justifiable cases:
- The use of photocopies of the client’s identification data stored by a trustee with the aim of creating accounts for his or her client.
- The supply of copies of identification information stored by an Appendix C company for a legal professional engaged by Appendix C investment to provide guidance in relationship with a Client at the demand of the Appendix C enterprise.
The obligations in this section do not apply where the firm approves the control and management of business contracts by a third party or acquires customers from another producing agency. In these conditions, the company places reliance on the trustee or third-party implement CDD steps to a client, beneficial investor or shareholder in compliance with its strategies, controls and procedures. Therefore, the company may make photocopies of accredited documentation as an assessment of the third party or via its acquisition of block consumers.
Record Keeping
Introduction
This unit summarises the demands of Schedule 3 and the Commission’s requirements for record keeping and provides advice of countering threats of ML and FT operations.
Record keeping is a vital component required by the Commission. It helps financial evaluation and supports the exclusion of criminal capital proceeds from the fiscal system. However, cases that end up within the fiscal system are detected and confiscated by legal and enforcement agencies. Where legislation authorities or compliance officers resident in the Bailiwick or elsewhere cannot detect or trace criminal activities due to inefficient records, it becomes difficult to prosecute, prevent and reduce their activities. Similarly, if the capital used to fund terrorist activity cannot be tracked via the fiscal system, then the destinations and sources of terrorist funding will not be recognizable.
Adequate record keeping can be crucial to facilitate effective oversight, permitting the Commission to oversee compliance with the company with its constitutional duties and supervisory requirements. Record keeping supplies proof of completed task and operations to comply with statutory duties and regulatory demands. Such obligation permits the firm to provide regular updates of its assessment documents, press statements and reports. The threat assessment reports must be transmitted to competent national authorities in accordance with the provisions of Schedule 3 and the Channel Islands Handbook.
To ensure strict adherence and compliance with the provisions of the Channel Island Handbook, firms shall have strategic and effective procedures and controls mechanisms to maintain regular updates of confidential files, retained and stored in accessible databases.
Business Links and Client Records
In accordance with the provisions of Schedule 3 and the Commission’s requirements, the firm shall preserve and maintain:
- All trade files (as detailed at Section 16.3), business risk evaluations, and CDD controls or data.
- Photocopies of all listed documents for reference purpose.
To comply with the provisions of the Commission and Schedule 3 concerning threat assessment records, investment risk evaluations and CDD controls, the company must maintain the following documents:
- Copies of this identification information obtained to verify the identities of customers and investors.
- Copies of the risk assessments report completed according to Paragraph 3(4).
- Copies of any client documents account and business correspondence and data concerning the business contract. The firm shall produce all relevant documents concerning the risk analysis and its outcome.
- Detailed information about the firm’s threat assessment analysis.
The minimum retention time for the CDD data is:
- Five years beginning from:
- The date where the client signed an investment agreement with the organisation
- The date where the client completed an investment operation and trade with the company.
Transaction Records
Under the provisions of the Commission, the firm shall keep records of each trade with customers such as amounts and methods of transfers involved in the trade and this type of document shall be known as a ‘trade record.’
In accordance with the provisions to safeguard transaction records, trades completed on behalf of a client in the class of business should be listed by the company. In each case, sufficient data must be recorded to facilitate effective monitoring and prosecution when the need arises.
As part of its modalities to keep records of each transaction, the firm shall include:
- The title and address of both the client and the beneficial investor.
- The value, amount and currency of each trade
- The profile title and reference number where it could be identified
- Particulars of the counterparty, such as account details
- The nature of the trade or business transaction.
- The effective date and time of each transaction.
Records about unusual, intricate trades and higher-risk transactions must comprise the Company’s own testimonials of these trades.
In accordance with the provisions of the Commission, the retention of traction records shall be:
- A period of five years beginning from the date of each transaction and the time of completion.
- Where the time for each transaction exceeds five years, the Commission shall give approval for a time extension.
In accordance with the provisions of Schedule 3, where the company is mandated to offer trade documents or CDD measures to customers prior to the conclusion of their minimum retention period, the company will:
- Maintain and keep a photocopy of the trade record or CDD data until the interval has elapsed.
- Keep a register of trade files and CDD data used during the business contract.
Wire Transfers
The provisions of Schedule 3 stipulates that a payment service provider (PSP) of the payee shall maintain records of transactions obtained from the payer for five years beginning from the date of the payment transaction and transfer of funds.
