Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

HANDBOOK FOR THE PREVENTION AND DETECTION OF MONEY LAUNDERING AND by wulinqing

VIEWS: 3 PAGES: 97

									             HANDBOOK FOR THE
PREVENTION AND DETECTION OF MONEY LAUNDERING
       AND THE FINANCING OF TERRORISM
      FOR FINANCIAL SERVICES BUSINESS
   REGULATED UNDER THE REGULATORY LAWS




                               Part 1
             Statutory and Regulatory
         Requirements and Guidance Notes




                         Sections 1 – 9
                              and
                           Glossary



          Issued: 4 February 2008 (Partly revised: 22 July 2010)
                                                                                              Handbook for regulated financial services businesses

                                                                                                                                                   Contents




CONTENTS

       CONTENTS ............................................................................................................................................ 3

       1       INTRODUCTION ........................................................................................................................... 7
           1.1     Objectives of the Handbook .............................................................................................. 8
           1.2     Structure of the Handbook ................................................................................................ 9
           1.3     Legal status and sanctions for non-compliance.............................................................. 10
              1.3.1 Handbook................................................................................................................. 10
              1.3.2 Money Laundering Order......................................................................................... 10
              1.3.3 Regulatory Requirements ........................................................................................ 10
           1.4     Scope of the money laundering order and regulatory requirements............................... 11
              1.4.1 Application of the Money Laundering Order to financial services business
                      conducted in Jersey ................................................................................................. 11
              1.4.2 Application of the Money Laundering Order and Regulatory Requirements
                      outside Jersey.......................................................................................................... 11
              1.4.3 Application of Regulatory Requirements ................................................................. 12
           1.5     Definition of financial services business.......................................................................... 12
           1.6     Risk based approach....................................................................................................... 12
           1.7     Equivalence of requirements in other countries and territories....................................... 13
              1.7.1 Equivalent business ................................................................................................. 13
              1.7.2 Equivalent countries and territories ......................................................................... 13
              1.7.3 Determining equivalence ......................................................................................... 13

       2       CORPORATE GOVERNANCE ................................................................................................... 15
           2.1     Overview of section ......................................................................................................... 15
           2.2     Obligation to have procedures and controls.................................................................... 15
           2.3     Board responsibilities ...................................................................................................... 15
              2.3.1 Business risk assessment ....................................................................................... 16
           2.4     Systems and controls, training and awareness .............................................................. 17
              2.4.1 Oversight of the effectiveness of systems and controls .......................................... 18
              2.4.2 Oversight of compliance with systems and controls................................................ 19
              2.4.3 Consideration of cultural barriers............................................................................. 19
              2.4.4 Outsourcing.............................................................................................................. 20
           2.5     The Money Laundering Compliance Officer (MLCO)...................................................... 21
           2.6     The Money Laundering Reporting Officer (MLRO) ......................................................... 22

       3       CUSTOMER DUE DILIGENCE REQUIREMENTS..................................................................... 25
           3.1     Overview of section ......................................................................................................... 25
           3.2     Obligation to conduct customer due diligence ................................................................ 26
           3.3     Risk based approach to customer due diligence ............................................................ 27
              3.3.1 Customer due diligence information – Stage 1........................................................ 28
              3.3.2 Customer due diligence profile – Stage 1................................................................ 29
              3.3.3 Source of funds and wealth – Stages 1 and 2......................................................... 29
              3.3.4 Evaluation of customer due diligence information – Stage 2................................... 30
              3.3.5 Customer risk assessment – Stage 3 ...................................................................... 32
              3.3.6 Updating customer due diligence and customer risk assessments – Stage 5 ........ 33
Effective from: 4 February 2008                                                                                                                             3
Revised: 30 January 2009
Revised: 20 July 2009
Revised 22 July 2010
Handbook for regulated financial services businesses

Contents


           3.4     Enhanced customer due diligence .................................................................................. 33
              3.4.1 Politically Exposed Persons (PEPs) ........................................................................ 34
              3.4.2 Customer who is connected to a higher risk country or territory ............................. 35
              REGULATORY REQUIREMENT ......................................................................................... 35
              3.4.3 Other higher risk customers..................................................................................... 35
           3.5     CDD requirements when acquiring a business or a block of customers ........................ 36

       4       IDENTIFICATION AND VERIFICATION OF IDENTITY ............................................................. 37
           4.1     Overview of section ......................................................................................................... 37
           4.2     Obligation to identify and verify identity of applicant for business .................................. 37
           4.3     Identification and verification: Individuals........................................................................ 39
              4.3.1 Establishing identity ................................................................................................. 39
              4.3.2 Verifying identity....................................................................................................... 39
              4.3.3 Independent data sources ....................................................................................... 42
              4.3.4 Guarding against the financial exclusion of Jersey residents.................................. 42
              4.3.5 Verification of residential address of overseas residents ........................................ 43
           4.4     Identification and verification: trustees and express trusts ............................................. 44
              4.4.1 Establishing identity ................................................................................................. 45
              4.4.2 Verifying identity....................................................................................................... 45
           4.5     Identification and verification: legal bodies...................................................................... 46
              4.5.1 Establishing identity (except foundations) ............................................................... 47
              4.5.2 Verifying identity (except foundations)..................................................................... 48
              4.5.3 Establishing identity – foundations (except charities).............................................. 50
              4.5.4 Verifying identity – foundations (except charities) ................................................... 51
           4.6     Identification and verification: authorised agent of applicants for business .................... 52
           4.7     Identification and verification: applicants acting for third parties (intermediary
                   relationships) ................................................................................................................... 53
           4.8     Non-face to face Identification and verification ............................................................... 53
              4.8.1 Suitable certifiers ..................................................................................................... 54
           4.9     Exceptions from identification measures......................................................................... 56
              4.9.1 Regulated persons and those carrying on equivalent businesses .......................... 56
              4.9.2 Companies with listed securities.............................................................................. 56
              4.9.3 Jersey public authorities .......................................................................................... 57
              4.9.4 Persons authorised to act on behalf of an applicant................................................ 57
              4.9.5 Identification measures for pension schemes ......................................................... 58
              4.9.6 Other exceptions...................................................................................................... 58
           4.10    Identification and verification of identity in intermediary and introduced relationships ... 58
              4.10.1 Assessment of risk where reliance placed on intermediaries and introducers........ 60
              4.10.2 Intermediary relationships – Article 17..................................................................... 61
              4.10.3 Intermediary and introduced relationships – Article 16............................................ 62
              4.10.4 Group intermediaries and introducers in certain jurisdictions – Article 16............... 64
              4.10.5 Intermediary customers and lower risk products ..................................................... 65
           4.11    Reduced or simplified measures: verification of identity concession for very low risk
                   products/services ............................................................................................................ 66
           4.12    Timing of initial identification and verification of identity ................................................. 67
              4.12.1 Delayed completion of verification requirements..................................................... 67
           4.13    Subsequent identification and verification of identity ...................................................... 68
           4.14    Failure to complete identification or verification of identity.............................................. 68


4                                                                                                                     Effective from: 4 February 2008
                                                                                                                           Revised: 30 January 2009
                                                                                                                               Revised: 20 July 2009
                                                                                                                                 Revised 22 July 2010
                                                                                             Handbook for regulated financial services businesses

                                                                                                                                                 Contents



       5       MONITORING ACTIVITY AND TRANSACTIONS...................................................................... 70
           5.1     Overview of section ......................................................................................................... 70
           5.2     Obligation to monitor ....................................................................................................... 71
              5.2.1 Countries and territories that do not, or insufficiently, apply FATF Recommendations74
           5.3     Automated monitoring methods ...................................................................................... 74

       6       REPORTING MONEY LAUNDERING AND FINANCING TERRORISM ACTIVITY AND
               TRANSACTIONS ........................................................................................................................ 75
           6.1     Overview of section ......................................................................................................... 75
           6.2     Disclosure of knowledge or suspicion to the JFCU......................................................... 75
           6.3     Procedures for reporting to the JFCU ............................................................................. 76
              6.3.1 Internal reporting procedures................................................................................... 77
              6.3.2 Evaluation of suspicious activity reports by the MLRO............................................ 77
              6.3.3 Reporting to the JFCU ............................................................................................. 78
           6.4     Tipping off........................................................................................................................ 78
              6.4.1 The customer due diligence process ....................................................................... 78
              6.4.2 JFCU consent .......................................................................................................... 79
              6.4.3 Terminating a relationship ....................................................................................... 79

       7       VETTING, AWARENESS AND TRAINING OF EMPLOYEES ................................................... 80
           7.1     Overview of section ......................................................................................................... 80
           7.2     Obligation to promote awareness and to train ................................................................ 80
           7.3     Vetting of relevant employees......................................................................................... 81
           7.4     Awareness of employees ................................................................................................ 82
              7.4.1 All relevant employees (customer facing and non-customer facing)....................... 82
              7.4.2 Non-relevant employees .......................................................................................... 82
              7.4.3 Ongoing awareness (all employees) ....................................................................... 82
           7.5     Training of employees ..................................................................................................... 83
           7.6     Adequacy of training........................................................................................................ 83
              7.6.1 All relevant employees (customer facing and non-customer facing)....................... 83
              7.6.2 The Board ................................................................................................................ 84
              7.6.3 The MLCO ............................................................................................................... 84
              7.6.4 The MLRO and deputy MLROs ............................................................................... 84
              7.6.5 Non-relevant employees .......................................................................................... 84
           7.7     Timing and frequency of training..................................................................................... 84
           7.8     Monitoring the effectiveness of promotion and awareness and of training..................... 85

