GOOD NEWS, LOW-RISK JFSC SUPERVISED DIRECTORS [and other low-risk persons] – you don’t need a BRA or STRATEGY 😊

It is a requirement under section 2.3 of the JFSC AML/CFT CoP in the Handbooks that the board and/or senior management must conduct and record a BRA.

For a low-risk JFSC supervised directors [NED], remember the JFSC says:-

• Where a supervised person is not a company but is a sole trader, “the board” will be the sole trader. [https://www.jerseyfsc.org/media/7584/section-2-clean-20240507.pdf ]

However, in a recently published Sound Business Policy [Issued 01 November 2014/Last revised 23 October 2025], the following is highlighted in 2.6

• “ALL FINANCIAL SERVICES BUSINESSES REGISTERED WITH THE JFSC FOR FINANCIAL CRIME PURPOSES ARE REQUIRED TO COMPLETE A CUSTOMER RISK ASSESSMENT AND A BUSINESS RISK ASSESSMENT (UNLESS EXEMPTED BY LEGISLATION^[8]).
• IN BOTH INSTANCES, THE AML/CFT/CPF HANDBOOK HIGHLIGHTS THAT CONSIDERATION SHOULD BE GIVEN TO THIS SBP WHEN COMPLETING THESE ASSESSMENTS.”
• ^[8] = “[8] RELEVANT PERSONS THAT MEET THE CONDITIONS CONTAINED IN THE PROCEEDS OF CRIME (LOW RISK FINANCIAL SERVICES BUSINESS) (JERSEY) ORDER 2024 ARE NOT REQUIRED TO COMPLETE A BUSINESS RISK ASSESSMENT.”
• SOURCE
• https://www.jerseyfsc.org/industry/guidance-and-policy/sound-business-policy/

Based on the above, you will also not need a Strategy

• As required within the AML/CFT CoP in section 2.3 of the Handbooks, a formal strategy must be established by the board/senior management to counter ML and TF, based on its BRA

[COMSURE WARNING:- Sound Business Policy is a JFSC registry document and not a JFSC supervisory document so it may be worth checking with the JFSC that what is said is true]

If the exception is correct the BAD news  it seems you will still need:-

• A RISK APPETITE STATEMENT

Further guidance on the Statutory and code requirements for Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Business Risk Assessment (BRA) and strategy is found below.

The board/senior management must

• Conduct and record a BRA

and

• must consider, on an ongoing basis,
• Its RISK APPETITE and the extent of its exposure to ML and TF risks “in the round” or as a whole by reference to
• Its organisational structure,
• Its customers,
• The countries and territories with which its customers are connected,
• Its products and services, and
• How it delivers those products and services to its customers

Statutory and code requirements for Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Business Risk Assessment (BRA) and strategy

• The AML/CFT BRA and strategy are key controls to establish a robust risk management framework in the prevention and detection of money laundering (ML) and terrorist financing (TF).
• Our thematic examinations will review the extent to which supervised persons have undertaken an assessment of their exposure to ML and TF and documented a resulting strategy to counter it.
• Our AML/CFT regime is risk-based and therefore intended to be tailored to the vulnerabilities and threats relevant to a particular supervised person. If a supervisor has not adequately assessed its inherent risks, then the strategy set and the systems and controls designed in response may not be effective in mitigating risk.

1 Helpful information

• Below we have detailed the statutory requirements set out in the Money Laundering (Jersey) Order 2008 (Order) and the code of practice requirements (AML/CFT CoP) (statutory and AML/CFT CoP requirements) set out in the relevant AML/CFT Handbooks for the Prevention and Detection of ML and TF (Handbooks), related to this theme.
• The Guidance Notes (guidance) detailed in section 2.3.1 of the relevant Handbooks present a way in which a supervised person can demonstrate compliance with the statutory and AML/CFT CoP requirements. The application of the guidance will indicate that a supervised person complies with the statutory and AML/CFT CoP requirements.
• A supervised person may adopt other appropriate measures to those set out in the guidance, so long as they can demonstrate that such measures also achieve compliance with the relevant statutory and AML/CFT CoP requirements; they will need to explain how the alternative measures adopted comply.
• This may be more difficult to demonstrate if the alternative method is similar to the measures outlined in the guidance but lacks some of the key features. 
• It may be easier to demonstrate where the alternative measures have extra or additional features that can be evidenced as being equally effective.

2 AML/CFT business risk assessment

• The AML/CFT CoP contained within section 2.3 of the Handbooks details the board/senior management responsibilities in respect of the AML/CFT BRA:
• The board/senior management must conduct and record a BRA. In particular, the board/senior management must consider, on an on-going basis, its risk appetite, and the extent of its exposure to ML and TF risks ‘in the round’ or as a whole by reference to its organisational structure, its customers, the countries and territories with which its customers are connected, its products and services, and how it delivers those products and services.
• The assessment must consider the cumulative effect of risks identified, which may exceed the sum of each risk element. The board’s assessment must be kept up to date.
• Guidance provided in section 2.3.1 of the Handbooks details how the board/senior management may demonstrate that it has considered its exposure to ML and TF risk.

A comprehensive assessment of risk will involve all members of the board/senior management and include consideration of the following factors, as appropriate to the business:

• Organisational factors
• Nature, scale and complexity of the business
• Diversity of operations (including geographical diversity) and associated risk
• Transactional volume and size
• Customer risk
• Country risk
• Product, service and delivery risk
• Accumulation of risk for more complex customers.