External and Internal Disclosures
In accordance with the provisions of Paragraph 14 of Schedule 3, the company must maintain records of all internal disclosures transmitted to MLRO or the nominated officer. The firm shall also maintain all external disclosures made in accordance with the provisions of the Terrorism Law.
In sustaining the provisions of Schedule 3 and the guidelines on disclosures, the firm must maintain:
- Internal disclosure along with any supporting files
- Documents of activities for internal and external reporting needs
- Proof of transactions and inquires obtained for such disclosure
- Records where the MLRO enforced recommendations based on the treat assessment of ML and FT activities, but has not made external disclosures to the FIS.
- Records where external disclosures were announced and evidence of such pronouncements and copies of relevant information passed into the FIS.
Along with the aforementioned, the company shall maintain a register comprising of internal and external made to the FIS. As a minimum, the firm shall include:
- The date and time of such internal disclosure were obtained from the MLRO.
- The title and name of the compliance officer submitting the internal disclosures.
- The date the disclosure was made to the FIS.
- The title of the person who filed the disclosure into the FIS (where appropriate)
- The value of this trade or action subject to this disclosure (where accessible).
- A benchmark from which supporting evidence of such disclosure is recognizable.
- Date and time of additional information and updates filed and transmitted to the FIS.
In accordance with the provisions of Schedule 3 and the Channel Islands Handbook on the stipulated retention time is five years beginning from:
- The date the business transaction was terminated (where it relates to internal or external disclosures).
- The date and time such transaction or business operation was completed (where it relates to internal or external disclosures).
- The activity or event that created such business disclosures, whether internal or external announcement.
Coaching Records
In accordance with the provisions of the Channel Islands Handbook and Schedule 3, the firm must maintain records of training conducted by the board under Paragraph 13 of Schedule 3 for five years beginning from the date such training was completed.
In accordance with the provisions of Paragraph 14 of Schedule 3 that mandates the board to maintain records of AML and CFT training, the company has to list the following at a minimum:
- The dates coaching was supplied.
- The essence of this practice.
- The titles of workers who received instructions and training.
Business Risk Assessments
In accordance with Paragraph 14 of Schedule 3, the company shall maintain photocopies of its risk assessments completed under Paragraph 3 of Schedule 3 five years after the date in which they ceased to become operative.
Strategies, Approaches, Controls and Compliance Tracking
In accordance with the provisions of compliance tracking, the firm shall maintain documents, reference guide and other relevant materials until:
- The expiry period of five years beginning from the date such operation was finalised.
- Such materials or documents are superseded new updates in accordance with the provisions of Schedule 3.
To satisfy the needs Paragraph 14 and the requirements of Schedule 3, the company shall maintain:
- Reports created by the MLRO and MLCO for the board and other officials.
- Records or documents of the board’s consideration of these reports and actions taken.
- Records created by the company or from other parties about the firm’s compliance with Schedule 3 and the provisions of the Channel Islands Handbook.
Closure or Transfer of Company
Where the company terminates agreements or associations with clients, the board must comply with the record-keeping requirements of Schedule 3 and the Channel Island Handbook.
Ready Retrieval
In accordance with the provisions of Schedule 3, reports, threat assessment sheets and CDD measures shall be stored in a format that is easily retrievable.
The company must review the ease of recovery and condition of online and paper retrievable records.
In accordance with the provisions of Schedule 3, reports, threat assessment sheets and CDD measures stored according to Schedule 3, must be transmitted promptly to:
- An auditor or accountant
- To an enforcement officer, the FIS, the Commission or individual, where these files or CDD data are needed in accordance with the provisions of Schedule 3 and other appropriate enactments.
The company must consider the consequences for fulfilling the needs of Schedule 3, where third parties, like outsourcing structures or an introducer, hold documentation and threat assessment data.
The company should not enter into outsourcing agreements or rely on third parties to keep threat assessment documents or reports where these records are very likely to be limited.
Where the FIS or other competent authority requires sight of documents, in accordance with the provisions of Schedule 3 or other enactments, the company must run a detailed analysis of such documents and provide explanations to the FIS or alternative, competent jurisdiction.
Storage Forms
The record-keeping requirements will be similar regardless of the layout in which the documents are kept or whether the transaction was undertaken by electronic or paper means.