       8       RECORD KEEPING .................................................................................................................... 86
           8.1     Overview of section ......................................................................................................... 86
           8.2     Recording evidence of identity and other customer due diligence measures................. 86
           8.3     Recording transactions.................................................................................................... 87
           8.4     Other record keeping requirements ................................................................................ 88
              8.4.1 Compliance monitoring and procedures .................................................................. 88
              8.4.2 Suspicious activity reports ....................................................................................... 88
              8.4.3 Records relating to higher risk activity and transactions ......................................... 89
              8.4.4 Training and awareness .......................................................................................... 89
           8.5     Access to and retrieval of records................................................................................... 89
              8.5.1 External record-keeping........................................................................................... 90
              8.5.2 Requirements on closure or transfer of business .................................................... 90
Effective from: 4 February 2008                                                                                                                             5
Revised: 30 January 2009
Revised: 20 July 2009
Revised 22 July 2010
Handbook for regulated financial services businesses

Contents


       9       EXISTING CUSTOMERS ............................................................................................................ 91
           9.1         Overview of section ......................................................................................................... 91
           9.2         Application of identification measures to existing customers.......................................... 91

       Glossary .............................................................................................................................................. 95




6                                                                                                                         Effective from: 4 February 2008
                                                                                                                               Revised: 30 January 2009
                                                                                                                                   Revised: 20 July 2009
                                                                                                                                     Revised 22 July 2010
                                                                                Handbook for regulated financial services businesses

                                                                                                       Part 1: Section 1 - Introduction




1            INTRODUCTION

       1.      The continuing ability of Jersey’s finance industry to attract legitimate customers with funds and
               assets that are clean and untainted by criminality depends, in large part, upon the Island’s
               reputation as a sound, well-regulated jurisdiction. Any business that assists in laundering the
               proceeds of crime, or financing of terrorism, whether:
               • with knowledge or suspicion of the connection to crime; or
               • acting without regard to what it may be facilitating through the provision of its products or
                 services
              will face the loss of its reputation, risk the loss of its licence 1 or other regulatory sanctions
              (where regulated and supervised), damage the integrity of Jersey’s finance industry as a whole,
              and may risk prosecution for criminal offences.
       2.      Jersey has had in place a framework of anti-money laundering legislation since 1988, and for
               the countering of terrorism since 1990. This legislation has continued to be updated as new
               threats have emerged, including legislation to extend the definition of criminal conduct for
               which a money laundering offence can be committed and to combat international terrorism.
       3.      Jersey’s defences against the laundering of criminal funds and terrorist financing rely heavily
               on the vigilance and co-operation of the finance sector. Specific financial sector legislation (the
               Money Laundering (Jersey) Order 2008) is therefore also in place covering a person carrying
               on financial services business in or from within Jersey, and a Jersey body corporate or limited
               liability partnership (“LLP”) carrying on financial services business anywhere in the world (a
               “relevant person”).
       4.      Each relevant person in Jersey must recognise the role that it must play in protecting itself, and
               its employees, from involvement in money laundering and the financing of terrorism, and also
               in protecting the Island’s reputation of probity.
       5.      The Jersey Financial Services Commission (the “Commission”) strongly believes that the key
               to the prevention and detection of money laundering and the financing of terrorism lies in the
               implementation of, and strict adherence to, effective systems and controls, including sound
               customer due diligence (“CDD”) measures based on international standards. The Handbook
               therefore establishes standards which match international standards issued by the Financial
               Action Task Force on Money Laundering (the “FATF”). The Handbook also has regard to the
               standards promoted by the Basel Committee on Banking Supervision, International
               Organisation of Securities Commissions and the International Association of Insurance
               Supervisors. The Handbook takes account of the requirements of European Union (the “EU”)
               legislation to counter money laundering and the financing of terrorism and its application of
               standards set by the FATF.
       6.      The Commission is also mindful of the importance of financial services being generally
               available to all Jersey residents and, where necessary, the Handbook incorporates measures
               to guard against the financial exclusion of Jersey residents from financial services and
               products.




       1
         In this handbook “licence” is being used as a generic term to cover: a registration granted under the Banking Business
       (Jersey) Law 1991 (the “BB(J)L”); a permit or certificate granted pursuant to the Collective Investment Funds (Jersey) Law
       1988 (the “CIF(J)L”); a registration granted under the Financial Services (Jersey) Law 1998 (the “FS(J)L”); and a permit
       granted pursuant to the Insurance Business (Jersey) Law 1996 (the “IB(J)L”).

Effective from: 4 February 2008                                                                                                      7
Revised: 28 October 2008
Section 1.5 revised: 21 January 2009
Section 1.4 revised: 21 May 2009
Section 1.7 revised 22 July 2010
Handbook for regulated financial services businesses

Part 1: Section 1 – Introduction




1.1             OBJECTIVES OF THE HANDBOOK

       7.       The objectives of the Handbook are as follows:
                •    to outline the requirements of the Proceeds of Crime (Jersey) Law 1999 (the “Proceeds of
                     Crime Law”), the Drug Trafficking Offences (Jersey) Law 1988 (the “Drug Trafficking
                     Offences Law”), the Terrorism (Jersey) Law 2002 (the “Terrorism Law”), and the
                     Terrorism (United Nations Measures) (Channel Islands) Order 2001 and the Al-Qa’ida and
                     Taliban (United Nations Measures) (Channel Islands) Order 2002 (“United Nations
                     Measures”), all of which apply to all persons (natural or legal) in Jersey, all persons
                     (natural or legal) operating from within the Island, and all companies and limited liability
                     partnerships registered in Jersey conducting activities in any part of the world;

                •    to outline the requirements of the Money Laundering (Jersey) Order 2008 (the “Money
                     Laundering Order”) which supplements the above legislation by placing more detailed
                     requirements on relevant persons;

                •    to outline the requirements of the Community Provisions (Wire Transfers) (Jersey)
                     Regulations 2007 (the “Wire Transfers Regulations”) which introduce additional
                     obligations for those remitting or receiving wire transfers;

                •    to set out the Commission’s requirements - to be followed by all relevant persons that are
                     regulated by the Commission under the CIF(J)L, the BB(J)L, the IB(J)L, and the FS(J)L
                     (referred to as the “regulatory laws”) and that hold a licence;

                •    to assist a relevant person to comply with the requirements of the legislation described
                     above and the Commission’s requirements through practical interpretation;

                •    to provide a base from which individual businesses can design and implement systems and
                     controls and tailor their own policies and procedures for the prevention and detection of
                     money laundering and the financing of terrorism;

                •    to ensure that Jersey matches international standards to prevent and detect money
                     laundering and the financing of terrorism;

                •    to emphasise the responsibilities of the Board of a relevant person in preventing and
                     detecting money laundering and the financing of terrorism;

                •    to promote the use of a proportionate, risk based approach to CDD measures, which
                     directs resources towards higher risk customers;

                •    to provide more practical guidance on identification and verification of identity;

                •    to emphasise the particular money laundering and financing terrorism risks of certain
                     financial services and products; and

                •    to provide an information resource to be used in training and raising awareness of money
                     laundering and the financing of terrorism.

       8.       The Handbook will be reviewed on a regular basis and, following consultation, may be the
                subject of amendment in light of experience, changes in legislation, and the development of
                international standards.
       9.       The Handbook is intended for use by senior management and compliance staff in the
                development of a relevant person’s systems and controls, and detailed policies and
                procedures. The Handbook is not to be used by a relevant person as an internal procedures
                manual.
8                                                                                          Effective from: 4 February 2008
                                                                                                 Revised: 28 October 2008
                                                                                     Section 1.5: Revised 21 January 2009
                                                                                         Section 1.7 Revised 22 July 2010
                                                                             Handbook for regulated financial services businesses

                                                                                                   Part 1: Section 1 – Introduction



1.2           STRUCTURE OF THE HANDBOOK

       10.    Part 1 of the Handbook is structured to take a two level approach.
              •    Level one (Statutory Requirements) describes the statutory requirements that apply to a
                   relevant person (natural or legal) when carrying on financial services business. Failure to
                   follow a statutory requirement is a criminal offence and may also attract regulatory
                   sanction.

              •    Level two (Regulatory Requirements) sets out how a relevant person must meet the
                   Statutory Requirements. Failure to follow level two may attract regulatory sanction 2 .

