The power of openness and trust – engaging with the regulator

We often hear of the importance of being open and cooperative when engaging with the regulator, but what does this mean if you are supervised by the Jersey Financial Services Commission (JFSC)?

Working from home during the pandemic, we were probably all guilty, on at least one occasion, of being immaculately presented from the waist up during a zoom call whilst being bedecked in our comfy loungewear below the desk.

In this age of technology and social media, a tension exists between aligning our digital and real-world self. Our digital self is a filtered, polished version of our real-world self. It is of course natural to want to present the best version of ourselves to an external audience and we do so in all manner of engagements in business and social settings. However, polish will only take us so far in relationships, as trust is built on authenticity and open dialogue.

The same is true of the regulatory relationship. Any engagement or interaction with the JFSC presents an opportunity to create an impression, and build trust and credibility. For the regulator, each interaction provides a window into the culture of your firm.

It is therefore critical to have a well thought out strategy for all regulatory engagement and to use it as an opportunity to present the best version of your organisation. The time invested in good quality engagement will help build trust, establish credibility and potentially pay dividends during periods of more intense scrutiny.

The JFSC's expectation about engagement is clear. Underpinning all interaction with the regulator is Principle 6 of the Codes of Practice (COP) – the requirement to deal with the JFSC in an open (transparent) and cooperative manner.

Regulatory touchpoints

So how do you achieve transparent and cooperative engagement in practice?

All supervised persons are required to interact with and provide information to the JFSC on a periodic or ad hoc basis. These regulatory touchpoints include the following three broad categories:

1. Provision of information

• Information requested prior to supervisor led periodic assessments– for example AML/CFT/CPF or Enterprise Wide Risk Assessments, and Compliance Monitoring Plans

• AML/CFT/CPF and supervisory data collection

• Submission of financial statements

• Ad hoc requests, for example sanctions information

• Following notification of examination

2. Mandatory notifications

• Outsourcing notifications
• Appointment and ceasing to act dates of principal and key persons
• Specific notifications detailed in Principle 6 of the COP, for example a change to the address of the registered office

3. 'Material' notifications

• Notification requirements under AML/CFT/CPF COP 2.3(18) and Principle 6 of each relevant COP to notify the JFSC, in writing of material issues.

  It is a matter of judgement for a supervised person to assess whether the duty to notify the regulator has been engaged.

Engagement in respect of the first two categories is potentially easier than the third. Planning and preparation are key in all scenarios; the aim is to get it right the first time. Effective engagement will result in both parties being satisfied. Whilst the regulator may have some follow up questions, you do not want to be in the position where you are being asked the same thing twice.

Information submission

To achieve this, you need to make sure your information is:

Complete

• Understand what is being asked of you and respond directly to the brief. If you are unclear, engage with your supervisor for clarification.

• Provide all information, in the format requested. Let the JFSC know if you are missing some information and explain the reason.

• Keep an active eye on the JFSC website and maintain a calendar of key regulatory dates.

Accurate

• Review, verify and perform quality assurance on the data and information

• Ensure that you have a robust governance process around all regulatory engagement. As most interaction is in written form, ensure a thorough review process, from both a technical and editorial perspective

• Obtain approval - as responsibility for the provision of information ultimately falls on the board/senior management, obtain agreement and approval in accordance with your internal governance process

Timely

• Engage early with your supervisor if any of the prescribed dates are unachievable, providing a clear rationale and request an extension. The expectation is that information should be accessible, however it is understood, that in rare circumstances more time may be required

• Allocate and schedule the time required to extract data, analyse information and formulate the response

• Assign responsibility to a member of the board/senior management who will oversee the exercise and monitor progress through to conclusion

• Engage early with other stakeholders on whom you are reliant to deliver data

• Learn lessons and improve the process for the next submission

Where you follow the tips listed above and provide all required information and notifications in the first two scenarios, you should expect routine interactions with the JFSC to be positive.

'Material' notifications to the JFSC

Any issue requiring notification under the third category is likely to be a deficiency identified in relation to systems and controls, that constitutes a breach of a regulatory requirement. 

This engagement is the litmus test of cooperation and transparency. Failure to comply with these notification obligations or being selective in the information that is provided, can carry the worst case scenario risk of regulatory action.