Records can be kept:
- By means of original records;
- By means of photocopies of documents (accredited where appropriate)
- On microchip
- As a scanned document
- In a system or digital device (cloud storage).
Using technologies to collect or store info and files does not change the provisions and obligations as stipulated in the Channel Island Handbook.
Where the company adopts a digital way of collecting identification information, such as applications and PDAs as established in Section 5.6 of the Channel Islands Handbook, the board should include within its risk evaluation and assessment of the criteria for its retention of files. This test permits the firm complies with the provisions of Schedule 3 and the Channel Islands Handbook.
Transitional Provisions
Introduction
This section details the steps to be executed by the company to change compliance or requirements under the Criminal Justice systems as amended by the Commission and the Channel Island Handbook. The section highlights deadlines where these revised controls must be executed.
In accordance with the provisions of the Criminal Justice Act, the requirements of Schedule will be effective from March 2019.
To facilitate the change to a new regime, a tiered method to the inspection of existing trade relationships was supplied, permitting the company to upgrade its investment risk evaluations and CDD data as part of its monitoring and CDD initiatives.
This section covers specific areas of Program 3 and the Commission rules where material modifications are made to the provisions of the previous establishment. The company should verify existing information under Schedule 3 and this manuscript to evaluate the scope of changes necessary for implementation.
Trade Risk Assessments
As identified in the Channel Islands Handbook, a risk-based strategy begins with the identification and evaluation of threats that must be assessed and managed. Consideration of this information obtained as a member of the company’s ML and FT risk evaluations will allow the company to evaluate the right controls necessary to mitigate and manage the risk factors.
In accordance with the provisions and obligations of the Channel Island Handbook, the firm shall conduct appropriate and adequate ML threat assessment and a suitable FT business hazard evaluation, which can be unique to the company. These reforms shall be implemented after March 2019.
To satisfy the provisions of Paragraph 3 and the Channel Islands Handbook, the company must examine its current threat assessment to ensure it includes appropriate, sufficient and different assessments of ML and FT vulnerability to the company.
In accordance with Paragraph 17.6:
- The company shall examine its business enterprise risk assessment and revise its ML and FT assessments as accepted by the board by May 2020.
- The decisions of this Bailiwick’s NRA must be considered in subsequent reviews in accordance with the mandate of the Commission.
Policies, Strategies and Controls
As part of its procedure for an effective risk-based strategy, the guidelines, controls and actions invented and employed by the board shall be determined by the threat assessment of ML and FT activities. The strategies, controls and procedures of the firm must be assessed differently with its investment risk evaluations to ensure that changes in the professed vulnerabilities are handled and managed by its controls.
In accordance with the provisions of the Channel Islands Handbook, the company shall evaluate its controls, strategies and policies after March 2019 to ensure that its parameters and measurements remain potent and appropriate.
For the purpose of paragraph 17.10 and in accordance with the provisions of the Commission:
- The company must have examined and revised its policies, processes and controls before May 2020.
- The decisions of this Bailiwick’s NRA must be considered as part of the company’s review of strategies, processes and controls.
In assessing its strategies, processes and controls, the company should ensure the board mitigates threats arising from the revised company risk assessments. The following examples can be applied but not limited to:
- Client take-on processes: To make sure that any modifications necessary to the investment risk assessment are considered with alterations to CDD information required for its clients.
- Employee teaching contracts: To ensure that revised threats identified as part of the evaluation process are communicated to workers, with the company’s risk appetite and tolerance.
- Screening/monitoring devices utilised to identify PEPs: To ensure that national and foreign PEPs are flagged when detected.
In accordance with the provisions of Schedule 3 and the Channel Islands Handbook, the firm shall maintain its controls and procedures under the FSB or PB Regulations.
Money Laundering Reporting Officer
In accordance with Paragraph 12 of Schedule 3, the company shall appoint an individual of management Degree to act as the MLRO. The board shall supply the name and email address of the individual within fourteen days beginning from the date appointment. The board must transmit such decisions to all employees and reveal the MLRO during its meetings.
Paragraph 12 of Schedule 3 provides that an individual who acts as the MLRO under Part III of the FSB Regulations is appropriate to act as the MLRO.
Where the company’s MLRO appointed in accordance with the provisions of the FSB or PB Regulations declines the job under Schedule 3, the company must notify the Commission and the FIS.
