In your BRA/CMP? The JFSC outsourcing policy for registered and supervised persons.

The JFSC outsourcing policy rules for registered and supervised persons should be in your BRA/CMP.

THE FOLLOWING IS A REMINDER OF THE KEY FEATURES OF THE JFSC OUTSOURCING POLICY RULES FOR REGISTERED AND SUPERVISED PERSONS

The Jersey Financial Services Commission (JFSC) has a detailed outsourcing policy that guides how Jersey financial services businesses should manage outsourcing arrangements.

A registered person and supervised schedule 2 AML-CFT-CPF supervised persons must comply with the JFSC’s Outsourcing policy and guidance note. See the codes for

• Registered persons https://www.jerseyfsc.org/industry/codes-of-practice/
• SCHEDULE 2 AML-CFT-CPF SUPERVISED PERSONS   - https://www.jerseyfsc.org/industry/financial-crime/amlcftcpf-handbooks/amlcftcpf-handbook/

BELOW ARE SOME SPECIFICS

1. Responsibility:
1. When outsourcing activities, the supervised person remains ultimately responsible for the duties undertaken in their name.
2. This includes ensuring the external party has satisfactory systems and controls, including up-to-date policies and procedures [AML-CFT-CPF Handbook—Section 2—Page 13].
2. Risk Assessment:
1. A supervised person must assess the risks associated with outsourced functions, particularly money laundering, terrorist financing, and proliferation financing.
2. They must continuously record and monitor these risks [AML-CFT-CPF Handbook—Section 2—Page 14].
3. Provider Compliance:
1. If the outsourced activity is a supervised business activity, the supervised person must ensure that the provider of the outsourced services has policies and procedures consistent with those required under the Money Laundering Order [AML-CFT-CPF Handbook - Section-2 - Page 14].
4. Reporting:
1. The supervised person must be satisfied that any knowledge, suspicion, or reasonable grounds for suspicion of money laundering, terrorist financing, or proliferation financing activities will be reported by the provider of the outsourced service to the MLRO (or Deputy MLRO) of the supervised person [AML-CFT-CPF Handbook - Section-2 - Page 14].

Also, the Insurance Business Licensing Policy says:

• Accountability: Even when functions are outsourced, the permit holder remains accountable to the Commission for all regulatory matters, ensuring compliance with guidelines and addressing any conflicts arising from outsourcing arrangements [Jersey Financial Services Commission - Insurance Business Licensing Policy - Page 9].

Here are some key points:

1. Core Principles: The policy outlines seven core principles businesses must follow when outsourcing activities. These principles ensure that outsourcing does not compromise the quality of service or regulatory compliance.
2. Outsourcing Notification: Businesses must notify the JFSC about outsourcing arrangements. The revised policy, effective from January 1, 2024, includes new notification requirements and a material change notification process.
3. Cloud Services: Specific guidance is provided for outsourcing activities involving cloud services, including data storage and computing power.
4. Transitional Period: Businesses had a six-month transitional period to adapt to the revised policy, which became fully effective on January 1, 2024.
5. Exemptions and Inclusions: The revised policy also details which outsourced activities are newly included or exempt under the guidelines.

You can refer to the JFSC's official outsourcing policy for more detailed information.

• Outsourcing policy — Jersey Financial Services Commission https://www.jerseyfsc.org/industry/guidance-and-policy/outsourcing-policy/

 References

• Guidance on our revised outsourcing policy - Jersey Financial Services ...https://www.jerseyfsc.org/news-and-events/guidance-on-our-revised-outsourcing-policy/
• JFSC SLIDE PACK - https://www.jerseyfsc.org/media/7216/outsourcing-policy-presentation-slides.pdf
• https://www.ogier.com/news-and-insights/insights/the-new-jfsc-outsourcing-policy-overview-impact-and-actions-required/