"ASK MAT: Is Third-Party Help for MLRO Roles a Smart or Risky Move in Jersey?"

"ASK MAT: Is Third-Party Help for MLRO Roles a Smart or Risky Move in Jersey?"

MAT SAYS: Thank you for such a great question.

• Comsure, as a regulatory advisory business, must navigate this question when helping its clients.
• The choices for using third parties include a regulated AMLSP (which can appoint an MLRO), and/or a lawyer/accountant, and/or a consultant with the arrangement structured as an internal one (e.g., through strict agreements treating the consultant as an extension of the firm) to mitigate tipping-off risks.
• What must be clear is that, except in the case of an AMLSP, the lawyer/accountant and/or consultant cannot fully assume the MLRO role (or DMLRO) and is only providing specialist support services
• What must be remembered IS THAT he supervised the firm, retains ultimate accountability for the systems and controls (and therefore any support arrangement), and the firm's MLRO (or DMLRO) for reporting

INTRODUCTION

• In Jersey's AML framework, third-party support services to a supervised firm's MLRO, such as advisory, administrative, or operational assistance with tasks like risk assessments, training, or SAR evaluations, can be provided by consultants without inherent legal prohibition, but the arrangement must comply with
• The Proceeds of Crime (Jersey) Law 1999,
• The Money Laundering (Jersey) Order 2008,
• The Terrorism (Jersey) Law 2002 (which addresses terrorist financing reporting obligations),
• The Sanctions and Asset-Freezing (Jersey) Law 2019 (which includes sanctions-related reporting requirements),
• The Proceeds of Crime and Terrorism (Tipping Off – Exceptions) (Jersey) Regulations 2014 (the "Tipping Off Regulations"),  
• JFSC's Outsourcing Policy (last revised December 2023 and effective from January 2024) and
• The JFSC  AML/CFT/CPF Handbook (that is effective today, along with the next update in May 2026)
• Core MLRO responsibilities, including final decisions on submitting SARs to the JFCU, cannot be fully delegated, and the firm retains ultimate accountability.

THE TIPPING OFF REGULATIONS

• The Tipping Off Regulations provide specific exceptions allowing information sharing (including SAR-related details) without committing a tipping-off offence under Article 35 of the Proceeds of Crime (Jersey) Law 1999 or equivalent provisions in the Terrorism (Jersey) Law 2002, provided the disclosure is made in good faith to prevent or detect money laundering or terrorism financing. These exceptions include:
• Internal disclosures: Between employees of the same entity (Regulation 3).
• Within financial groups: To entities sharing common ownership, management, or compliance control (Regulation 4).
• Between relevant persons: To another "relevant person" (as defined in the Money Laundering (Jersey) Order 2008, i.e., entities carrying on financial services business in or from Jersey or Jersey-registered entities doing so globally) if relating to a shared customer or transaction (Regulation 5).
• To supervisory bodies, Such as the JFSC, JFCU, or police (Regulation 6).
• By MLROs: To other employees for performing MLRO functions (Regulation 7).
• Additional general exceptions: Required by law, with JFCU permission, or to the firm's own MLRO (Regulation 2).

CONSULTANTS & AMLSP

• Regarding consultants and AMLSPs under these Regulations:
• AMLSPs are captured:
• As regulated entities supervised by the JFSC for providing MLRO services, AMLSPs qualify as "relevant persons."
• Sharing SAR-related information with an AMLSP falls under Regulation 5 if it concerns a shared customer (common in MLRO outsourcing, where the AMLSP acts for the firm's clients) or transaction.
• This supports low-risk outsourcing to AMLSPs, with the appointed MLRO based in Jersey and JFSC-approved.
• General consultants are not directly captured:
• The Regulations do not explicitly mention "consultants." If a consultant is not a "relevant person" (e.g., not carrying on regulated financial services business), sharing does not qualify under Regulation 5 or any other exceptions unless it falls within another category, such as being an employee (Regulation 3) or within the same financial group (Regulation 4).
• However, if the consultant is a lawyer or accountant providing services such as legal advice or audit-related work, separate protections under the Proceeds of Crime (Jersey) Law 1999 (Articles 30 and 35) and the Terrorism (Jersey) Law 2002 allow disclosures without tipping off, provided they do not further a criminal purpose.
• For non-regulated consultants, sharing sensitive information poses higher tipping-off risks unless mitigated by JFCU permission or by structuring it as an internal arrangement.

