JFSC issued an enforcement public statement and ZERO fine on Jersey Post Limited

Today, November 8^th, 2024, an enforcement public statement was issued.

• It has determined it necessary and proportionate to issue a public statement, having concluded that, between January 2019 and December 2022 (the Relevant Period), JERSEY POST LIMITED (JPL)  failed to
• Effectively organise and control its affairs to properly perform its MONEY SERVICE BUSINESS (MSB) activities.

The JFSC concluded that:-

• JPL’s contraventions in this regard warranted a Band 2A civil financial penalty. However, the penalty would be a ZERO PENALTY.
• Article 21B(3)(e) of the Commission Law requires the JFSC to consider the potential financial consequences to
• The registered person (in this case, JPL)
• As well as to third parties (including customers).
• In this case, having carefully considered JPL and third parties, the JFSC has determined it reasonable and proportionate to impose a ZERO PENALTY.

The key issues highlighted in the JFSC public statement are:-

1. Board Ineffectiveness:
• The JPL Board demonstrated inadequate knowledge of regulatory requirements and over-relied on the compliance function, which was not operating effectively.
• The Board did not self-identify issues and had not conducted a review of the effectiveness of its compliance function.
2. Lack of Oversight:
• The Board operated ineffectively, leading to significant deficiencies in compliance with the regulatory framework.
• Board meetings were infrequent, and discussions did not include comprehensive reviews of compliance responsibilities.
3. Risk Management Failures:
• JPL's Business Risk Assessment (BRA) was inadequate, containing outdated information and failing to assess all relevant risks.
• The Board did not scrutinize or challenge the BRA, indicating a lack of attention to its adequacy.
4. Inadequate Systems and Controls:
• JPL lacked written policies and procedures to comply with legal obligations and the MSB Code.
• There were significant failures to comply with AML/CFT/CPF requirements, including inadequate monitoring and controls.
5. Compliance Deficiencies:
• JPL failed to retain customer identity documents, manage linked transactions, maintain a PEP policy, and appropriately screen customers.
• Monitoring of systems and controls was not comprehensive, and there was a lack of documented procedures for reviewing transactions.
6. Reporting and Training Issues:
• MLCO and MLRO reports to the Board were limited in scope and did not highlight key compliance matters.
• Employee training was not appropriately tailored to roles and responsibilities and lacked coverage on countering terrorist financing.
7. Suspicious Activity Reporting:
• JPL failed to establish and maintain proper procedures for investigating and handling internal SARs, leading to incomplete documentation and unclear reports to the FIU.
8. Mitigating Factors and Remediation:
• JPL fully cooperated with the JFSC, accepted findings, and took prompt action to understand and address issues.
• Remediation efforts included constituting a new Board, appointing a new Group Head of Compliance, conducting training, ceasing high-risk services, and evaluating future financial services offerings.
9. Sanction and Public Statement:
• The JFSC issued a public statement to support its objectives of protecting Jersey's reputation and integrity and countering financial crime.

THE PUBLIC STATEMENT IS HERE

• https://www.jerseyfsc.org/news-and-events/jersey-post-limited/

THE PUBLIC STATEMENT IS ALSO EXTRACTED BELOW

Issued: 8 November 2024 = Action

1

1.1 The JFSC has determined it necessary and proportionate to issue this public statement having concluded that, between January 2019 and December 2022 (the Relevant Period), JPL failed to effectively organise and control its affairs for the proper performance of its MSB activities. The JFSC concluded that JPL’s contraventions in this regard warranted a Band 2A civil financial penalty. However, pursuant to its obligations under Article 21B(3)(e) of the Commission Law, the JFSC determined it reasonable and proportionate to impose a zero penalty.

1.2 This public statement relates only to JPL’s conduct, during the Relevant Period, in the provision of MSB and not to its wider postal operations.

1.3. During the Relevant Period, the JPL Board demonstrated inadequate knowledge of the requirements of the regulatory framework and over-relied on JPL’s compliance function to ensure compliance. However, JPL’s compliance function was itself not operating effectively. The JPL Board did not self-identify this issue and had not conducted a review of the effectiveness of its compliance function.

1.4 The JPL Board, during the Relevant Period, is considered to have operated ineffectively in discharging its regulatory responsibilities, leading to significant and material deficiencies in JPL’s compliance with the regulatory framework. Had an adequate JPL Board effectiveness assessment been conducted, as required by the MSB Code, these deficiencies may have been identified at an earlier stage.