Notifications to modifications or changes in the MLRO portfolios shall be transmitted via the Commission’s online portal.
Money Laundering Compliance Officer
In accordance with the provisions of Paragraph 15 and requirements of the Channel Islands Handbook, the firm shall appoint a compliance officer of management degree as the MLCO and supply the name, title designation, email address and other relevant details to the Commission via its portal within fourteen days beginning from the date of appointment.
Additional information on the function of this MLCO, such as the demands of this portfolio may be located in Section 2.8.1 of the Channel Islands Handbook.
The board of this company must ensure that an acceptable MLCO is chosen by March 2019 and the Commission shall be informed of the placement and changes by April 2019.
Notification of an individual’s appointment for the post of MLCO must be made through the Commission’s Online PQ Portal.
It is important to note that under the provisions of Schedule 3 as stipulated in by the Commission in the Channels Islands Handbook, an individual who retains the portfolio as an MLRO may likewise be appointed as the company’s MLCO.
Business Relationships
In accordance with Paragraph 4, the company shall ensure that the CDD steps established in Paragraph 4 of Schedule 3 have been applied to all business relationships before the enactment of the new regime:
The firm shall keep accounts accordingly, to allow the board to meet the requirements of Schedule 3 and Commission Rules as stipulated in the Channel Islands Handbook.
The company must enforce relationship threat assessment and CDD controls of Schedule 3 with the provisions of the Handbook, including the use of improved steps as required to existing business transactions at the appropriate time based on the risk threshold. The provisions permit the company to apply relevant factors instead of adhering to a ‘tick box’ implementation.
The review of business risk evaluations and CDD data in accordance with the provisions of Schedule 3 and the Channel Islands Handbook must be carried out at appropriate occasions while considering if any CDD steps have already been applied and the adequacy of the identification information obtained.
Notwithstanding the aforementioned, the board shall ensure that all investment relationships ranked high risk shall be reviewed by 31 December 2021.
In conjunction with Paragraph 8 of Schedule 3, as a part of reviews conducted by the company in compliance with the provisions of the Commission, the company must take measures deemed essential to address risk assessments with effective CDD measures.
Where, after a review, the company has concluded that the threat of a business contract has not been altered and believes the enforced CDD data validates the identity of and mitigates the risks associated with the client in accordance with the provisions of paragraph 11.43 the company is not obliged to re-verify the client’s identity.
When deciding whether it is crucial to collect additional CDD info, the company should inspect and research if existing documents include the mandatory items. The company might have had a business contract for years and therefore hold substantial information about the client. In these situations, research must be undertaken to explain if it is an issue of collating documents before approaching the client.
Where the company has concluded the CDD data held is not sufficient to allow compliance with schedule 3 and the provisions of the Commission, the company should consider the materiality of additional information and documentation required and if compliance can be accomplished through alternative ways. Such alternative means could be via using databases or confirmation tools to supply extra identification information or corroborate any identification information stored.
Where the company holds accredited identification information that was obtained before the new law regime, and the company is satisfied with the authenticity of this identification data the certificate supplied, the company is not required into re-certify (or search recently licensed ) identification information.
CIS: Nominated Company for Investor CDD
In accord with paragraph 4 and provisions of the Commission, CIS authorised or enrolled by the Commission should nominate a company accredited under the POI law to be accountable for the CDD steps of investors under the CIS.
According to Commission’s rule, the nominated company should classify investors under the CIS as its clients and address them according to with the needs of schedule 3 and the provisions of the Channel Islands Handbook.
Where a CIS has been empowered and mandated by the Commission, the nominated firm has to inform the Commission from the 2019 it has been chosen for its operations.
As a channel of informing the Commission of the company’s nomination with a CIS, a form eligible ‘notification of the business’s nomination for investor CDD’ shall be made accessible through the Commission’s online submissions.
Legal Clients and Legal Engagements
Introduction
This section highlights the requirements as a minimum standard of compliance for a legal investor or legal arrangement which acts as a component in the firm’s business.
- A client
- The beneficial investor of the client
- An authorised investor or lawful contract purporting to act on behalf of the client.
- An authorised investor or legal contract that empowers or authorises the client to act.
