News
Print Article

No.2 - RISQED - Is Your RISK Framework Built to Address the JFSC Financial Crime Feedback

03/07/2026

Introduction

  • Part 1 of 4 of a RISQED series on risk management for Jersey-registered persons [below this part] provides an overview of how it provides a solution to risk management; later pieces go in depth on financial crime, data protection, and sustainability.
  • This is part 2 of 4 in a series on risk management for Jersey-registered persons; it looks at Financial Crime Risk and how RISQED can help

Financial Crime Risk

  • On 29 June 2026, the JFSC published its 2025 Financial Crime Examination Feedback, five days after quietly revising its Guidance Note on Compliance Monitoring for the first time since 2013.
  • Read together, the message is consistent:
    • Firms can usually point to the individual pieces of a financial crime framework, but struggle to show the pieces are connected, current, and owned.
  • That's the gap RISQED is built to close, not by replacing judgement, but by giving the business risk assessment (BRA), the controls that mitigate it, and the people accountable for it, a single structure to live in.

The BRA needs a methodology, not a moment in time

  • The JFSC found BRAs
    • Hadn't been reviewed as the business changed,
    • That omitted risks the Handbook requires (proliferation financing came up repeatedly), and
    • That recorded a risk without recording what mitigated it or how risks compounded together.
  • Tellingly, the revised Compliance Monitoring Guidance names the enterprise-wide risk assessment (EWRA) specifically as the risk assessment type "required under AML/CFT/CPF regulations to identify and mitigate financial crime risks at an organisational level";
    • This isn't a rebrand of the BRA,
    • It's the JFSC being explicit about what a firm-wide financial crime risk assessment needs to achieve.
  • RISQED is built as a BRA methodology first, rather than a template that goes stale the day it's signed off; RISQED will
    • Provide a consistent structure for identifying inherent risk and the risk owners,
    • Document (and link) the controls that mitigate it
    • Allow you to revisit both through your integrated CMP and as the business or its environment changes,

Control effectiveness is where "adequate" becomes evidenced.

  • The JFSC doesn't prescribe a specific scoring model for control effectiveness; it never has. What its revised Compliance Monitoring Guidance does require is that
    • Firms can show controls are "operating as intended" and
    • That testing surfaces the "strengths and weaknesses across the control framework."
  • Where firms fell short in the 2025 examinations,
    • It was rarely that they'd misidentified a risk.
    • It was that their policies didn't explain how to apply the control.
    • Their compliance monitoring plan (CMP) couldn't evidence the control had been tested.

RISQED scores risk on probability and impact   

  • The same two factors the JFSC uses in its own risk-based supervision approach, starting from the gross position, adjusting for the controls and treatment applied, and then moving again once CMP testing confirms whether those controls are actually working.
  • A test result doesn't just get filed; it visibly moves the risk position it relates to.
  • We haven't built this because the JFSC mandated a formula; it hasn't. We built it to meet guidance proportionately and defensibly for every firm, at a price point designed for firms replacing spreadsheets, not for those budgeting for enterprise GRC builds.

Risk owners need to be named, not implied

  • The JFSC's MLCO/MLRO findings weren't about competence; they were about visibility.
  • Conflicts of interest that existed but weren't logged. Resourcing gaps nobody had formally assessed. Board reporting that happened but was never documented so that oversight couldn't be evidenced after the fact.

RISQED addresses this structurally:

  • Risks in the platform sit against clear ownership: who's responsible, accountable, consulted, and informed, so your MLCO and MLRO aren't just named somewhere in a P&P; they're visibly attached to the risks they own, with conflicts, resourcing, and reporting sitting alongside them.

The pattern the JFSC keeps describing is

  • A financial crime framework in which the BRA, the controls, and the people responsible for both aren't visibly connected.
  • RISQED's job is to make that connection structural, rather than something you reconstruct manually when an examiner asks for it.
  • We'll go deeper on DATA PROTECTION AND SUSTAINABILITY in the updates that follow this update.

Book a demo:

  • yes@comsuregroup.com [Comsure is the distributor of RISQED] | Sunil   07797 936464 | Mathew   07797 747490

RISQED is BETA, in active development, and now being used. If you're evaluating it against a specific regulatory requirement, we're happy to walk through exactly how it maps to your framework.

Part 2 (sources):

JERSEY DATA PROTECTION RISQED BRA MLCO MLRO

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.