       11.    The Guidance Notes, which accompany the two levels, present ways of complying with the
              Statutory Requirements (level one), and Regulatory Requirements (level two) and must always
              be read in conjunction with these requirements. A relevant person may adopt other
              appropriate measures to those set out in the Guidance Notes, including policies and
              procedures established by group, so long as it can demonstrate that such measures also
              achieve compliance with the Statutory and Regulatory Requirements. This allows a relevant
              person discretion as to how to apply requirements in the particular circumstances of its
              business, products, services, transactions and customers. The soundly reasoned application
              of the provisions contained within the Guidance Notes will provide a good indication that a
              relevant person is in compliance with the Statutory and Regulatory Requirements.
       12.    The provisions of the Statutory Requirements and of the Regulatory Requirements are
              described using the term must, indicating that these requirements are mandatory. However, in
              exceptional circumstances, where strict adherence to a Regulatory Requirement would
              produce an anomalous result, a relevant person that is regulated may apply in advance in
              writing to the Commission for variance from the requirement. For further information refer to
              Part 3, Section 1.3. Paragraph 7 also sets out circumstances where an obligation to do
              something outside Jersey may be met through complying with overseas regulatory
              requirements.
       13.    In contrast, the Guidance Notes use the term may, indicating ways in which the requirements
              may be satisfied, but allowing for alternative means of meeting the requirements. References
              to must and may elsewhere in the Handbook should be similarly construed.
       14.    In addition to the above levels, the Handbook also contains Overview text which provides some
              background information relevant to particular sections or sub-sections of the Handbook.
       15.    The Handbook is not intended to provide an exhaustive list of systems and controls to counter
              money laundering and the financing of terrorism. In complying with the Statutory and
              Regulatory Requirements, and in applying the Guidance Notes, a relevant person should
              (where permitted) adopt an appropriate and intelligent risk based approach and should always
              consider what additional measures might be necessary to prevent its exploitation, and that of
              its products and services, by persons seeking either to launder money or to finance terrorism.
       16.    Level one (Statutory Requirements) necessarily paraphrases provisions contained in the
              Proceeds of Crime Law, Drug Trafficking Offences Law, Terrorism Law, United Nations
              Measures, Wire Transfers Regulations and Money Laundering Order and should always be
              read and understood in conjunction with the full text of each law. This text is presented in
              italics, to distinguish the text, and contains hyperlinks to the relevant statutory provisions.
       17.    References to sections in Part 1 of the Handbook are to sections contained within Part 1.
       18.    Part 2 of the Handbook contains an information resource to be used in training and raising
              awareness of money laundering and the financing of terrorism. Part 3 of the Handbook sets
              out the Commission’s policy for the supervision of compliance of a relevant person that is a


       2
        Level two and the Guidance Notes shall also be relevant in determining whether or not requirements contained in the Money
       Laundering Order or in Article 23 of the Terrorism Law have been complied with.

Effective from: 4 February 2008                                                                                                  9
Revised: 28 October 2008
Section 1.5: Revised 21 January 2009
Section 1.4: Revised 21 May 2009
Section 1.7 Revised 22 July 2010
Handbook for regulated financial services businesses

Part 1: Section 1 – Introduction


                regulated person with the Statutory and Regulatory Requirements of Part 1. Part 4 of the
                Handbook provides an “audit trail” for changes that are made to the Handbook.

1.3             LEGAL STATUS AND SANCTIONS FOR NON-COMPLIANCE

1.3.1          Handbook

       19.      The Handbook is issued by the Commission pursuant to its powers under Article 8 of the
                Financial Services Commission (Jersey) Law 1998 and in the light of provisions of Article 37 of
                the Proceeds of Crime Law (which provides for the Money Laundering Order) and Article 23(6)
                of the Terrorism Law, which anticipate that anti-money laundering and counter-terrorist
                financing procedures will be prescribed for persons carrying out financial services business.

1.3.2          Money Laundering Order

       20.      The Money Laundering Order is made by the Minister for Treasury & Resources under Article
                37 of the Proceeds of Crime Law. The Money Laundering Order covers money laundering and
                terrorist financing offences that are set out in the Proceeds of Crime Law, Drug Trafficking
                Offences Law, and Terrorism Law.
       21.      Failure to comply with the Money Laundering Order is a criminal offence under Article 37(4) of
                the Proceeds of Crime Law. In determining whether a relevant person has complied with any
                of the requirements of the Order, the Royal Court is, pursuant to Article 37(8) of the Proceeds
                of Crime Law, required to take account of the guidance provided by the Handbook (for this
                purpose guidance will include the Regulatory Requirements of the Handbook in conjunction
                with the Guidance Notes), as amended from time to time. The sanction for failing to comply
                with the Money Laundering Order may be an unlimited fine or up to two years imprisonment, or
                both. Where a breach of the Money Laundering Order by a body corporate is proved to have
                been committed with the consent of, or to be attributable to any neglect on the part of, a
                director, manager or other similar officer, that individual, as well as the body corporate shall be
                guilty of the offence and subject to criminal sanctions.
       22.      Similarly, in determining whether a person has committed an offence under Article 23 of the
                Terrorism Law (the offence of failing to report), the Royal Court is required to take account of
                the guidance provided by the Handbook. The sanction for failing to comply with Article 23 of
                the Terrorism Law may be an unlimited fine or up to five years imprisonment, or both.

1.3.3           Regulatory Requirements

       23.      Regulatory Requirements are set by the Commission under Article 22 of the Proceeds of Crime
                (Supervisory Bodies) (Jersey) Law 2008 (the “Supervisory Bodies Law”). This provides for
                the Commission to prepare and issue Codes of Practice for the purpose of establishing sound
                principles for compliance with the Supervisory Bodies Law, Drug Trafficking Offences Law,
                Proceeds of Crime Law, Terrorism Law, United Nations Measures, the Wire Transfers
                Regulations, and the Money Laundering Order. Compliance with Regulatory Requirements will
                be considered by the Commission in the conduct of its supervisory visits.
       24.      Non-compliance with the Regulatory Requirements may be regarded by the Commission as an
                indication of a failure to comply with sound principles.
       25.      The consequences of non-compliance with the Regulatory Requirements that are set through
                the Supervisory Bodies Law could include an investigation by or on behalf of the Commission,
                the imposition of regulatory sanctions, and criminal prosecution of the business and its
                employees. Regulatory sanctions include:
                •    issuing a public statement;

                •    imposing a direction and making this public; and


10                                                                                       Effective from: 4 February 2008
                                                                                               Revised: 28 October 2008
                                                                                   Section 1.5: Revised 21 January 2009
                                                                                       Section 1.7 Revised 22 July 2010
                                                                   Handbook for regulated financial services businesses

                                                                                        Part 1: Section 1 – Introduction



              •    revocation of a licence.

       26.    In addition to this, the ability of a relevant person that is a regulated by the Commission under
              the regulatory laws to demonstrate compliance with the Regulatory Requirements will be
              directly relevant to its regulated status and any assessment of fitness and propriety of its
              principals. Non-compliance with the Regulatory Requirements may be regarded by the
              Commission as an indication of:
              •    a lack of fitness and propriety under Articles 7 or 8B of the CIF(J)L, Article 10 of the
                   BB(J)L, Article 7 of the IB(J)L, and Article 9 of the FS(J)L; and/or

              •    a failure to follow certain fundamental principles within Codes of Practice issued under
                   each of the regulatory laws.

       27.    In addition to the regulatory sanctions that are available under the Supervisory Bodies Law,
              consequences of non-compliance with the regulatory laws could also include imposing a
              licence condition, objecting to the appointment and continued appointment of a principal person
              (or equivalent controller or manager of the business) or key person, and appointment of a
              manager.
       28.    The Commission’s policy for supervising and enforcing compliance with the requirements of the
              Handbook is set out in Part 3 of the Handbook.

1.4           SCOPE OF THE MONEY LAUNDERING ORDER AND REGULATORY REQUIREMENTS

1.4.1         Application of the Money Laundering Order to financial services business conducted in
              Jersey

       29.    The Money Laundering Order applies to any person that is carrying on financial services
              business in or from within Jersey. This will include Jersey-based branches of companies
              incorporated outside Jersey conducting financial services business in Jersey.

1.4.2         Application of the Money Laundering Order and Regulatory Requirements outside
              Jersey

       30.    Under Article 10A(2)(a) of the Money Laundering Order, a relevant person that is a Jersey
              body corporate or Jersey limited liability partnership and carries on a financial services
              business through an overseas branch must comply with the Money Laundering Order in
              respect of that business. In cases where a relevant person is not a Jersey body corporate or
              Jersey limited liability partnership, Article 10A(3) requires a relevant person that carries on a
              financial services business through an overseas branch to apply measures that are at least
              equivalent to the requirements of the Money Laundering Order to that business.
       31.    Under Article 10A(2)(b) and (4) of the Money Laundering Order, a relevant person must ensure
              that any subsidiary of that relevant person applies measures that are at least equivalent to the
              requirements of the Money Laundering Order in respect of any financial services business
              carried on outside Jersey by that subsidiary.
       32.    Where legislation in place in a jurisdiction outside Jersey prohibits compliance with the Money
              Laundering Order, then, under Article 10A(6) of the Money Laundering Order, the requirements
              set out in Article 10A(2), (3) and (4) do not apply and the Commission must be informed that
              this is the case. In such circumstances, Article 10A(8) requires a relevant person to take other
              reasonable steps to effectively deal with the risk of money laundering and the financing of
              terrorism.
       33.    If a relevant person carries on a financial services business or has a subsidiary carrying on
              such a business in a jurisdiction outside Jersey that has more stringent requirements than
              those set out in the Money Laundering Order, Article 10A(10) of the Money Laundering Order

Effective from: 4 February 2008                                                                                      11
Revised: 28 October 2008
Section 1.5: Revised 21 January 2009
Section 1.4: Revised 21 May 2009
Section 1.7 Revised 22 July 2010
 Handbook for regulated financial services businesses

 Part 1: Section 1 – Introduction


                 provides that the relevant person must ensure that the more stringent requirements are
                 complied with.
        34.      Overseas regulatory requirements and guidance may be followed by overseas branches and
                 subsidiaries conducting financial services business, rather than the Regulatory Requirements
                 and Guidance Notes contained in the Handbook, so long as the overseas regulatory
                 requirements and guidance are consistent with those of the Handbook, or are otherwise
                 consistent with the requirements of the FATF Recommendations (see Section 1.7.2).