The identification and confirmation provisions for legal investors and legal engagements are not the same as those for natural men. While a legal investor or endorsement includes a legal standing that may be confirmed, business contracts or trade agreements between an authorised investor and legal arrangement must contain natural persons such as beneficial investors. This chapter must, therefore, be read along with chapters 5 and 4 that enforce CDD controls to be implemented to natural persons acting for or on behalf of or associated with, a client that is an authorised person or lawful endorsement.
A legal investor or client describes a person, other than a natural person that can be classified as someone for restricted legal functions. By implication, a legal investor can sue and be sued. Such individual can manage properties and sign contract agreements in its right. This may include businesses, corporate foundations, institutions or other comparable entities that are not legal agreements.
Legal arrangements do not have independent legal personality and so form business connections via their trustees in accordance with the provisions of the Commission the trustee of this trust enters a business contract or trade agreement on behalf of the trust and should be considered with the trust as its customers.
There is an array of trusts and other comparable structures, which range from large, national and globally active organisations with a higher level of public examination and transparency established for wealth management functions.
Under the provisions of the Commission, the firm is authorised to apply measures to mitigate the abuse of legal persons and legal contracts for ML and FT activities. When establishing a business threat assessment, the company must consider a wide range of ML and FT operations based on its dimensions, scale, action and construction. The firm must evaluate the impact or influence these legal persons or legal contract may create. Complex transactions or anonymous agreements may pose higher risks, which attracts detailed analysis to ascertain a suitable risk classification.
Based on the results of its threat assessment, the company shall consider how the client and other authorised persons or legal agreements that fall within the provisions of the Commission should be recognised and how the classification data should be improved where necessary.
Where the company functions as resident representative for a legal person in Bailiwick, its operations are subject to the BOL and BOR requirements.
Transparency of Beneficial Proprietorship
It is critical that the company has detailed image of its client, such as natural persons with possession or control within the client’s affairs. The firm shall recognise various legal duties fall within the provisions of the Bailiwick and whether the authorised person or lawful investment has been abused for criminal purposes. As financial fraud legislation, such as tax laws have become more complex, investors have devised fraudulent ways and structures to conceal the true ownership of many business investments and operations.
When applying CDD steps on customers who are legal investors or authorised agreements in accordance with the provisions of Schedule 3, the firm is mandated to enforce effective measures to validate the identification of the beneficial investor that acts as an authorised person or legal arrangement.
The definition of the proprietor in the context of authorised investor should be distinguished by the theories of legal possession and management. Legal possession means the legal individual (s) who based on law own the authorised individual. However, legal control or management refers to the capacity to make decisions within the authorised individual. For example, managing or controlling a large volume of shares.
A vital element of this definition of proprietor is that it transcends lawful possession and management and focusses on supreme (real) possession and control. the definition describes the natural (not authorised) investor that really possess the assets or capital of the authorised individual, in addition to the ones who actually exert powerful control over it (whether they occupy formal positions within the legal person), rather than the legal or natural persons that are lawfully qualified to do so.
In the context of trust, beneficial investor includes natural persons receiving benefits from the trust and people linked with, or have control over, the trust’s trade investments. The context includes the trustee, enforcer, guardian and selector.
In accordance with the provisions of Schedule 3, the firm will shall investigate the ownership and management structure of the client.
When applying measures to verify and investigate the true ownership and management structure of a client in accordance with the provisions of the Commission, it is not compulsory to investigate all legal owners or lawful arrangement associated with the business contract. However, the company must adopt measures to assemble sufficient information regarding the identification of third parties and to enable the board identify customers falling within the description of legal persons and to ascertain whether the third party investor issued bearer warrants.
Where the firm exercise it powers to verify and identify legal persons or legal investments, it must do so in accordance with the requirements of the Commission and the Channel Islands Handbook.
Where a business contract or trade agreement between an authorised person and legal agreement poses a higher threat and/or requires the use of enhanced controls, the company should consult with the provisions highlighted in chapter 8 of the Channel Island Handbook.
Measures to Control Shareholders
The use of shareholders provides avenues of concealing the ownership and management of an authorised person or lawful arrangement. To minimise the threat of supplying services or products to a client utilising such arrangements, it’s crucial that lawful and beneficial ownership is listed thoroughly and appropriate steps are required to establish the authentic identity of these individuals with ultimate possession and management of a client.
The company must have proper and effective methods to prevent the abuse of nominee investors or shareholders. The board shall ascertain whether a shareholder has nominee investors and the capacity to identify and apply enhanced measures to determine the identity of investors who control the legal individual or legal arrangement.
