Handbook updates July 2023

Updates to the AML / CFT Handbook:

On the 10^th of July 2023 the Guernsey Financial Services Commission (“the Commission”) released an updated version of the Handbook on Countering Financial Crime and Terrorist Financing (“the Handbook”) following 2 consultations issued on 28^th March 2023 & 9^th June 2023. The feedback of these consultations can be found here.

The main changes include the addition of a new chapter on Virtual Assets, additional wording around independent audit functions, the additional wording around Business Risk Assessments and updates to Appendix I. A tracked version of the Handbook can be found here.

Virtual Assets:

The addition of Chapter 18 (pages 221 to 234) on virtual assets provides Virtual Asset Service Providers (VASPs) with information regarding the rules set out in Schedule 3.

Independent Audit Function:

Additional wording has been included regarding the independent audit function which should be undertaken every three years. If a licensee decides not carry out an independent audit function the reasoning cannot be that a firm is “too small”.

Where a licensee undertakes an independent audit function specified controls are to be included.

Business Risk Assessment:

The Handbook update specifies that Business Risk Assessments must demonstrate consideration of the specific offenses, risks and implications to the business as identified in the NRA and by the Financial Action Task Force (“FATF”) and highlights each in detail, such as:

• Customer Risk Factors
• Countries and Territories Risk Factors
• Product Risk Factors
• Fraud Risk

FATF Higher Risk Jurisdictions / Appendix I: There have also been several amendments to Appendix I, a tracked version of the changes can be found here.

GFSC Handbook Virtual Asset Service Providers Chapter 18:

On the 10th of July 2023 the Guernsey Financial Services Commission (“the Commission”) released an updated version of the Handbook on Countering Financial Crime and Terrorist Financing (“the Handbook”) following 2 consultations issued on 28th March 2023 & 9th June 2023. The feedback of these consultations can be found here. The Handbook has added a new chapter specifically on Virtual Asset Service Providers (VASPs) and affects any firms which fall under the following VASP’s categorisation:

“VASPs are firms which provide or carry out exchange, transfer, safe-keeping, administration, custody, issue, offer, sale, distribution, trading, and other activities in connection with virtual assets from the Bailiwick. VASPs are required to hold a Part III VASP licence under the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022.”

This article provides a summary of each section contained within Chapter 18.

Risk-Based Approach

VASPs must:

• Have appropriate policies, procedures, and controls to identify, understand, assess, and mitigate these risks where applicable.
• Have appropriate processes to prevent parties to assets of the flow of assets from being obscured.
• Ensure they comply with the Cyber Security Rules and Guidance 2021.
• Consider the example risk factors contained within the Handbook.

Customer Due Diligence

VASPs must apply CDD measure as specified in Chapter 4 of the Handbook. One exception being, per Schedule 3 to the Law, the designated threshold which CDD must be conducted for an occasional transaction in respect of VASPs is lower and relates to any transaction or linked transactions involving more than, or to the value of, £1,000.

This section contains further detail on:

• what is to be considered a business relationship
• building a risk profile
• ongoing monitoring
• Source or Wealth & Source of Funds; and
• insufficient CDD.

Enhanced Customer Due Diligence

This section contains a list of not exhaustive measures that can be used in addition to Chapter 8 of the Handbook when conducting enhanced due diligence for customers.

Correspondent Banking and Other Similar Relationships

VASPs should define and assess the characteristics of their counterparty VASP relationships and ascertain whether they are undertaking activities similar to correspondent banking.

Transfers

VASPs are required to obtain, hold and submit required originator and beneficiary information associated with the transfers of virtual assets.  The Commission does not require a particular software or technology however the chosen software should enable VASPs to comply with the transfer rules.

This section contains further details on:

• Transfers of virtual assets to a beneficiary – Originating and Beneficiary VASP obligations
• Batch Transfers
• Transfers of virtual assets with missing or incomplete information on the originator or the beneficiary
• Intermediary VASPs; and
• Record retention.