1.4.3           Application of Regulatory Requirements

        35.      The Regulatory Requirements that are applied in this Handbook cover relevant persons that
                 are regulated by the Commission under the regulatory laws.
        36.      Separate handbooks have been published for the accountancy and legal sectors, and estate
                 agents and high value dealers.
        37.      Relevant persons that are not covered by this Handbook or other handbooks should refer to
                 paragraph 21.

 1.5             DEFINITION OF FINANCIAL SERVICES BUSINESS

        38.      Schedule 2 of the Proceeds of Crime Law defines financial services business activity.
                 Appendix E reproduces Schedule 2. Included in Appendix E is a document explaining the
                 rationale for exempting certain activities from Schedule 2.

 1.6             RISK BASED APPROACH

        39.      To assist the overall objective to prevent money laundering and the financing of terrorism, the
                 Handbook adopts a risk based approach. Such an approach:
                 •    recognises that the money laundering and financing of terrorism threat to a relevant person
                      varies across customers, jurisdictions, products and delivery channels;

                 •    allows a relevant person to differentiate between customers in a way that matches risk in a
                      particular business;

                 •    while establishing minimum standards, allows a relevant person to apply its own approach
                      to systems and controls, and arrangements in particular circumstances; and

                 •    helps to produce a more cost effective system.

        40.      Systems and controls will not detect and prevent all money laundering or the financing of
                 terrorism. A risk based approach will, however, serve to balance the cost burden placed on
                 individual businesses and on their customers with a realistic assessment of the threat of a
                 business being used in connection with money laundering or the financing of terrorism by
                 focusing effort where it is needed and has most impact.
        41.      Inter alia, Part 3 of the Handbook sets out in further detail the Commission’s expectations of a
                 soundly reasoned risk based approach.




 12                                                                                     Effective from: 4 February 2008
                                                                                              Revised: 28 October 2008
                                                                                  Section 1.5: Revised 21 January 2009
                                                                                      Section 1.7 Revised 22 July 2010
                                                                             Handbook for regulated financial services businesses

                                                                                                  Part 1: Section 1 – Introduction




1.7              EQUIVALENCE OF REQUIREMENTS IN OTHER COUNTRIES AND TERRITORIES

1.7.1           Equivalent business

       42.       Articles 16 and 17 of the Money Laundering Order permit concessions from identification
                 measures where a person with a specific connection to a customer is carrying on a financial
                 services business that is overseen for AML/CFT 3 compliance in Jersey or carries on business
                 that is “equivalent business”. Sections 3.5 and 4.11 of the Handbook also provide
                 concessions from Regulatory Requirements on a similar basis.
       43.       Article 5 of the Money Laundering Order defines equivalent business as being overseas
                 business that:
                 •   if carried on in Jersey would be financial services business;

                 •   may only be carried on in the country or territory by a person registered or otherwise
                     authorised under the law of that country or territory to carry on that business;

                 •   is subject to requirements to forestall and prevent money laundering consistent with those
                     in the FATF Recommendations in respect of that business; and

                 •   is supervised for compliance with those requirements by an overseas regulatory authority.

       44.       The condition requiring that the business must be subject to requirements to combat money
                 laundering and the financing of terrorism consistent with those in the FATF Recommendations
                 will be satisfied where the business is located in an equivalent country or territory (see Section
                 1.7.2).

1.7.2           Equivalent countries and territories

       45.       Appendix B provides a list of countries and territories that are considered by the Commission to
                 have set requirements for measures to be taken by their domestic financial institutions and
                 designated non-financial businesses and professions to forestall and prevent money laundering
                 and the financing of terrorism that are consistent with those in the FATF Recommendations,
                 hereafter referred to as “equivalent jurisdictions”.
       46.       Appendix B is not intended to provide an exhaustive list of such countries and territories, and
                 no conclusions should be drawn from the omission of a particular country or territory from the
                 list.

1.7.3           Determining equivalence

       47.       Requirements for measures to be taken by financial institutions and designated non-financial
                 businesses and professions (carrying on equivalent business) to forestall and prevent money
                 laundering and the financing of terrorism will be considered to be consistent with the FATF
                 Recommendations only where those requirements are established by law, regulation, or other
                 enforceable means.
       48.       In determining whether or not the requirements for measures to be taken in a country or
                 territory are consistent with the FATF Recommendations, the Commission will have regard for
                 the following:




       3
           AML/CFT means Anti-money Laundering / Countering the Financing of Terrorism

Effective from: 4 February 2008                                                                                                13
Revised: 28 October 2008
Section 1.5: Revised 21 January 2009
Section 1.4: Revised 21 May 2009
Section 1.7 Revised 22 July 2010
Handbook for regulated financial services businesses

Part 1: Section 1 – Introduction


                •    Generally - whether or not the country or territory is a member of the FATF, a member of a
                     FATF Style Regional Body, a Member State of the EU (including Gibraltar), a member of
                     the European Economic Area (“EEA”), or another Crown Dependency (the Bailiwick of
                     Guernsey and the Isle of Man).

                •    Specifically - whether a country or territory is compliant or largely compliant with those
                     FATF Recommendations that are directly relevant to the application of available
                     concessions. These are Recommendations 5-11, 13-15, 18, 21, 23, and Special
                     Recommendations IV and VII. Where a person with a specific connection to a customer is
                     a designated non-financial business or profession (a term that is defined by the FATF),
                     then Recommendations 12, 16, and 24 will be relevant. The following sources may be
                     used to determine whether a country or territory is compliant or largely compliant:

                             the laws and instruments that set requirements in place in that country or territory;

                             recent independent assessments of that country’s or territory’s framework to combat
                             money laundering and the financing of terrorism, such as those conducted by the
                             FATF, FATF Style Regional Bodies, the International Monetary Fund (the “IMF”) and
                             the World Bank (and published remediation plans); and

                             other publicly available information concerning the effectiveness of a country’s or
                             territory’s framework.

       49.      Where a relevant person seeks itself to assess whether a country or territory not listed by the
                Commission is an equivalent country or territory, the relevant person must conduct an
                assessment process comparable to that described above, and must be able to demonstrate the
                process undertaken and the basis for its conclusion.




14                                                                                         Effective from: 4 February 2008
                                                                                                 Revised: 28 October 2008
                                                                                     Section 1.5: Revised 21 January 2009
                                                                                         Section 1.7 Revised 22 July 2010
                                                                     Handbook for regulated financial services businesses

                                                                               Part 1: Section 2 – Corporate Governance




2            CORPORATE GOVERNANCE

2.1            OVERVIEW OF SECTION

       1.      The Cadbury Report on corporate governance states that corporate governance is the system
               by which businesses are directed and controlled. The Cadbury Report adds that the
               responsibilities of the Board include setting strategic aims, providing the leadership to put them
               into effect and supervising the management of the business. The Organisation for Economic
               Co-operation and Development builds on this definition by stating that the corporate
               governance structure specifies the distribution of rights and responsibilities among different
               participants, such as the Board, managers and other stakeholders, and spells out the rules and
               procedures for making decisions on corporate affairs.
       2.      Under the general heading of corporate governance, this section considers:
               • Board responsibilities for the prevention and detection of money laundering and the
                 financing of terrorism;
               • requirements for risk management systems and controls, and for training; and
               • the appointment of a Money Laundering Compliance Officer (the “MLCO”) and Money
                 Laundering Reporting Officer (the “MLRO”).
       3.      The Handbook describes a relevant person’s general framework to combat money laundering
               and the financing of terrorism as a “business’ systems and controls”. The Handbook refers
               to the way in which those systems and controls are implemented into the day-to-day operation
               of the business as the “business’ policies and procedures”.
       4.      Where a relevant person is not a company, but is, for example, a branch or partnership,
               references in this section to “the Board” should be read as meaning the senior management
               function of that business.

2.2            OBLIGATION TO HAVE PROCEDURES AND CONTROLS

               STATUTORY REQUIREMENTS
       5.      In accordance with Article 37 of the Proceeds of Crime Law, a relevant person must have in
               place procedures to prevent and detect money laundering. Failure to establish and maintain
               such procedures is a criminal offence and, where such an offence is proved to have been
               committed with the consent or connivance of, or to be attributable to neglect on the part of, a
               director or manager or officer of the business, he too shall be deemed to have committed a
               criminal offence.
       6.      Article 37 enables the Treasury and Resources Minister to prescribe by Order the procedures
               that must be put in place by a relevant person. These procedures are established in the
               Money Laundering Order.

2.3            BOARD RESPONSIBILITIES

               OVERVIEW
       7.      The key responsibilities of the Board are set out in further detail below. The Board is assisted
               in fulfilling these responsibilities by a MLCO and MLRO. Larger or more complex relevant
               persons may also require dedicated risk and internal audit functions to assist in the
               assessment and management of money laundering and financing of terrorism risk.