1.5 JPL’s failures left it vulnerable to significant financial crime risk, posing a material risk to the integrity and stability of Jersey’s financial services industry.

1.6 Definitions used in this public statement can be found in the glossary.

2. BACKGROUND

2.1 JPL’s principal activity is as Jersey’s postal operator, however, it also provides a range of regulated financial services products to customers through its post office counters as part of its community provision.

2.2 During the Relevant Period, these activities included bureaux de change services, money transfer, agency banking and cheque encashment services. JPL provided certain of these services as an agent for various regulated financial service providers. Each of these activities are defined as ‘money service business’ in the FS(J)L.

2.3 With respect to the provision of MSB services, JPL is required to comply, in full, with the applicable regulatory framework and is regulated by the JFSC in this regard. The JPL Board during the Relevant Period failed to understand this.

3. DETAILED FINDINGS

3.1 The investigation findings incorporate the findings of:

(i) a 2022 JFSC on-site examination of JPL and; and

(ii) the findings of an Independent Reporting Consultant voluntarily appointed by JPL following the said on-site examination.

3.2 As stated above, during the Relevant Period, JPL’s Board is considered to have operated ineffectively in discharging its regulatory responsibilities, leading to significant and material deficiencies in its compliance with the regulatory framework. These deficiencies are summarised below.

BOARD ADMINISTRATION

3.3 The JPL Board did not operate with a formally approved Terms of Reference, or equivalent document, that set out the individual and collective responsibilities of JPL Board members. JPL Board meetings during the Relevant Period were also held infrequently.

3.4 During the Relevant Period, the JPL Board considered that, as the principal activity of JPL was the provision of postal services and the regulated services undertaken by JPL was very small — both by turnover, being between 0.78% and 1.97% of JPL’s total revenue during the Relevant Period and by average transaction, being less than £370 — and low risk, regulated activities did not require more oversight at JPL Board level.

3.5 As a result, during the JPL Board meetings that were held, discussion regarding JPL’s compliance with the regulatory framework focussed on AML/CFT/CPF matters and did not include JPL’s compliance responsibilities relating to the MSB Code and FS(J)L. The JPL Board also failed to challenge or discuss the information and data presented by the MLRO and MLCO.

3.6 JPL Board minutes were overly brief and therefore inadequate since they did not evidence whether, or how, the JPL Board discharged its responsibilities over the financial regulated activities of JPL, including its oversight of the effectiveness of systems and controls

3.7 Although a Board effectiveness review was carried out by JPL in 2021, it did not focus on JPL’s regulated activities and therefore did not meet the requirements of the MSB Code. Had the review been broader, JPL's deficiencies (as detailed in this public statement) may have been identified sooner.

ASSESSMENT OF BUSINESS RISK

3.8 During the Relevant Period, the JPL Board was responsible for identifying risks faced by the business and for ensuring appropriate systems and controls were designed and implemented to manage those risks.

3.9 JPL’s BRA, the principal risk management document, was found to be inadequate. It contained out of date information on products and services provided by JPL and failed to record an assessment of all risks relevant to the MSB business(including certain ML/TF/PF risks).

3.10 There was no evidence of JPL Board discussion, scrutiny or challenge on the content of the BRA, indicating a lack of attention from JPL Board members as to its adequacy.

SYSTEMS AND CONTROLS, INCLUDING POLICIES AND PROCEDURES

3.11 During the Relevant Period, JPL did not have written policies or procedures to demonstrate how it complied with its obligations under the FS(J)L and the MSB Code.

3.12 As a result of the lack of policies and procedures, and an over reliance on its ineffective compliance function, JPL failed to adequately monitor its compliance with the FS(J)L and the MSB Code. This included

• A failure to comply with notification requirements under the FS(J)L regarding changes to Principal Persons and a breach of span of control requirements under the MSB Code.

3.13 JPL lacked adequate AML/CFT/CPF systems and controls, including policies and procedures, resulting in significant failures to comply with the regulatory framework and to manage ML/TF/PF risk. JPL’s AML/CFT/CPF policies consisted of high-level statements with no accompanying procedures other than JPL’s AML Handbook, which was also found to be deficient.