Reporting

In any capacity, VASPs must consider the following reporting requirements:

• missing or incomplete information on a transfer which may give rise to a suspicion of Money Laundering or Financing of Terrorism – suspicion should be reported to the FIU;
• breaches by a VASP of the requirements of Schedule 3 and the Handbook rules – reported to the Commission; and
• repeated failure by a VASP to provide the required originator or beneficiary information – reported to the Commission.

Risks Associated with the Virtual assets Sector.

VASPs should be aware of the following risk factors alongside those set out in Schedule 3 and Chapter 3 of the Handbook. This section provides details of areas which may contribute to the increasing risk of the following risk factors:

• Product, Service and Transaction Risk Factors
• Customer Risk Factors
• Country or Geographical Risk Factors; and
• Distribution Channel Risk Factors.

This article has been produced for information purposes only & should not be relied upon for specific regulatory requirements or as an original data source.

GFSC Handbook- Independent Audit Function 2.4.1.

On the 10th of July 2023 the Guernsey Financial Services Commission (“the Commission”) released an updated version of the Handbook on Countering Financial Crime and Terrorist Financing (“the Handbook”) following 2 consultations issued on 28th March 2023 & 9th June 2023. The feedback of these consultations can be found here.

One of the main updates is that firms should consider an independent audit function. The purpose of this is to gauge the effectiveness and acceptability of the policies, procedures and controls (“the PP&Cs”) a specified business uses to act in accordance with Schedule 3, The Relevant Enactments and the Handbook.

The Independent audit function can be led by an employee of the business however, they must be independent from the employees who use the PP&Cs.

The Board of a specified business should determine the need of an independent audit function and should consider:

• Whether the business is in a high-risk sector shown by the National Risk Assessment
• The risk profile of their customer base
• The size of the business; and
• Any factors which could affect their Money Laundering and Financing of Terrorism risks such as recurring breaches with previous audit, from compliance monitoring or by The Commission.

A business must ensure that:

• The independent audit function reviews and evaluates the effectiveness and acceptability of the PP&Cs used by the business.
• The independent audit function should report and make suggestions to the board about the PP&Cs.
• If the independent audit function is an employee in the firm, they need to monitor the firm’s compliance with the suggestions.
• If the independent audit is an external service that can’t monitor the compliance with those suggestions, the Board is to monitor the compliance with those suggestions made by the independent audit function.

If a firm does not have or has chosen not to have an independent audit function, internal or external, within the previous 3 years, a review and evaluation on whether they need to have an independent audit function to evaluate the PP&Cs of the firm must be documented and agreed by the Board. The Board should be aware that how small a firm is, is not a justifiable reason for not undertaking an independent audit.

Business Risk Assessments

On the 10^th of July 2023 the Guernsey Financial Services Commission (“the Commission”) released the updated version of the Handbook on Countering Financial Crime and Terrorist Financing (“the Handbook”) which included additional rules and guidance regarding Business Risk Assessments (“BRA”).

The updates can be found within Chapter 3 of the Handbook which detail the requirements of Schedule 3 for firms to consider the risks and implications specified within the National Risk Assessment (“NRA”).

The risks and implications specified within the NRA have been identified as the most likely predicate offences which could be used for money laundering and terrorist financing within the Bailiwick. The Commission rules contained within Chapter 3 further specify that Bribery & Corruption and Fraud (including tax evasion) must be considered and that when a firm reviews its BRA you must record this.    

Based on the above, the guidance contained within 3.10 (Example Risk Factors) of the Handbook has also been updated to include Bribery & Corruption risk and Fraud (including tax evasion) risk, both containing the below sub-categories

• General Risk Factors
• Customer Risk factors
• Countries and Territories Risk Factors

This has been done to assist firms in undertaking their BRA’s.

3.17.2 included further updates in relation to Risk factors the firm should consider when identifying the risks associated with the level of predicate offences to money laundering in a country or territory and/or bribery and corruption associated with a country or territory.

All changes to the Handbook can be found here.

If you would like further information on how Aspida can support you in updating or creating your BRA please contact out compliance specialists at compliance@aspidagroup.com.