Effective Business Risk Assessments

Under the various Codes of Practice issued by the Jersey Financial Services Commission (the “JFSC”) the Boards of regulated businesses are required to undertake and keep an up to date Business Risk Assessment (“Risk Assessment”). Based on the Risk Assessment the Board must consider, on an ongoing basis, its risk appetite, and the extent of its exposure  to money laundering and financing of terrorism risks taking into account its organisational structure, its customers, the countries and territories with which its customers are connected, its products and services and how it delivers those products and services. The Risk Assessment must be kept up to date and subject to review in response to changing internal or external events. Failing to compile a Risk Assessment or neglecting to keep it up to date places the business and/or principal persons at very real risk of regulatory sanction.

The Risk Assessment should be regarded as the foundation stone that needs to be put in place before a business strategy can be built around the Risk Assessment to counter the money laundering and financing of terrorism risks. As with any building work, inadequate foundations places all that follows in jeopardy. Effective policies and procedures provide the detail of how the risk of money laundering or financing of terrorism will be managed. Poor policies and procedures or failing to follow your own policies and procedures increasingly places both Principal Persons and Relevant Persons at risk of regulatory sanction.

The Codes of Practice require (not optional) Boards to undertake the following in relation to its Risk Assessment.

  • Organise and control its affairs in a way that mitigates the risks that it has identified, including areas that are complex.
  • Be able to demonstrate the existence of adequate and effective systems and controls (including policies and procedures) to counter money laundering and financing of terrorism.
  • The Board must document its systems and controls and clearly apportion responsibilities for countering money laundering and the financing of terrorism, particularly the role of the Money Laundering Reporting Officer (the “MLRO”) and the Money Laundering Compliance Officer (the “MLCO).
  • The Board must assess both the effectiveness of and compliance with systems and controls (including policies and procedures) and take prompt action necessary to address any deficiencies.
  • The Board must consider what barriers (including cultural barriers) exist to prevent the operation of effective systems and controls and must take effective measures to address them.

 

 

Cultural barriers to achieving effective compliance.

The JFSC has helpfully set out examples of what they regard as cultural barriers that might hinder the effective operation of AML systems and controls including,

  • An unwillingness on the part of employees to subject high value customers to effective CDD measures for commercial reasons.
  • Pressure applied by management or customer relationship managers outside Jersey upon employees in Jersey to transact without first conducting all relevant CDD.
  • A dismissal of information concerning allegations of criminal activities on the grounds that the customer has not been convicted or simply a lack of information to verify the allegations.
  • Actual practices applied by employees that do not align with policies and procedures.
  • Non-attendance of senior employees at AML training events.
  • Little weight or significance attributed to the role of the MLRO and MLCO.
  • A tendency for line managers to discourage employees from raising concerns.

 

The culture of the business will dictate how successful the business is in managing its AML/CFT, Regulatory and Reputational risks

From the annual reports published by the JFSC it is very clear that whistle-blowers troubled by the culture within a firm, are prepared to reach out to the regulator and provide a valuable insight into a troubled culture within a firm. Such information inevitably prompts the regulator to take a closer look at such a business often leading to the formal appointment of a reporting professional.

Board reporting on the effectiveness of AML/CFT systems and controls can be demonstrated by the following,

 

  • Frequency and quality of AML/CFT reports presented to the Board together with actions arising from such reports.
  • Reports to the Board from the MLRO and MLCO.
  • Reports to the Board on any JFSC publication, for example a feedback paper from themed examinations or lessons learnt from a JFSC public statement combined with a gap analysis.
  • The number and percentage of clients that have been assessed as presenting a higher AML/CFT risk.
  • The number of existing customers terminated due to CDD issues, along with reasons.
  • The number of existing clients that remain to be remediated.
  • Details of obliged persons or customers who fail to provide information or evidence on demand and without delay.
  • The number of alerts generated by automated ongoing monitoring systems.
  • The number of internal SARs made to the MLRO and the number submitted to JFCU.
  • Enquiries made or production orders received by either the JFSC, ECCU or JFCU.
  • Results from testing employee awareness with AML/CFT policies and procedures.
  • The number of exemptions granted to policies and procedures including at branches and subsidiaries along with reasons.
  • The number or type of employees who have received AML training and the nature of any significant issues arising from such training.

 

The above list is by no means exhaustive and should be regarded as the bare minimum level of reporting.

Baker Regulatory Services has the experience to enhance Business Risk Assessments and Board reporting on AML/CFT systems and controls thereby managing the risk of exposure to individuals and the business of breaching the Money Laundering (Jersey) Order 2008 and the relevant JFSC Codes of Practice.

 

Barry Faudemer, CEO

Our website uses cookies. By continuing to use this website you have consented to having cookies placed on your computer.

To find out more please read our cookie policy.