Where the company identifies the client is an authorised person with shareholders or managed by legal investors with customers, in accordance with the provisions of the Channel Islands Handbook, the board shall enforce enhanced control procedures as stipulated by the Commission.
While classifying the owner of an authorised person or lawful arrangement, a nominee shareholder would not be regarded to control the client. The company must, therefore, look via the nominee shareholder and determine from whom decisions are being accepted by means of a nominee director and on whose interests the shares are held.
Nominee Shareholders
A nominee shareholder of an authorised person who retains the interest or shares of an authorised person on behalf of other customers. The identification of the actual beneficial owner(s) is not revealed to the register. In this example, the nominee shareholder shall not be classified as the beneficial owner.
Nominee shareholders may be used to conceal the beneficial ownership of an authorised person. A natural person may proactively maintain a vast majority interest in an authorised individual through nominee investors as each may hold a minimum interest and therefore camouflage the identity of the natural person that truly holds effective management and control.
To mitigate threats posed by nominee investors, the requirement of acting as a shareholder must be subjected to the provisions of the Channel Islands Handbook and the requirements of the Commission. Similar strategies have been adopted in several regulation and laws to mitigate the threats of fraudulent beneficial owners.
Nominee Directors
A nominee director is a natural client that acts on behalf of another client.
A nominee director, therefore, cannot be regarded as the proprietor on the premise they are used by another client who will finally exercise effective control within that legal individual.
Measures have been taken to counter the threat of legal persons acting as nominee manager by requiring those who supply or behave as a manager must be accredited under the fiduciaries law and consequently subject to the needs of schedule 3 and the Commission rules within the Channel Islands Handbook. However, the company shall be alert concerning legal persons from different authorities for signs that a manager may be performing on the directions of another individual.
Factors that might imply a client is authorised to act on behalf of an undisclosed party may include:
- Where the customer’s qualifications are inconsistent with the authorised person’s action and goal
- Where the person holds other unrelated board appointments.
- Where it shows the manager may be taking directions from a different person whose connection with the legal person is uncertain.
Legal Persons
Confirming the Identity of Legal Persons
Where an authorised person is an integral associate in a business contract, the company must identify and confirm the identity of the legal person (or require effective strategies to perform the test in accordance with the provisions of the Commission. As a minimum, the firm shall obtain:
- The title of the authorised person, such as any names
- The lawful form and regulation to which the authorised individual is subject
- The date, country, or territory of all amalgamation, registration and formation (as important).
- The address of official buildings and key officials.
- The titles of those natural persons with a senior management position from the legal individual.
The non-exhaustive list provides illustrations of files considered appropriate to confirm one or more components of the individuality of an authorised person:
- A photocopy of the certificate of merger.
- A photocopy of the MOU or articles of merger.
- A photocopy of its financial statement.
- A photocopy of its fiscal returns
- A photocopy of the register of supervisors.
- A photocopy of the register of investors.
- A business registry, containing affirmation that the authorised person has not been dissolved or dismissed.
- Separate data resources, including electronic databases.
- A photocopy of the board’s resolution authorising the creation of accounts and documenting the accounts signatories
- A private trip to the main location of business associates and participants officers.
Where the files obtained are duplicates of the originals, the company should consult with the provisions of the Commission and the Channel Islands Handbook.
In trying to recognise and verify the titles of those natural persons with senior positions according to Commission’s rule, the company should gather information on the identity of directors of the authorised person or equal positions who enforce binding obligations on an authorised investor, such as authorised signatories, and confirm the authenticity of such positions.
Where more than one supervisor acts for and on behalf of some associates, such clients must be verified and classified in accordance with the provisions of the Commission. When such exercise s conducted via a cooperate manager acting for an authorised person, the company should identify and confirm the titles of those directors and determine the profile of customers who are representing the corporate manager acting for the authorised individual. Where a client empowered to act on behalf of a natural person is conducting its activities in the course of employment, the is not compulsory to verify the identity of the individual, provided that confirmation was obtained from the legal person the client is authorised to manage.
33. In most cases, not all supervisors of an authorised person will be acting with a transparent. For such examples, the company shall recognise and confirm the person holds the purported position, but when this individual does not act for the authorised individual in an executive capacity from the relationship with the company, the board should not recognise the identity of the director.