3.14 While certain of JPL’s identification measures were compliant or, in two service offerings, were more prudent than required under the regulatory framework, JPL failed to:

3.14.1 Retain copies of relevant customer identity documents from the point of transaction;

3.14.2 With the exception of its money transfer service, implement controls to identify ‘linked transactions’ and manage risks posed by them;

3.14.3 Record and maintain an adequate PEP policy;

3.14.4 Record information in JPL’s systems regarding the purpose and nature of transactions; and

3.14.5 Appropriately screen customers to identify ML/TF/PF risks.

MONITORING OF SYSTEMS AND CONTROLS

3.15 While limited AML/CFT/CPF related monitoring activities were undertaken during the Relevant Period, JPL did not adopt a comprehensive risk-based compliance monitoring programme to ensure that it was monitoring adherence with its relevant obligations under the regulatory framework.

ON-GOING MONITORING

3.16 JPL failed to document the nature, scope, or extent of its review of all bureaux de change transactions above the statutory threshold carried out post transaction by the MLRO. There was also a lack of documented procedures in this regard.

COMPLIANCE REPORTING

3.17 MLCO reports to the JPL Board were limited in scope. The reports failed to consider key AML/CFT/CPF matters such as transaction monitoring outcomes and changes to policies and procedures and did not highlight high priority compliance matters requiring heightened focus of the JPL Board.

3.18 MLRO reports were static and provided little in the way of trend analysis in respect of SARs. The reports contained content that would typically be reported by the MLCO due, in part, to a crossover of responsibilities between the MLRO and MLCO and the activities of each not being aligned with their responsibilities as set out in the AML/CFT/CPF Code.

3.19 The JPL Board received no CO reporting during the Relevant Period. In the absence of any reporting and compliance monitoring as referred to above, the JPL Board could not adequately monitor JPL’s compliance with its obligations under the MSB Code and the FS(J)L.

TRAINING OF EMPLOYEES

3.20 JPL’s AML/CFT/CPF training was not appropriately tailored to the roles and responsibilities of its employees. For example, whilst training would be tailored verbally, the same AML/CFT/CPF training material was provided to both post office counter staff and the JPL Board. In addition, the training did not cover the countering of terrorist financing as required by the AML/CFT/CPF Code.

SUSPICIOUS ACTIVITY REPORTING

3.21 JPL failed to establish and maintain reporting procedures relating to the investigation and handling of internal SARs by its MLRO or Deputy MLRO. As a result, on occasion, JPL failed to fully document enquiries undertaken in relation to an internal SAR or the basis for reporting, or not reporting, to the FIU.

3.22 In addition, the failure to establish and maintain proper SAR procedures resulted in some SARs submitted to the FIU being unclear in terms of setting out the suspicion and the background to the transactions leading to the suspicion.

4. MITIGATING FACTORS

4.1 JPL fully cooperated with the JFSC throughout the investigation, accepting the findings and demonstrating candour and transparency in its communications.

4.2 Following the examination, JPL took prompt action to understand the root cause of the issues through the appointment of the Independent Reporting Consultant, sharing the resultant report with the JFSC and subsequently committing to a significant remediation exercise. To date, JPL has:

4.2.1 Constituted a new Board of Executive Directors with greater relevance of experience;

4.2.2 Appointed a new Group Head of Compliance between December 2022 and June 2023 for the purposes of initiating the remediation exercise and subsequently engaged external compliance support to provide additional oversight for its MLRO and MLCO;

4.2.3 Conducted training of staff and JPL Board members;

4.2.4 Ceased providing agency banking and money transfer services due to the level of risk and the cost of mitigating the risk being unstainable to JPL; and

4.2.5 Conducted a full evaluation of its future financial services offering (including systems requirements).

5. SANCTION

5.1 The JFSC concluded that JPL, to a significant and material extent, negligently contravened requirements of the regulatory framework. Under the Commission Law, such contraventions warranted a civil financial penalty.

5.2 Article 21B(3)(e) of the Commission Law requires the JFSC to consider the potential financial consequences to the registered person (in this case JPL) but also to third parties (including customers). In the circumstances of this case, having carefully considered JPL and third parties, the JFSC has determined it reasonable and proportionate to impose a zero penalty.

5.3 The JFSC issues this public statement under Articles 25(b) of the FS(J)L and 26(b) of the Supervisory Bodies Law to support its objectives to:

5.3.1 Protect and enhance the reputation and integrity of Jersey in commercial and financial matters; and

5.3.2 Counter financial crime.

SOURCE

• https://www.jerseyfsc.org/news-and-events/jersey-post-limited/