Effective from: 4 February 2008                                                                                       15
Handbook for regulated financial services businesses

Part 1: Section 2 – Corporate Governance



               STATUTORY REQUIREMENTS
       8.      Article 11(1) of the Money Laundering Order requires a relevant person to establish and
               maintain policies and procedures in respect of the person’s financial services business in order
               to prevent and detect money laundering.
       9.      Article 11(11) of the Money Laundering Order requires a relevant person to establish and
               maintain procedures for monitoring and testing the effectiveness of its procedures, including
               the effectiveness of awareness raising and training for relevant employees (see Section 7).

               REGULATORY REQUIREMENTS
       10.     The Board must conduct and document a business risk assessment. In particular, the Board
               must consider, on an ongoing basis, the extent of its exposure to risks by reference to its
               organisational structure, its customers, the jurisdictions with which its customers are
               connected, its products and services, and how it delivers those products and services. The
               Board’s assessment must be kept up to date. (See Section 2.3.1).
       11.     On the basis of its business risk assessment, the Board must establish a formal strategy to
               counter money laundering and financing of terrorism. For a Jersey business forming part of a
               group operating outside the Island, that strategy must protect both its global reputation and its
               Jersey business.
       12.     Taking into account the conclusions of the business risk assessment and strategy, the Board
               must organise and control its affairs effectively and be able to demonstrate the existence of
               adequate systems and controls (including policies and procedures) to counter money
               laundering and financing of terrorism. (See Section 2.4).
       13.     The Board must document its systems and controls (including policies and procedures) and
               clearly apportion responsibilities for countering money laundering and financing of terrorism,
               and, in particular, responsibilities of the MLCO and MLRO (see Sections 2.5 and 2.6).
       14.     The Board must assess both the effectiveness of, and compliance with, systems and controls
               and take prompt action necessary to address any deficiencies. (See Sections 2.4.1 and 2.4.2).
       15.     The Board must consider what barriers (including cultural barriers) exist to prevent the
               operation of effective systems and controls to counter money laundering and the financing of
               terrorism, and must take effective measures to address them. (See Section 2.4.3).
       16.     The Board must notify the Commission immediately in writing of any material failures to comply
               with the requirements of the Money Laundering Order or of the Handbook. Refer to Part 3 of
               the Handbook for further information.

2.3.1          Business risk assessment

               GUIDANCE NOTES
       17.     The Board of a relevant person may demonstrate that it has considered the business’ exposure
               to money laundering and financing of terrorism risk by:
               • Involving all members of the Board in determining the risks posed by money laundering and
                 financing of terrorism within those areas for which they have responsibility.
               • Considering organisational factors that may increase the level of exposure to the risk of
                 money laundering and financing of terrorism, e.g. outsourced aspects of regulated activities
                 or compliance functions.
               • Considering the nature, scale and complexity of its business, the diversity of its operations
                 (including geographical diversity), the volume and size of its transactions, and the degree of
                 risk associated with each area of its operation.
               • Considering who its customers are and what they do.
               • Considering whether any additional risks are posed by the jurisdictions with which its
                 customers (including intermediaries and introducers) are connected. Factors such as high
                 levels of organised crime, increased vulnerabilities to corruption and inadequate frameworks


16                                                                                   Effective from: 14 February 2008
                                                                     Handbook for regulated financial services businesses

                                                                               Part 1: Section 2 – Corporate Governance



                   to prevent and detect money laundering and the financing of terrorism will impact the risk
                   posed by relationships connected with such jurisdictions.
               • Considering the characteristics of the products and services that it offers and assessing the
                 associated vulnerabilities posed by each product and service, including delivery channels.
                 For example:
                   a.   The use of third parties such as group entities, introducers and intermediaries to
                        conduct elements of the CDD process.
                   b.   Pooled relationships with intermediaries will tend to be more vulnerable - because of
                        the anonymity provided by the co-mingling of assets or funds belonging to several
                        customers by the intermediary.
                   c.   Products such as standard current accounts are more vulnerable because they allow
                        payments to be made to and from third parties, including cash transactions.
                   d.   Conversely, those products that do not permit third party transfers or where redemption
                        is permitted only to an account from which the investment is funded will be less
                        vulnerable.
               • Considering how it establishes and delivers products and services to its customers. For
                 example, risks are likely to be greater whether relationships may be established remotely
                 (non-face to face), or may be controlled remotely by the customer (straight-through
                 processing of transactions).
       18.     The Board must record and retain its business risk assessment. An annual, formal
               reassessment might be appropriate for a dynamic, growing business, but too often in some
               other cases, e.g. an established business with stable products and services.

2.4            SYSTEMS AND CONTROLS, TRAINING AND AWARENESS

               STATUTORY REQUIREMENTS
       19.     Article 11(1) of the Money Laundering Order requires a relevant person to establish and
               maintain appropriate policies and procedures in respect of the person’s financial services
               business in order to prevent and detect money laundering.
       20.     Parts 3, 4 and 5 of the Money Laundering Order provide for the procedures that are to be
               applied in respect of customer due diligence, record keeping and reporting procedures.
       21.     Article 11(2) requires appropriate policies and procedures established and maintained under
               Article 11(1) to provide for an assessment of risk that any business relationship, product or
               transaction will involve money laundering, and to reflect such assessment of risk.
       22.     Article 11(9) of the Money Laundering Order requires a relevant person to take appropriate
               measures for the purpose of making employees whose duties relate to the provision of financial
               services aware of policies and procedures under Article 11(1) and of legislation in Jersey to
               counter money laundering and financing of terrorism. Article 11(10) of the Money Laundering
               Order requires a relevant person to provide employees whose duties relate to the provision of
               financial services with training in the recognition and handling of transactions carried out by or
               on behalf of persons who are, or appear to be, engaged in money laundering or financing
               terrorism.
       23.     Article 11(11) of the Money Laundering Order requires a relevant person to establish and
               maintain policies and procedures for monitoring and testing the effectiveness of its procedures,
               including the effectiveness of awareness raising and training for relevant employees.
       24.     Articles 7 and 8 of the Money Laundering Order require that a relevant person appoints a
               MLCO and a MLRO.
       25.     Article 11(8) requires that a relevant person operating through branches or subsidiaries, which
               carry on financial services business, must communicate its policies and procedures,
               maintained in accordance with Article 11(1), to those branches or subsidiaries.




Effective from: 14 February 2008                                                                                      17
Handbook for regulated financial services businesses

Part 1: Section 2 – Corporate Governance



               REGULATORY REQUIREMENTS
       26.     A relevant person must establish and maintain systems and controls to prevent and detect
               money laundering and the financing of terrorism, that enable the business to:
               • Apply appropriate CDD policies and procedures (in line with Sections 3, 4, and 5), which
                 must include:
                   a.   the development of clear customer acceptance policies and procedures;
                   b.   use of transaction limits and management approvals for higher risk customers.
               • Monitor and review instances where exemptions are granted to policies and procedures, or
                 where controls are overridden.
               • Report to the Joint Financial Crimes Unit (“JFCU”) when it knows, suspects, or has
                 reasonable grounds to know or suspect that another person is involved in money laundering
                 or financing terrorism, including attempted transactions - in line with Section 6.
               • Adequately screen relevant employees when they are initially employed, aware of the risks
                 of becoming concerned in arrangements involving criminal money and terrorist financing,
                 aware of their personal obligations and policies and procedures concerning measures to
                 combat money laundering and the financing of terrorism, and provided with training - in line
                 with Section 7.
               • Keep records - in line with Section 8.
               • Liaise closely with the Commission and the JFCU on matters concerning vigilance, systems
                 and controls.
               • Monitor compliance by overseas branches and subsidiaries with policies and procedures.
       27.     In maintaining the required systems and controls, a relevant person must check that the
               systems and controls are implemented and operating effectively.
       28.     A relevant person must have systems and controls in place, or take appropriate measures, to
               guard against the use of technological developments in money laundering or financing
               terrorism schemes.
       29.     A relevant person must have policies and procedures in place to address specific risks
               associated with non-face to face business relationships or transactions, which should be
               applied when applying CDD measures.

2.4.1          Oversight of the effectiveness of systems and controls

               GUIDANCE NOTES
       30.     For systems and controls (including policies and procedures) to be effective, they will need to
               be both appropriate to the circumstances of the relevant person and complied with. Guidance
               on means of overseeing compliance is set out in Section 2.4.2.
       31.     It is the responsibility of the Board to implement systems and controls that are effective. While
               it is the responsibility of the Board to reach an independent conclusion, the Board may wish to
               use the MLCO and MLRO to provide information and advice to assist the Board to assess the
               effectiveness of the business’ systems and controls. Alternatively, independent assessments
               could be commissioned from time to time from external experts. Larger or more complex
               businesses may require separate risk management and internal audit functions to assist in the
               assessment of effectiveness.
       32.     The Board may demonstrate that it has assessed the effectiveness of a relevant person’s
               systems and controls where it, for example:
               • Receives regular and timely information relevant to the management of the business’
                 money laundering and financing of terrorism risk, including information on any branches and
                 subsidiaries.
               • Considers the adequacy of the management information received by the Board relevant to
                 the management of money laundering and financing of terrorism risk.