TIPPING OFF AND REGULATORY RISKS

• Tipping off occurs if information is disclosed in a way that alerts the subject of suspicion. To mitigate this:
• Information sharing should be limited to what's necessary, and any customer inquiries for more details (to evaluate a SAR) should be handled by non-MLRO personnel to avoid signalling suspicion.
• Regulatory risks. To mitigate this:
• Firms must document all such arrangements in their Policy and Procedures, Business Risk Assessment (BRA) and Compliance Monitoring Programme (CMP) process

TO MINIMISE LEGAL RISKS OVERALL:

• Prioritise using regulated AMLSPs for core support, ensuring contracts include confidentiality, data security, audit rights, and JFSC notification for material outsourcing.
• Alternatively, engage a lawyer or accountant for services such as legal advice or audit-related work, leveraging their specific disclosure protections under the Proceeds of Crime (Jersey) Law 1999 and Terrorism (Jersey) Law 2002.
• Where not using an AMLSP and/or lawyer/accountant, structure the arrangement as an internal one (e.g., through strict arrangements/ agreements treating the consultant as an extension of the firm) to mitigate tipping-off risks.
• Limit shared information to necessities, handle customer inquiries via non-MLRO staff, and document all arrangements in the firm's Business Risk Assessment (BRA) and Compliance Monitoring Programme (CMP).
• Risks are not zero; breaches could result in fines or prosecution, but proper structuring keeps them low. Seek JFSC guidance or legal advice for specific setups and monitor upcoming JFSC Handbook enhancements (effective May 2026) for any additional requirements.

CONCLUSION

• If structured correctly (e.g., via an approved AMLSP or compliant outsourcing agreement), the legal risks can be minimised to a low level. Still, they are not eliminated; regulatory breaches could lead to sanctions, fines, or prosecution.
• Supervised firms should consult JFSC guidance or seek legal and or specialist regulatory advice for tailored setups.

COMSURE CAN HELP

• If you are looking for compliance support, Comsure can help you.   
• For more information on how Comsure can help, email MATHEW@COMSUREGROUP.COM

References (Web Sources)

• [1] Proceeds of Crime (Jersey) Law 1999: https://www.jerseylaw.je/laws/current/l_8_1999
• [2] Money Laundering (Jersey) Order 2008: https://www.jerseylaw.je/laws/current/ro_20_2008
• [3] JFSC Outsourcing Policy: https://www.jerseyfsc.org/industry/guidance-and-policy/outsourcing-policy
• [4] JFSC AML Handbook: https://www.jerseyfsc.org/industry/financial-crime/amlcftcpf-handbooks
• [5] Anti-Money Laundering Services Provider (AMLSP) Guidance: https://www.jerseyfsc.org/industry/sectors/anti-money-laundering-services-provider-faqs-guidance-and-legal-notices
• [6] Joint Financial Crimes Unit (JFCU): https://www.gov.je/Industry/Finance/FinancialCrime/pages/agencies.aspx
• [7] Proceeds of Crime and Terrorism (Tipping Off – Exceptions) (Jersey) Regulations 2014: https://www.jerseylaw.je/laws/current/ro_101_2014
• [8] AMLSP as Relevant Persons: https://www.jerseyfsc.org/industry/sectors/anti-money-laundering-services-provider-faqs-guidance-and-legal-notices
• [9] Terrorism (Jersey) Law 2002: https://www.jerseylaw.je/laws/current/l_20_2002