Introduced Business
Introduction
An introduced business or trade is a formal agreement where an Appendix C firm acting on behalf of more than one customer establishes a company relationship or undertakes a trade using a specified company on behalf of the client. Introduced investments or trades could be on behalf of one client or a pool of clients.
An investment relationship created by an introducer on behalf of its clients is termed a pooled relationship.
This section does not accept outsourcing agreements. Under an introducer contract, investors or third party associates must adopt its own processes to execute the CDD steps for its clients. The procedure contracts with the outsourced relationship in which the outsourced supplier is seen as a member of the assigning firm, using the assigning company’s CDD steps in agreement with its processes and subject to supervision and management for the implementation of these processes by the assigning firm.
Risk Exposure
Introduced investment or agreements have a higher risk threshold. Since the process relies on third-party agents or associates to apply CDD steps to mitigate the threat of this company being included in ML or FT activities. While the company is authorised to show detailed information regarding its client, the board places dependence on a third party to confirm the identity of the client and valuable owner, and to keep evidence of this affirmation.
The company must recognise the higher threat created by the introduced agreement and ensure that its consideration is documented within its risk examinations.
Besides a justification of the threats recognised, the company’s investment risk assessments must include an outline of strategies, processes and controls created to mitigate and handle such vulnerabilities.
The company needs to consider, for every company relationship or trade, whether it will be appropriate to rely on a certification of its threat assessment by an introducer in accordance with the provisions of the Commission.
The responsibility of complying with all the applicable provisions of paragraph 4 shall stay with the company.
Creating an Introducer Relationship
As represented below, the company may take a written verification of identity along with other records for the introducer provided that:
- The company collects photocopies of identification information and other pertinent documentation on the identity of valuable owners to be made accessible by the introducer upon request.
- That the introducer retains such identification info and files.
In accordance with the requirements of Schedule 3, the terms of an introducer as mentioned above include:
- An Appendix C firm.
- An international branch division of legal individuals or legal agreements as the company.
Testing
The company must have an organised plan of testing to make sure that, an introducer can match the requirement that certified photocopy it gathered would be supplied to the company. This may involve the company embracing procedures to ensure it has the capacity to acquire such identification information.
The testing program shall be risk-based and proportionate with the threat vulnerability, size and scope of the introduced client. The program must provide proper and adequate assurance it may continue to rely on the introducer to supply identification documents on request. In accordance with the provisions of the Channel Islands Handbook, introducers with higher risk threshold must be prioritised to ensure compliance with the provisions of the Commission.
Notwithstanding the aforementioned, the company shall set a minimum period in which introducers would probably be subject to intermittent testing and document its findings within the testing process.
The scope of the testing performed must include confirmation that the data received from the introducer containing details regarding the identity of the inherent client is valid, authentic and reliable. This permits the company to ascertain if it desires to rely on the arrangement or seek additional data on introducer regarding the client or related principals.
Where the company is not convinced the introducer has adequate policies and processes to maintain records or offer evidence of these documents, the board must employ CDD steps according to paragraph 4 for this client, including the valuable owner and shall consider the thought to terminating its connection with the introducer.
Termination
Where an introducer terminates its connection with an introduced client, the company should consider how it would continue to keep compliance with its CDD duties for that client and related principals.
Differences between both Handbooks
There are differences in the obligations of both handbooks. The Guernsey AML Handbook and the Jersey AML / CFT Handbook for regulated financial services business specified scenarios to implement CDD, ECDD and SCDD measures.
- The requirements differ with the physical presence of the customer or client. The Jersey Handbook mandates that the absence of the client will invoke CDD or ECDD measures.
- The Jersey AML/CFT Handbook has a code of practice requirements, while the Guernsey AML Handbook does not include the code to practice.
- The Guernsey AML Handbook did not specify obligations for Business insurance firms. The Jersey Handbook provided requirements for business insurance.
- It should be noted that all other obligations are the same.
Summary Checklist for CDD Obligations and CDD Trigger Events
The scenarios to apply CDD measures shall be followed in accordance with the provisions of the Commission. The board shall apply CDD, ECDD, and SCDD measures to:
- Clients not physically present for the verification process
- Non-resident clients
- Politically exposed persons
- Clients with personal banking solutions
- A client with private asset holding vehicle
- Clients liked with high-risk countries.