18                                                                                   Effective from: 14 February 2008
                                                                     Handbook for regulated financial services businesses

                                                                               Part 1: Section 2 – Corporate Governance



               • Monitors the ongoing competence and effectiveness of the MLCO and the MLRO.
               • Considers the adequacy of resources to comply with the Proceeds of Crime Law, Drug
                 Trafficking Offences Law, Terrorism Law, United Nations Measures and the Money
                 Laundering Order (and by extension, also the Handbook).
               • Periodically reviews the adequacy of policies and procedures for higher risk customers.
               • Periodically considers the adequacy of its approach to the management of money
                 laundering and financing terrorism risk posed by its existing customer base (see Section 9).
               • Considers whether the incidence of suspicious activity reports (or absence of such reports)
                 has highlighted any deficiencies in the business’ CDD measures, or reporting policies and
                 procedures, and whether changes are required to address any such deficiencies.
               • Consider whether inquiries have been made by the JFCU, or production orders received,
                 without issues having previously being identified by CDD or reporting policies and
                 procedures.
               • Consider changes made or proposed in respect of new legislation, regulatory requirements
                 or guidance, or as a result of changes in business activities.

2.4.2          Oversight of compliance with systems and controls

               GUIDANCE NOTES
       33.     The Board may demonstrate that it has assessed that there is compliance with systems and
               controls where it periodically commissions and considers a report from the MLCO that covers
               compliance, and records and retains the report. The frequency of such reports should be
               determined by its business risk assessment and consideration of cultural barriers.
       34.     Areas which the periodic report may cover include:
               • The means by which compliance with the business’ systems and controls has been
                 monitored and tested.
               • Compliance deficiencies identified and details of action taken or proposed to address any
                 such deficiencies.
               • The number and scope of exemptions granted to policies and procedures.
               • The number of internal suspicious activity reports received and the number of subsequent
                 external suspicious activity reports submitted to the JFCU, by business area, if appropriate.
               • Information concerning the training programme: for which staff have received training, the
                 methods of training and the nature of any significant issues arising from the training.
               • Action taken in response to notices highlighting jurisdictions which do not or insufficiently
                 apply the FATF Recommendations or which are the subject of international
                 countermeasures.
               • Action taken to comply with terrorist and financial sanctions legislation.
       35.     To assist the MLCO in preparing the report, a relevant person may wish to provide the MLCO
               with support from its internal audit or compliance function, as appropriate, or to use external
               resources.

2.4.3          Consideration of cultural barriers

               OVERVIEW
       36.     The implementation of systems and controls for the prevention and detection of money
               laundering and the financing of terrorism does not obviate the need for a business to address
               cultural barriers that can prevent effective control. Human factors, such as the inter-
               relationships between different employees within a business, and between employees and
               customers, can result in the creation of damaging barriers.



Effective from: 14 February 2008                                                                                      19
Handbook for regulated financial services businesses

Part 1: Section 2 – Corporate Governance


       37.     Unlike systems and controls, the prevailing culture of an organisation is intangible. As a result,
               its impact on the business can sometimes be difficult to measure.
               GUIDANCE NOTES
       38.     The risk that cultural barriers might prevent the operation of effective systems and controls to
               prevent and detect money laundering and the financing of terrorism may be minimised by the
               Board considering the prevalence of the following factors:
               • An assumption on the part of more junior employees that their concerns or suspicions are of
                 no consequence.
               • Negative handling by managerial staff of queries raised by more junior employees regarding
                 unusual, complex or higher risk activity and transactions.
               • An unwillingness on the part of employees to subject high value (and therefore important)
                 customers to effective CDD checks.
               • Pressure applied by management or customer relationship managers outside Jersey upon
                 employees in Jersey to transact without first conducting all relevant customer due diligence.
               • Excessive pressure applied on employees to meet aggressive revenue-based targets, or
                 where employee or management remuneration or bonus schemes are exclusively linked to
                 revenue-based targets.
               • The familiarity of employees with certain customers resulting in unusual or higher risk
                 activity and transactions within such relationships not being identified as such.
               • The inability of employees to understand the commercial rationale for business
                 relationships, resulting in a failure to identify non-commercial and therefore potential money
                 laundering and financing of terrorism activity.
               • A tendency for line managers to discourage employees from raising concerns due to lack of
                 time and/or resources, preventing any such concerns from being addressed satisfactorily.
               • An excessive desire on the part of employees to provide a confidential and efficient
                 customer service.
               • Non-attendance of senior employees at anti-money laundering and countering the financing
                 of terrorism training sessions on the basis of mistaken belief that they cannot learn anything
                 new or because they have too many other competing demands on their time.

2.4.4          Outsourcing

               OVERVIEW
       39.     In all instances of outsourcing, it is the delegating business that bears the ultimate
               responsibility for the duties undertaken in its name. This will include the requirement to
               determine that the third party has in place satisfactory systems and controls, and that those
               systems and controls are kept up to date to reflect changes in requirements.
       40.     Depending on the nature and size of a relevant person, the roles of MLCO and MLRO may
               require additional support and resourcing. Where a business elects to bring in additional
               support, or to delegate areas of the MLCO or MLRO functions to third parties, the MLCO or
               MLRO will remain directly responsible for his respective role.
               REGULATORY REQUIREMENTS
       41.     A relevant person must follow the Commission’s policy statement and guidance notes on
               outsourcing, as may be amended from time to time.
       42.     A relevant person must consider the effect that outsourcing has on money laundering and
               financing terrorism risk, in particular where a MLCO or MLRO is provided with additional
               support from third parties, either from within group or externally.
       43.     A relevant person must assess possible money laundering or financing terrorism risk
               associated with outsourced functions, record its assessment, and monitor any risk on an
               ongoing basis.


20                                                                                   Effective from: 14 February 2008
                                                                                    Handbook for regulated financial services businesses

                                                                                               Part 1: Section 2 – Corporate Governance



       44.       Where an outsourced activity is a financial services business activity, then a relevant person
                 must be satisfied with the policies and procedures that are put in place by the provider of the
                 outsourced service.
       45.       In particular, a relevant person must be satisfied that knowledge, suspicion, or reasonable
                 grounds for knowledge or suspicion of money laundering or financing of terrorism activity will
                 be reported by the provider of the outsourced service to the MLRO (or deputy MLRO) of the
                 relevant person.

2.5              THE MONEY LAUNDERING COMPLIANCE OFFICER (MLCO)

                 OVERVIEW
       46.       The Money Laundering Order requires a relevant person to maintain appropriate policies and
                 to apply procedures, and to monitor the business’ compliance with those policies and
                 procedures. The Money Laundering Order requires that the business appoint an individual as
                 MLCO, and task that individual with the function of monitoring the business’ compliance with
                 legislation in Jersey relating to money laundering and financing of terrorism.
       47.       This requirement does not preclude the Board from using internal or external resources to
                 monitor compliance or preclude the MLCO from having a functional reporting line, to a group
                 compliance function.
                 STATUTORY REQUIREMENTS
       48.       Article 7 of the Money Laundering Order requires a relevant person to appoint a MLCO to
                 monitor whether the enactments in Jersey relating to money laundering and financing of
                 terrorism are being complied with. The same person may be appointed as both MLCO and
                 MLRO.
       49.       Article 7(6) of the Money Laundering Order requires a relevant person to notify the Commission
                 in writing within one month when a person is appointed as, or ceases to be, a MLCO.
                 However, Article 10 provides that the Commission may grant exemptions from this notification
                 requirement, by way of notice.
       50.       Article 7 of the Money Laundering Order recognises that a relevant person that is a regulated
                 person may have notified the Commission of the appointment or cessation of a MLCO under a
                 requirement of the regulatory legislation. If so, a duplicate notification is not required under the
                 Money Laundering Order.


                 REGULATORY REQUIREMENTS
       51.       A relevant person must appoint a MLCO that:
                 • is employed by the relevant person or business in the same group as the relevant person 4 ;
                 • is based in Jersey 5 ;
                 • has sufficient experience and skills;
                 • has appropriate independence;
                 • has a sufficient level of seniority and authority within the business so that the Board reacts
                   to and acts upon any recommendations made;



       4
             In the case of a relevant person that: is a functionary of a collective investment fund, a Category B insurance permit holder,
             a managed bank, or other managed entity; has no staff of its own; and is administered by a financial services business that
             is a regulated person, it is acceptable for an employee of the administrator to be appointed by the relevant person as its
             MLCO.
       5
             In the case of a relevant person that: is a Category A or Category B insurance permit holder or a money service business;
             has no staff of its own in Jersey; and is administered by a financial services business that is a regulated person or is a
             person carrying on equivalent business (refer to Section 1.7), it is acceptable for the relevant person to appoint an
             employee of the administrator as its MLCO.