Risks relevant to the business will be identified, including those related to the jurisdiction(s) in which the company operates, as well as its products, services, and customers. This consideration of risks will be bespoke to the business model, the operational structure and the relevant external environment. 

As part of its assessment of the identified risks, the board/senior management will consider whether there are any barriers to the effective operation of systems and controls to counter ML and TF risks that need to be addressed.

The board/senior management will consider its exposure for ML and TF risks on an ongoing basis, with the BRA kept up to date. Guidance in section 2.3.1 of the Handbooks states that the board/senior management may demonstrate this by undertaking an annual review.

However, it may be appropriate to do this more frequently, particularly when there are material changes in the internal or external environment that may affect the ML and TF risks, or when weaknesses are identified in the mitigating controls.

As detailed in section 10.4.1 of the Handbooks, under the AML/CFT CoP requirements, a supervised person must retain superseded BRAs and records of cultural barriers for 5 years.

3 AML/CFT strategy

• The AML/CFT CoP contained within section 2.3 of the Handbooks additionally requires that, based on its BRA, the board/senior management must establish a formal strategy to counter ML and TF risk.
• The strategy will be an ongoing action plan to counter the ML and TF risk within your business, focusing on the risks identified and the systems and controls in place to mitigate those risks.

4 Statutory and AML/CFT code of practice requirements

• Article 11(1) of the Order
• A supervised person must maintain appropriate and consistent policies and procedures relating to, among other things, risk assessment and management.
• AML/CFT CoP in section 2.3 of the Handbooks
• Board/senior management must conduct and record a BRA, considering risk appetite and extent of exposure to ML and TF risks on an ongoing basis.
• Based on the BRA, the board/senior management must establish a formal strategy to counter ML and TF.
• Board/senior management to take into account the conclusions of the BRA and strategy to organise and control its affairs to effectively mitigate identified ML and TF risks, and demonstrate systems and controls to counter ML and TF.
• Board/senior management must consider and address barriers (including cultural barriers) to the effective operation of systems and controls to counter ML and TF risk.
• A supervised person must maintain appropriate policies and procedures to enable it, when requested by us, to make available to that authority a copy of its BRA.
• AML/CFT CoP in section 10.4.1 of the Handbooks
• A supervised person must retain BRAs for a period of five years after the end of the calendar year in which it is superseded.
• A supervised person must retain a record of barriers for a period of five years after the end of the calendar year in which a matter is considered.

5 Guidance notes

• Guidance within section 2.3.1 of the Handbooks
• Guidance within the Handbook details ways in which a board/senior management of a supervised person may demonstrate that it has considered its exposure to ML and TF.
• Guidance within section 2.4.3 of the Handbooks
• Guidance within the Handbook details ways in which a supervised person may demonstrate the consideration of cultural barriers which might hinder the effective operation of systems and controls to prevent ML and TF.

6 Glossary

AML/CFT

• Anti-money laundering/countering the financing of terrorism

AML/CFT CoP

• Code of practice within the Handbooks

Board

• Board of directors of a supervising person (if applicable)

Business risk assessment / BRA

• As required within the AML/CFT CoP in section 2.3 of the Handbooks. The board/senior management must conduct and record a BRA, considering, on an on-going basis, its risk appetite and the extent of its exposure to ML and TF risks “in the round” or as a whole by reference to its organisational structure, its customers, the countries and territories with which its customers are connected, its products and services, and how it delivers those products and services.
• The assessment must consider the cumulative effect of risks identified and must be kept up to date

Customer

• A person with whom a business relationship has been formed or a one-off transaction carried out. Customer references also include, where appropriate, a prospective customer (a business applicant) with whom a business relationship is to be established or a one-off transaction carried out. A customer may be an individual (or group of individuals) or a legal person. May also be referred to by the Industry as a ‘client’

Financing of terrorism / terrorist financing / TF

• Refer to the definitions of conduct under the Terrorism (Jersey) Law 2002 and the Sanctions and Asset Freezing (Jersey) Law 2019. May also be referred to as terrorist financing

Guidance

• Guidance notes within the Handbooks

Handbooks

• Handbooks for the Prevention and Detection of ML and TF, comprising:
• Handbook for regulated financial services businesses
• Handbook for the accountancy sector
• Handbook for the legal sector
• Handbook for estate agents and high-value dealers

JFSC

• Jersey Financial Services Commission

Money laundering / ML

• Has the meaning given in Article 1 of the Proceeds of Crime (Jersey) Law 1999

Order

• Money Laundering (Jersey) Order 2008

Policies and procedures

• The way in which a business’s systems and controls are implemented into the day-to-day operation of the business

Risk appetite

• As required within the AML/CFT CoP in section 2.3 of the Handbooks. The board/senior management must consider its risk appetite to ML and TF risks on an ongoing basis

Strategy

• As required within the AML/CFT CoP in section 2.3 of the Handbooks. The formal strategy established by the board/senior management to counter ML and TF, based on its BRA

Supervised person

• Defined in Article 1 of the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008 as a registered or a regulated person, and covers all of those persons that are required to comply with the Order (referred to in the Order and Handbook as ‘relevant persons’)

Systems and controls

• A supervised person’s general framework to combat ML and TF

SOURCE

[Issued 11 March 2022] https://www.jerseyfsc.org/industry/examinations/statutory-and-code-requirements-for-anti-money-laundering-and-countering-the-financing-of-terrorism-amlcft-business-risk-assessment-bra-and-strategy/