The Guernsey Financial Services Commission (GFSC) has reported the results of its 2020 thematic review. The review centred around the effectiveness of the policies, procedures and controls businesses apply to reporting suspicion of money laundering and the financing of terrorism (internal and external suspicious activity reports or SARs). The two largest groups in the pool of 29 firms that took part in the thematic review comprised banks and fiduciaries, in line with the risk weightings attributed by the Bailiwick's National Risk Assessment (NRA).
The report consists of two parts:
1. Board oversight and MLRO capabilities and capacity
The thematic review identified that the majority of businesses that took part in the review had appointed Money Laundering Reporting Officers (MLROs) who were suitably senior, qualified and independent.
However, the report highlighted issues that many businesses had with the relationship between the role of the MLRO and that of the board.
The thematic focused on the fact that while boards must ensure that MLROs are afforded autonomy when deciding whether to make an external SAR it remains the responsibility of the board to ensure there are appropriate and effective policies and procedures in place detailing how the MLRO and nominated officer will fulfil their role. It is not enough for policies and procedures to simply deal with how internal SARs should be handled, reported, recorded and managed, they should extend to what the MLRO must do on receipt of an internal SAR, maintaining records on internal and external SARs, handling formal information requests by the Financial Intelligence Service (FIS), making consent requests, management of blocked accounts, and where a firm is part of a group, sharing information on SARs. In effect, boards (or a delegated sub-committee) must ensure their policies and procedures provide a complete framework. Policies on the handling and management of suspicions are key to ensuring that suspicions are dealt with appropriately by firms, and tackling the ever-evolving financial crime threat. Improper handling of suspicions can have catastrophic regulatory and reputational consequences for a business and the MLRO.
The review referred to the relationship between the MLRO and the board when it discussed the provision of management information in relation to reporting suspicion. The AML/CFT Handbook* sets out an explicit minimum standard of information about suspicious activity reports which should be reported to the board, but at least a third of the businesses that took part in the thematic are not meeting that standard. Only a few boards were receiving a "good" level of management information about the reporting of suspicion within their business. The review noted the particular importance of management information where a relationship is subject to "no consent" from the FIS. In connection, the thematic touched on the sensitive subject of "tipping off" and referenced the HM Procurer's October 2011 guidance that "for the avoidance of doubt it is confirmed that no prosecutions will be brought against persons who disclose the fact that a SAR has been or will be made, if the disclosure is made by one member of an organisation to another for the purposes of discharging AML/CFT responsibilities and functions. This will also be the case in respect of a disclosure made to linked organisations such as head offices or other branches of the same institution, again providing that it is made to discharge AML/CFT responsibilities and functions.", which can be found here.
2. Effectiveness of SAR policies, procedures and controls
The thematic review commended the action taken by firms since the FIS issued 'Guidance to Improve Suspicious Activing Reports' in October 2019. However, it noted limited instances where the guidance issued by the FIS had not been followed by the MLRO, such as when the cause for suspicion was not obvious or the suspected predicate offence was not identified on the external SAR. It highlighted that, in the event an external SAR contained a consent request, in order to assist the FIS to properly assess if consent is required, the MLRO should identify the 'act' that it suspects may be an offence under the Criminal Justice (Proceeds of Crime)(Bailiwick of Guernsey) Law, 1999, and for which it is seeking consent.
It identified the need for firms to have standard internal suspicious activity forms, and to require staff to use them properly, to ensure that all relevant information about the suspicion is brought expeditiously to the MLRO's attention. Where that is not happening the report recommended the MLROs provide feedback or additional training. It also identified isolated cases where it considered external SARs should have been filed more quickly with the FIS. In those cases, the GFSC recommended that staff receive training on typical financial crime red flags to enable prompt identification of suspicion and recommended referring to the Bailiwick's NRA, which provides likely modalities and case studies.
The GFSC will consider how firms have incorporated the findings of this thematic as part of its ongoing supervisory function. The report features 13 case studies comprising good and poor practices and includes five "areas for improvement". Firms would be well placed to map their current practices against the highlighted case studies and areas for improvement to identify weaknesses and implement remedial changes ahead of any future visit by the regulator.
Sandra Lawrence of CC Compliance can assist with ensuring that your business's policies and procedures on handling suspicion and management information meet the standards set by the GFSC and are appropriate for your business. If you have concerns about a particular suspicion or how to deal with a 'no consent' from the FIS, then you can contact Nin Ritchie of Collas Crill's multidisciplinary Risk and Regulatory team for advice.
The Commission's full report can be found here.
* Handbook on Countering Financial Crime and Terrorist Financing