Whilst the nirvana of any supervised person is to implement systems and controls that are zero failure, this is not realistic. Despite best endeavours a situation will arise where a breach of material significance is detected. There may be an understandable reticence and anxiety concerning how this will be viewed through a regulatory lens. However, self-identifying issues, notifying and remediating will always be viewed more favourably than the opposite course of action.

Even in relation to significant and material deficiencies, cooperation and transparency will work in the favour of a supervised person. The methodology for determining a civil financial penalty outlines that where a contravention is voluntarily reported, in a prompt and comprehensive manner, this will be considered a mitigating factor, potentially resulting in a reduction in the penalty levied. In addition, cooperation is referenced in a number of public statements as a factor taken into account during the process.

Conversely, if there a failure to voluntarily report, this could be deemed an aggravating factor. A recent public statement identified failure to notify the JFSC of a breach as an aggravating factor in the determination of the quantum of the penalty.

Not being meticulous in the provision of the full facts or being selective in the information that is provided will undermine regulatory trust at the very least. Any urge to minimise or provide a gloss on relevant information, in an effort to maintain reputation should be resisted.

Considering the following can help you manage notifications in a way that is a cooperative and transparent.

Reporting arrangements

Have a procedure for evaluating and determining whether a breach that has occurred is considered sufficiently material to warrant notification under the COP. To be effective ensure that it incorporates the following:

• A process for identifying promptly any breaches that are sufficiently material that must always be reported

• Clear escalation for referral to the board/senior management for decisions within the governance arrangements

• Document the rationale for the decision – this is particularly important when a decision is taken that the breach is not notifiable

• Ensure that the JFSC is proactively updated at an appropriate frequency until the issue is resolved – do not be in a position where your supervisor is chasing for an update

Reporting arrangements should ensure that regulatory notifications:

- Are proactive and timely

• Determine whether the breach is notifiable and document board/senior management discussions around this consideration

• Do not delay, even if the full facts have not yet been established. The AML COP requires notification 'immediately' and the sector specific COPs 'as soon as it (registered person) becomes aware'

• There may be occasions where a report is made verbally, to give an initial 'heads up'. Follow up promptly in writing

- Contain clear and factually accurate information relating to the breach, including:

• The regulatory requirement that has been breached – make sure this is accurate. An understanding of and familiarity with the regulatory framework is a given, where references are inaccurate, this creates a poor first impression

• A description of the breach and relevant dates, including how and when the breach was identified – confirm the date it was first detected, the manner in which it was identified (e.g. internal notification to compliance, compliance monitoring or internal audit report) and the date on which it was entered onto the Breaches Register

• Confirmation of the cause of the breach

• Confirmation whether the breach is considered isolated or systemic in nature – include the number and risk rating of customers affected, where appropriate

• Confirmation of the reason the breach is thought to be of material significance to the regulator, considering its cause, effect, the reaction to it, and its wider implications

• Mitigating factors – however, do not overstate

- Detail the steps being taken to investigate and/or remedy the identified issue

• If the issue leading to the breach has already been remedied, include the actions taken and confirm the date the breach was considered closed

• Where further actions are required or remediation is ongoing, confirm the target timeframes for completion

• Where appropriate, submit the remediation plan along with the notification

• Advise the frequency of ongoing updates of progress to the JFSC, through to closure and make good on this commitment

- Demonstrate appropriate board/senior management oversight

• As the responsibility for adequacy and effectiveness of systems and controls belongs to the board/senior management, it is essential that they engage in the notification process, to demonstrate that issues are receiving the right level of attention.

Engagement with the regulator in this third scenario can leave us feeling exposed; akin to standing up in that Zoom call to reveal we are in fact wearing tracksuit bottoms. As a result, it may be felt that the reputation we have worked hard to build is compromised.

Conclusion

To paraphrase a Greek philosopher, it is not what happens to us, but how we react to it that matters. We naturally may have concerns about the negative connotations a 'material' notification may convey to the regulator. However, we can use this engagement as an opportunity to show the best of our organisation: our ability to communicate clearly, succinctly and transparently;  that we take compliance seriously and that we mobilise quickly to remediate issues in an effective and sustainable way.

The regulator will appreciate the commitment to transparency and cooperation and doing the right thing.

Ogier Regulatory Consulting provides expert regulatory advice on how to approach engagement with the regulator, including mandatory and material notifications. For more information, feel free to get in touch, or learn more about Ogier Regulatory Consulting in our At a Glance guide.

About Ogier

Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.

Disclaimer

This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.

Regulatory information can be found under Legal Notice