The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Ordinance, 2018 was approved by the States of Guernsey in December 2018 and is set to come into force on 31 March 2019. The new legislation represents a substantial revision of Guernsey's anti-money laundering and countering financing of terrorism (AML/CFT) regime designed to satisfy the requirements of the 2012 Financial Action Task Force (FATF) and the Guernsey specific recommendations made by MONEYVAL in 2016.
In November 2018, a final draft of the revised Handbook on Countering Financial Crime and Terrorist Financing (the Handbook) was published and for all practical purposes, this document will be the key reference for the local financial industry.
The GFSC has announced that in anticipation of the changes to the law it has already begun adopting the new rules to allow for technical issues which could lead to complications once the law is in force. Consequently, the new Handbook should already be the reference point for local business on all matters of AML/CFT and client due diligence (CDD). In this briefing, we set out the key changes to the Handbook and the operational changes that will likely be required in order to comply with the new framework.
There are minimal changes to the corporate governance chapter of the Handbook generally, but it adds scope to maintain effective policies, procedures and controls. Notably, the GFSC has opted not to implement FATF recommendations to require firms to have an independent audit function to test AML/CFT policies. In a subtle change however, the previously named "financial crime compliance officer" has been replaced with the "money laundering compliance officer" (MLCO) and his/her duties amended from "having oversight" to holding "responsibility for policies, procedures and controls to forestall, prevent and detect money laundering and the financing of terrorism". Furthermore, any person employed as MLCO needs to have the necessary "knowledge, skill and experience" rather than simply be "qualified". Despite appearances, these are material changes; reinforcing the GFSC's determination to hold MLCOs accountable for failings in their respective businesses.
Each firm must appoint an MLCO by 31 March 2019 and notify the GFSC of the appointment by 14 April 2019; however there is nothing in the new Handbook to prevent firms continuing to outsource this function.
Minor changes have also been made to the way firms may share information between subsidiaries and branches in a bid to ensure that Guernsey's most recent data protection law (drafted to be consistent with GDPR) takes precedence over the rules of the Handbook.
A significant change to the Handbook as a whole is the shift in focus towards a case-by-case determination of a firm's risk appetite as against the objectives of a firm's AML/CFT policies and the objectives of the law. Guidance on risk-based assessments has been expanded to incorporate new concepts such as the accumulation of risk and weighting of risk factors which will assist in the assessment of each case.
Firms will need to ensure that their risk assessment policies are updated in line with the revised Handbook. All matters rated high-risk as at 31 March 2019 are required to be reviewed by the end of 2020 (with all other matters reviewed by the end of 2021) and firms will be expected to subject these matters to on-going review under the revised approach. Where firms utilise IT systems to determine risk-ratings, such systems must be fully understood to ensure that ratings are generated in accordance with the updated policies.
A firm's Business Risk Assessment (BRA) may also require amending to ensure that assessments made in respect of money laundering, the financing of terrorism and the proliferation of weapons of mass destruction are concluded separately and that all employees are informed of the BRA and risk appetite of the firm. Each firm's BRA must be bespoke according to such firm's own risks and requirements.
Customer Due Diligence
Extensive additional guidance has been provided on the verification of identification documentation which each firm will need to ensure has been incorporated into their client take-on procedures. The beneficial ownership provisions have also been extended but firms already compliant with the current requirements under the beneficial ownership of legal persons regime should have little difficulty in meeting the standard of the Handbook.
Enhanced measures replace additional CDD and are now required automatically for all relevant business that involves a non-Guernsey resident customer, banking services, a legal person or arrangement used for personal asset holding purposes and nominee share ownership and bearer share ownership. There is substantial guidance on the steps required and the circumstances for which they apply in the Handbook. The aim however is risk mitigation and the move away from advanced levels of CDD only in high risk rated matters to ensuring the due diligence process can assist in an early understanding of each business relationship in every case.
One key development is the extension of the meaning of a "politically exposed person" (PEP) and the extension to domestic PEPs; firms will need to ensure that the new definition of a PEP follows through into their internal procedures to ensure that enhanced due diligence is carried out as required. There is a welcome means of declassifying PEPs where certain conditions are met. Further, whilst enhanced CDD will always be required in respect of foreign PEPs, when dealing with domestic PEPs, firms may rely on local guidance to aid the risk approach which will not always be so onerous.
Whilst the basics remain broadly the same, firms will be interested in the developments to the guidance on intermediary relationships; the reporting of suspicion; sanctions; wire transfers; employee screening and training; and record keeping and will need to ensure updated policies and procedures reflect the revised approach.
What do you need to do?
The GFSC have provided deadlines for businesses to implement the revised Handbook. Businesses should take the view that the new approach is already in force but key dates to remember are as follows:
31 March 2019 – the revised law comes into force; MLCOs must be appointed by this date; and risk assessments must be prepared as soon as reasonably practicable thereafter.
14 April 2019 – notification must be made by this date to the GFSC of MLCO appointment (and MLRO appointment, where such appointment has changed).
31 July 2019 (or four months following the publication of the National Risk Assessment, if later) – revised BRAs must have been approved by each firm by this date.
31 December 2020 – all high-risk business arrangements must be reviewed in accordance with the new Handbook by this date.
31 December 2021 – all remaining business arrangements must be reviewed in accordance with the new Handbook by this date.