Your AML/CTF/CPF policy and procedures cannot be half-baked in Jersey (or elsewhere).
26/11/2024
When it comes to financial regulations, especially in a place like Jersey, having a solid grip on your AML (Anti-Money Laundering), CTF (Counter-Terrorism Financing), and CPF (Counter-Proliferation Financing), and having adequate and robust firm-wide policies and procedures is non-negotiable.
You must do more than slap together a few pages and call it a day. Let’s face it: half-baked policies are a recipe for disaster. If your AML/CTF/CPF policies and procedures are limited in content, vague and / or poorly structured, you’re essentially inviting trouble. Regulators want to see that you’re serious about compliance; flimsy documentation won’t cut it. It’s like trying to build a house on a shaky foundation; it’s only a matter of time before it collapses.
The stakes are high. Inadequate AML/CTF/CPF policies and procedures can lead to hefty fines, reputational damage, and criminal charges. Imagine being in a courtroom, trying to defend your organisation against allegations of non-compliance. Without solid policies and procedures, your defences could crumble faster than a house of cards.
So, what does it take to create effective AML/CTF/CPF policies and procedures that meet the Jersey Financial Services Commission (JFSC) standards?
LET’S DIVE IN!
THE CHALLENGE
- Why JFSC Rules Matter
- The JFSC are clear on what they want firms to do when they create and maintain policies and procedures [see appendix 1]
- These rules prevent financial crimes and protect the financial system's integrity. They are the same whether you’re a large finance house, a small estate agency, or somewhere in between.
- The consequence of non-compliance can be expensive or critical.
- The Challenges of Implementing AML/CTF/CPF Rules into your business
- Implementing AML/CTF/CPF rules means no walking in the park.
- AML/CTF/CPF rules require a comprehensive approach beyond a few bullet points in a policy document or a check sheet for a few ticks in a box.
- AML/CTF/CPF rules must be mapped to external drivers (laws and regulations), senior management owners, business units, and monitoring programmes and tests.
SIZE MATTERS
- Laws and regulatory rules that are the foundation of a firm's AML/CTF/CPF Rules
- Policies and procedures cannot be diluted [half-baked] into a few pages; they must be thorough and well-structured to be effective.
- The complexity and depth of the laws and regulatory rules that are the foundation of a firm's policies and procedures.
- All employees understand the complexity and depth of the firm's policies and procedures—it is not just about a passport and utility bill.
POLICY AND PROCEDURES ARE DIFFERENT
- Understanding the Importance of Robust policy and procedures
- Policies and procedures are the backbone of any organisation, especially those under the watchful eye of the JFSC.
- They guide decision-making, ensure compliance, and help mitigate risks.
- But what exactly are these Policies and procedures?
POLICIES AND PROCEDURES = CoPPs and SOPs
CoPPs
- What Are Corporate Policies and Procedures (CoPPs)?
- Corporate Policies and Procedures (CoPPs) are high-level documents that outline a firm's objectives and the framework for achieving them.
- CoPPs set the tone for compliance and are crucial for meeting Jersey’s statutory and regulatory Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Counter-Proliferation Financing (CPF) rules.
- Think of them as the roadmap for your organisation’s journey through the regulatory landscape.
- The Role of CoPPs in Regulatory Compliance
- CoPPs are not just bureaucratic red tape; they are essential for ensuring your organisation operates within the law and regulations.
- CoPPs provide a clear set of guidelines for senior management, who must ensure that these rules are effectively communicated and integrated into the firm's daily SOPs.
- CoPPs are a cornerstone to continued employee awareness and training.
SOPs
- The Significance of Standard Operating Procedures (SOPs)
- While CoPPs set the strategic direction, SOPs are the nuts and bolts that keep the engine running.
- SOPs are essential for ensuring any organisation's consistency, efficiency, and quality.
- SOPs provide detailed instructions for employees on how to carry out their tasks in alignment with the CoPPs.
CoPPs and SOPs
- How SOPs Differ from CoPPs
- The critical difference between CoPPs and SOPs lies in their focus.
- CoPPs are about the “what” and “why,” while SOPs are all about the “how.”
- CoPPs outline the company’s aims and objectives, whereas SOPs provide the step-by-step processes employees must follow.
- The Importance of SOPs in maintaining CoPPs
- SOPs ensure that everyone in the organisation is on the same page.
- They help maintain consistency, reduce errors, and ensure compliance with the overarching CoPPs.
- Without well-defined SOPs, even the best CoPPs can fall flat.
COMSURE APPROACH
- Comsure’s Approach to Policy Development
- At Comsure, we meticulously approach the development of CoPPs and SOPs.
- Our first task is to ensure that a firm's CoPPs align with all relevant laws and regulatory requirements.
- We work closely with firms to ensure that their CoPPs are compliant but also practical and actionable.
- Integrating CoPPs into SOPs
- Once the CoPPs are in place, we assist firms in adopting these policies into their SOPs.
- SOP integration ensures that the rules outlined in the CoPPs are reflected in the business's day-to-day operations.
- SOP integration should incorporate training.
- Key Topics to Address in CoPPs and SOPs include [albeit not exhaustive]:
- Corporate Governance - This includes:-
-
-
- The application of a risk-based approach, appetite, and strategy
- The structure and processes for decision-making within the organisation.
- Oversight of compliance and reporting officers
-
- Customer Due Diligence - This includes clear rules for:-
-
-
- Identifying and verifying customers and assessing the risks associated with them.
- Profiling customers
- Applying due diligence, including simplifying, standardising, or enhancing.
-
- Monitoring - This includes clear rules for:-
-
-
- Are all transactions in and out of the firm labelled and reconciled?
- Are heightened risks monitored more than those lesser risks?
- Are all red flags of transaction and customer activity monitored?
-
- Suspicious Reporting- This includes clear rules for:-
-
-
- Employees must know how to identify and report internal [iSAR/iSTR] suspicious transactions and/or activities.
- MLROs must know who to report to depending on the type of report being managed—financial crimes to the FIU or economic target sanctions to another agency.
- All employees should be aware of the timeliness of any requirements.
-
- Training - This includes clear rules for:-
-
-
- Outside of general all employee training, training is tailored for senior managers and customer-facing to support employees.
- Ongoing training ensures that ALL employees understand external threats, internal vulnerabilities, and controls that mitigate the risks.
- Ongoing training ensures everyone knows the importance of reporting.
-
- Human resource management - This includes clear rules for:-
-
-
- New employees, new promotions and current employees should be background checked (vetted)
- Job descriptions and employee manuals should highlight the importance of policy and procedure compliance and the consequences for non-compliance.
- Employee appraisals should include training assessments and plans.
-
-
- Record-Keeping - This includes clear rules for:-
-
-
- Is all the above [and more] saved for at least 5 years [10 years for your corporate governance docs] and
- Readily available and
- In English 😊
-
CONCLUSION
- In conclusion, creating robust policies and procedures is not just a regulatory requirement; it’s a fundamental aspect of running a successful business in Jersey or anywhere else.
- By ensuring that your CoPPs and SOPs are well-aligned and comprehensive, you can confidently navigate the complex landscape of regulatory compliance.
Appendix 1
RULES FOR FORMULATING A SUPERVISED FIRM’S AML/CTF/CPF POLICIES AND PROCEDURES
(The following statements are all sourced from the JFSC Handbook)
- To demonstrate compliance, supervised persons must, when formulating policies and procedures, MUST:-
- Pay close attention to the primary sections of the JFSC Handbook (sections 1-10) and the sector-specific sections (Sections 11-18) relevant to their business type.
- The JFSC Handbook:-
- Is a foundational guide (a minimum), not an exhaustive list, for establishing systems and controls to combat “money laundering, terrorism financing, and proliferation financing” (financial crime).
- Will be considered by courts when evaluating a supervised individual’s conduct, assessing whether they acted reasonably, honestly, and appropriately and took all necessary steps to exercise due diligence to avoid committing an offence.
- The JFSC Handbook is made up of the following PRIMARY SECTIONS that the JFSC says it is vital to adhere to:-
- STATUTORY REQUIREMENTS
- AML/CFT/CPF CODES OF PRACTICE,
- GUIDANCE NOTES
- The AML/CFT/CPF CODES OF PRACTICE encompass detailed explanations of how to meet STATUTORY OBLIGATIONS and various elements necessary for a firm's corporate governance structures/framework.
- The GUIDANCE NOTES provide strategies for meeting the mandatory statutory requirements and AML/CFT/CPF CODES OF PRACTICE and should always be read alongside them.
- Concerning the provisions and application of the above, the JFSC handbook uses the terms "MUST" and “MAY”:-
- MUST indicate the mandatory provisions and application of the STATUTORY OBLIGATIONS and AML/CFT/CPF CODES OF PRACTICE
- In contrast, the GUIDANCE NOTES use the term "MAY", which offers potential ways to satisfy STATUTORY OBLIGATIONS and AML/CFT/CPF CODES OF PRACTICE requirements while allowing alternative compliance methods.
- The JFSC says that thoughtful application of the GUIDANCE NOTES will indicate compliance with all the statutory and AML/CFT/CPF requirements. However, a supervised person may implement alternative measures BEYOND those outlined in the GUIDANCE NOTES, provided they can demonstrate compliance with statutory requirements and AML/CFT/CPF CODES OF PRACTICE. The JFSC says this flexibility allows supervised individuals to tailor their approach based on their specific business circumstances, products, services, transactions, and/or customer profiles.
- In support of the above PRIMARY SECTIONS, the JFSC says in its Compliance monitoring guidance that a firm's Compliance Functions should Identify ALL relevant legislative and regulatory requirements.
- When writing and or maintaining policy and procedures Jersey, supervised individuals should:
- Ensure they apply the statutory provision by using the JFSC handbook CODES and GUIDANCE
- Adopt a suitable risk-based approach to the GUIDANCE and
- Continuously evaluate what additional measures may be necessary to safeguard against exploiting their products and services by those attempting to engage in financial crime.
End
If you would like to discuss COMSURE’s approach to assisting its clients without being half-baked, please get in touch.
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.