Effective from: 14 February 2008                                                                                                        21
Handbook for regulated financial services businesses

Part 1: Section 2 – Corporate Governance


               • has sufficient resources, including sufficient time and (if appropriate) a deputy MLCO and
                 support staff;
               • has regular contact with the Board so that the Board is able to satisfy itself that statutory
                 obligations are being met and that the business is taking sufficiently robust measures to
                 protect itself against the risk of money laundering and financing of terrorism;
               • reports directly to the Board;
               • has unfettered access to all business lines, support departments and information necessary
                 to appropriately perform the function; and
               • is fully aware of both his and the business’ obligations under the Proceeds of Crime Law,
                 Drug Trafficking Offences Law, Terrorism Law, United Nations Measures and the Money
                 Laundering Order (and by extension, also the Handbook).
       52.     In the event that the position of MLCO is expected to fall vacant, to comply with the statutory
               requirement to have an individual appointed to the office of MLCO at all times, a relevant
               person must take action to appoint a member of the Board (or other appropriate member of
               senior management) to the position on a temporary basis.
       53.     Where temporary circumstances arise where the relevant person has a limited or
               inexperienced compliance resource, the business must ensure that this resource is supported
               as necessary.
       54.     When considering whether it is appropriate to appoint the same person as MLCO and MLRO, a
               relevant person must have regard to:
               • the respective demands of the two roles, taking into account the size and nature of the
                 business’ activities; and
               • whether the individual will have sufficient time and resources to fulfil both roles effectively.
       55.     The Commission has exercised the power provided by Article 10 of the Money Laundering
               Order by issuance of a Notice. On 4 February 2008, it issued a Notice in respect of relevant
               persons that are not also regulated persons (see Notice issued under Article 10 of the Money
               Laundering (Jersey) Order 2008).
               GUIDANCE NOTES
       56.     A relevant person may demonstrate that it has clearly apportioned responsibilities for
               countering money laundering and the financing of terrorism, where the MLCO (or other audit,
               compliance or review function):
               • Develops and maintains systems and controls (including policies and procedures) in line
                 with evolving requirements.
               • Undertakes regular reviews (including testing) of compliance with policies and procedures to
                 counter money laundering and the financing of terrorism.
               • Advises the Board on anti-money laundering and financing of terrorism compliance issues
                 that need to be brought to its attention.
               • Reports periodically, as appropriate, to the Board on compliance with the business’ systems
                 and controls.
               • Responds promptly to requests for information made by the Commission and the JFCU.

2.6            THE MONEY LAUNDERING REPORTING OFFICER (MLRO)

               OVERVIEW
       57.     Whilst the Money Laundering Order requires one individual to be appointed as MLRO, it
               recognises that, given the size and complexity of operations of many businesses, it may be
               appropriate to designate additional persons (“deputy MLROs”) to whom suspicious activity
               reports may be made.




22                                                                                     Effective from: 14 February 2008
                                                                                    Handbook for regulated financial services businesses

                                                                                               Part 1: Section 2 – Corporate Governance




                 STATUTORY REQUIREMENTS
       58.       Article 8 of the Money Laundering Order requires a relevant person to appoint a MLRO. The
                 MLRO’s function is to receive and consider reports in accordance with internal reporting
                 procedures. The same person may be appointed as both MLCO and MLRO.
       59.       Article 8(4) of the Money Laundering Order requires a relevant person to notify the Commission
                 in writing within one month when a person is appointed as, or ceases to be, a MLRO.
                 However, Article 10 provides that the Commission may grant exemptions from this notification
                 requirement, by way of notice.
       60.       Article 8 of the Money Laundering Order recognises that a relevant person that is a regulated
                 person may have notified the Commission of the appointment or cessation of a MLRO under a
                 requirement of the regulatory legislation. If so, a duplicate notification is not required under the
                 Money Laundering Order.
       61.       Article 9 allows a relevant person to designate one or more deputy MLROs, in addition to the
                 MLRO, to whom suspicious activity reports may be made.
       62.       Under Article 21(g) procedures must be established and maintained which allow the MLRO and
                 any deputy MLROs to have access to all relevant information which may be of assistance to
                 them when considering a suspicious activity report.

                 REGULATORY REQUIREMENTS
       63.       A relevant person must appoint a MLRO that:
                 • is employed by the relevant person or business in the same group as the relevant person 6 ;
                 • is based in Jersey 7;
                 • has sufficient experience and skills;
                 • has appropriate independence;
                 • has a sufficient level of seniority and authority within the business;
                 • has sufficient resources, including sufficient time, and (if appropriate) is supported by deputy
                   MLROs;
                 • is able to raise issues directly with the Board; and
                 • is fully aware of both his and the business’ obligations under the Proceeds of Crime Law,
                   Drug Trafficking Offences Law, Terrorism Law, United Nations’ Measures and the Money
                   Laundering Order (and by extension, also the Handbook).
       64.       Where a relevant person has appointed one or more deputy MLROs the requirements set out
                 above for the MLRO must also be applied to any deputy MLROs.
       65.       Where a relevant person has appointed one or more deputy MLROs, the business must
                 provide that the MLRO:
                 • keeps a record of all deputy MLROs;
                 • provides support to and routinely monitors the performance of any deputy MLROs; and
                 • consider and determines that suspicious activity reports are being handled in an appropriate
                   and consistent manner.


       6
             In the case of a relevant person that: is a functionary of a collective investment fund, a Category B insurance permit holder,
             a managed bank, or other managed entity; has no staff of its own; and is administered by a financial services business that
             is a regulated person, it is acceptable for an employee of the administrator to be appointed by the relevant person as its
             MLRO.
       7
             In the case of a relevant person that: is a Category A or Category B insurance permit holder or a money service business;
             has no staff of its own in Jersey; and is administered by a financial services business that is a regulated person or is a
             person carrying on equivalent business (refer to Section 1.7), it is acceptable for the relevant person to appoint an
             employee of the administrator as its MLRO.



Effective from: 14 February 2008                                                                                                        23
Handbook for regulated financial services businesses

Part 1: Section 2 – Corporate Governance


       66.     In the event that the position of MLRO is expected to fall vacant, to comply with the statutory
               requirement to have an individual appointed to the office of MLRO at all times, a relevant
               person must take action to appoint a member of the Board (or other appropriate member of
               senior management) to the position on a temporary basis.
       67.     Where temporary circumstances arise where the relevant person has a limited or
               inexperienced reporting resource, the relevant person must ensure that this resource is
               supported as necessary.
       68.     The Commission has exercised the power provided by Article 10 of the Money Laundering
               Order by issuance of a Notice. On 4 February 2008, the Commission issued a Notice in
               respect of relevant persons that are not also regulated persons (see Notice issued under
               Article 10 of the Money Laundering (Jersey) Order 2008).
               GUIDANCE NOTES
       69.     A relevant person may demonstrate that it has clearly apportioned responsibilities for
               countering money laundering and the financing of terrorism, where the MLRO:
               • maintains a record of all enquiries received from law enforcement authorities and records
                 relating to all internal and external suspicious activity reports (Section 8);
               • manages relationships effectively post disclosure to avoid tipping off any third parties; and
               • acts as the liaison point with the Commission and the JFCU and in any other third party
                 enquiries in relation to money laundering or financing of terrorism.
       70.     A relevant person may demonstrate routine monitoring of the performance of any deputy
               MLROs by requiring the MLRO to review:
               • samples of records containing internal suspicious activity reports and supporting information
                 and documentation;
               • decisions of the deputy MLRO concerning whether to make an external suspicious activity
                 report; and
               • the bases for decisions taken.




24                                                                                   Effective from: 14 February 2008
                                                                    Handbook for regulated financial services businesses

                                                                 Part 1: Section 3 – Customer due diligence requirements




3              CUSTOMER DUE DILIGENCE REQUIREMENTS
3.1            OVERVIEW OF SECTION

       1.      This section establishes the minimum CDD requirements of the Handbook, and sets out a
               framework by which a relevant person is required to develop a risk based approach to
               determining the type and extent of measures to apply to different types of customers, products
               and services. For example, the type and extent of customer identification and relationship
               information to collect, the nature of verification of information obtained, and the level of
               business relationship monitoring activity.
       2.      The minimum CDD measures required by the Statutory and Regulatory Requirements of the
               Handbook involve:
               •   Identifying an applicant for business and verifying the applicant’s identity using reliable,
                   independent source documents, data or information.

               •   Identifying the beneficial ownership and control of the applicant and taking reasonable
                   measures to verify the identity of the beneficial owners and controllers such that a relevant
                   person is satisfied that it knows who the beneficial owners and controllers are.

               •   Identifying any third parties (and owners and controllers) on whose behalf the applicant is
                   acting.

               •    Obtaining information on the purpose and intended nature of the business relationship.

               •   Keeping the above information up to date, and monitoring activity and transactions
                   undertaken throughout the course of a relationship to determine whether the activity or
                   transaction being conducted is consistent with the relevant person’s knowledge of the
                   customer.

       3.      Sound CDD measures are vital because they:
               •   help to protect the relevant person and the integrity of the financial sector in which it
                   operates by reducing the likelihood of the business becoming a vehicle for, or a victim of,
                   financial crime;

               •   assist law enforcement, by providing available information on applicants for business,
                   customers or activities and transactions being investigated - following a suspicious activity
                   report to the JFCU;

               •   constitute an essential part of sound risk management, e.g. by providing the basis for
                   identifying, limiting and controlling risk; and

               •    help to guard against identity fraud.

       4.      The inadequacy or absence of satisfactory CDD measures can subject a relevant person to
               serious customer and counterparty risks, as well as reputational, operational, legal, regulatory
               and concentration risks, any of which can result in significant financial cost to the business.
               CDD information is also a vital tool for the MLRO and business employees when examining
               unusual or higher risk activity or transactions, in order to determine whether a suspicious
               activity report is appropriate.
       5.      The CDD sections of the Handbook (Sections 3, 4 and 5) follow the approach taken to CDD in
               the FATF Recommendations.




Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                      25
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements


       6.      General requirements, including the application of a risk based approach, are described in this
               section (Section 3) together with the circumstances in which enhanced due diligence must be
               conducted.
       7.      Identification and verification elements of CDD are addressed in Section 4, together with
               circumstances in which exceptions apply and simplified procedures might be applied to lower
               risk applicants for business. Ongoing monitoring and scrutiny of activity and transactions is
               described in Section 5. Accordingly, this section should be read and understood in conjunction
               with Sections 4 and 5.
       8.      Throughout this section, references to an “applicant for business” or “applicant” relate to a
               prospective customer, and references to a “customer” relate to a person with whom a business
               relationship has been formed or one-off transaction conducted.
       9.      An applicant for business may be an individual, trustee of an express trust, or a legal body
               (including bodies corporate, foundations, anstalts, partnerships, associations, or any similar
               bodies that can establish a permanent customer relationship with a relevant person or
               otherwise own property) seeking to enter into a business relationship or conduct a one-off
               transaction - as principal or on behalf of a third party.
       10.     The individuals considered to be the beneficial owners and controllers for each customer type
               are described in Section 4.

3.2            OBLIGATION TO CONDUCT CUSTOMER DUE DILIGENCE

               STATUTORY REQUIREMENTS
       11.     Article 37 of the Proceeds of Crime Law enables the Treasury and Resources Minister to
               prescribe the measures to be followed by a financial services business.
       12.     Article 13(1) of the Money Laundering Order requires a relevant person to apply CDD
               measures.
       13.     Article 3 sets out what due diligence measures are to involve.
       14.     Article 11(1) requires a relevant person to maintain policies and procedures for the application
               of CDD measures that are appropriate having regard to the degree of risk of money laundering
               and the financing of terrorism.
       15.     Article 11(3) requires that the appropriate policies and procedures include policies and
               procedures:
               •    which provide for the identification and scrutiny of:
                   a.   complex or unusually large transactions;
                   b.   unusual patterns of transactions, which have no apparent economic or lawful purpose;
                   c.   business relationships and transactions connected with jurisdictions that do not, or
                        insufficiently, apply the FATF Recommendations;
                   d.   business relationships and transactions with persons or jurisdictions that are subject to
                        UN or EU sanctions and measures, or measures imposed by one more countries for
                        insufficient or non-existent application of FATF Recommendations; or
                   e.   any other activity, the nature of which causes the relevant person to regard it as
                        particularly likely to be related to money laundering or the financing of terrorism.
               •   which specify additional procedures where products and transactions are susceptible to
                   anonymity; and

               •    which determine whether a customer is a PEP.




26                                                                                             Effective from: 4 February 2008
                                                                            Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                         Section 3.4 revised: 30 January 2009
                                                                                          Paragraph 48 revised: 22 April 2009
                                                                              Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                          Handbook for regulated financial services businesses

                                                                       Part 1: Section 3 – Customer due diligence requirements



3.3            RISK BASED APPROACH TO CUSTOMER DUE DILIGENCE

              OVERVIEW

       16.     Section 2.3 of the Handbook requires the Board of a relevant person to conduct (and keep up
               to date) a business risk assessment, which considers the business’ activities and structure and
               concludes on the business’ exposure to money laundering and financing terrorism risk.
       17.     This business risk assessment will enable a relevant person to determine its initial approach to
               performing Stage 1 of the CDD process as set out below, depending on the type of customer,
               product or service involved. The remaining stages of the process require a relevant person to
               consider whether the specific circumstances of the customer, or the product or service
               requested, will necessitate further CDD measures to be applied.
       18.     A risk based approach to CDD is one that involves a number of discrete steps in assessing the
               most effective and proportionate way to manage the money laundering and financing terrorism
               risk faced by a relevant person. While these steps must be incorporated into policies and
               procedures, the steps do not need to take place in the sequence outlined below, and will often
               occur simultaneously.
       19.     The risk assessment of a particular applicant will determine the extent of identification
               information (and other CDD information) that will be requested, how that information will be
               verified, and the extent to which the resulting relationship will be monitored.
       20.     Systems and controls will not detect and prevent all instances of money laundering or the
               financing of terrorism. A risk based approach will, however, serve to balance the cost burden
               placed on a relevant person and on applicants and customers with the risk that the business
               may be used in money laundering or to finance terrorism by focusing resources on higher risk
               areas.
       21.     Care has to be exercised under a risk based approach. Being identified as carrying a higher
               risk of money laundering does not automatically mean that a customer is a money launderer or
               is financing terrorism. Similarly, identifying a customer as carrying a lower risk of money
               laundering does not mean that the customer is not a money launderer or financing terrorism.

              REGULATORY REQUIREMENTS

       22.     A relevant person must apply a risk based approach to determine the extent and nature of the
               measures to be taken when undertaking the process set out below. For higher risk customers,
               refer also to Section 3.4.

               Stages 1-3:       Regulatory Requirements: determination and recording of risk                 Guidance

               Stage 1:          A relevant person must collect relevant CDD information on:                  Section 3.3.1
                                  •     the applicant for business,                                           Section 3.3.2
                                  •     any beneficial owners and controllers of the applicant, and           Section 3.3.3
                                  •     any third parties on whose behalf the applicant acts (and
                                        beneficial owners and controllers of third parties); and
                                  •    the relationship to be established,
                                 to enable a customer profile to be prepared.
                                 In particular, a relevant person must understand the nature of the
                                 business that the applicant expects to conduct and the rationale for
                                 the business relationship or one-off transaction.




Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                            27
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements



                  Stages 1-3:       Regulatory Requirements: determination and recording of risk                        Guidance

                  Stage 2:          A relevant person must, on the basis of the relevant CDD                            Section 3.3.3
                                    information collected at Stage 1, evaluate the information with
                                                                                                                        Section 3.3.4
                                    reference to “factors to consider” and appropriate external data
                                    sources, and consider whether it is appropriate to collect further
                                    information.

                  Stage 3:          A relevant person must determine and record a risk assessment for                   Section 3.3.5
                                    the applicant.

                  Stages 4-5:       Regulatory Requirements: application of a risk based approach                       Guidance

                  Stage 4:          A relevant person must verify the identity of the applicant and take                Section 4
                                    reasonable measures to verify the identity of any beneficial owners
                                    and controllers of the applicant and of any third parties on whose
                                    behalf the applicant acts (and beneficial owners and controllers of
                                    such third parties).

                  Stage 5:          A relevant person must periodically update relevant CDD                             Section 3.3.6
                                    information and its risk assessment (in line with Stages 1 to 3). In
                                    the event of any change in beneficial ownership or control of the
                                    applicant, or third parties on whose behalf the applicant acts
                                    reasonable measures should be taken to verify identity (in line with
                                    Stage 4).


3.3.1            Customer due diligence information – Stage 1

                 GUIDANCE NOTES
       23.       CDD information comprises both identification information and relationship information.
       24.       Information that may be considered relevant identification information is set out in Section 4.
                 Information that may be considered relevant relationship information for individuals, express
                 trusts, and legal bodies is described below.
       25.       The extent of relationship information sought in respect of a particular applicant, or type of
                 applicant, will depend upon the jurisdictions with which the applicant is connected, the
                 characteristics of the product or service requested, how the product or service will be delivered,
                 as well as factors specific to the applicant.

                  Guidance Notes: customer relationship information

                  All customer          •     Purpose and intended nature of relationship.8
                  types                 •     Type, volume and value of activity expected.
                                        •     Source of funds, e.g. nature and details of occupation or employment.
                                        •     Details of any existing relationships with the relevant person.
                                        •     Reason for using overseas service provider (non-residents only).




       8
           For many simple retail savings or investment products, the reasons for a relationship may be self-evident.

28                                                                                                       Effective from: 4 February 2008
                                                                                      Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                                   Section 3.4 revised: 30 January 2009
                                                                                                    Paragraph 48 revised: 22 April 2009
                                                                                        Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                            Handbook for regulated financial services businesses

                                                                         Part 1: Section 3 – Customer due diligence requirements



                Additional relationship information

                Express trusts      •      Type of trust (e.g. fixed interest, discretionary, testamentary).
                                    •      Structure of any underlying legal bodies (if applicable) and nature of
                                           activities undertaken by the trust and any underlying legal bodies (having
                                           regard for “sensitive activities” as defined by the Commission and trading
                                           activities).
                                    •      Classes of beneficiaries, including any charitable causes named in the
                                           trust instrument.
                                    •      Name of trustee’s regulator, if applicable.

                Legal bodies        •      Entity and group (if applicable) ownership and control structure.
                                    •      Nature of activities undertaken (having regard for “sensitive activities” as
                                           defined by the Commission and trading activities).
                                    •      Geographical sphere of the legal body’s activities and assets.
                                    •      Name of regulator, if applicable.


3.3.2         Customer due diligence profile – Stage 1

              GUIDANCE NOTES
       26.     For certain types of products or services, it may be possible to prepare a customer profile on
               the basis of generic expected activity and transactions. For more complex products or
               services, however, tailored activity profiles may be necessary.
       27.     In any event, a relevant person may demonstrate that a customer profile contains sufficient
               information where that profile enables it to:
               •   identify a pattern of expected business activity and transactions within each business
                   relationship; and

               •   identify unusual or higher risk activity and transactions that may indicate money laundering
                   or financing terrorism activity.

3.3.3         Source of funds and wealth – Stages 1 and 2

              OVERVIEW
       28.     The ability to follow the audit trail for criminal funds and transactions flowing through the
               financial sector is a vital law enforcement tool in money laundering and financing of terrorism
               investigations. Understanding the source of funds and, in higher risk relationships, the
               customer’s source of wealth is also an important aspect of CDD.
              GUIDANCE NOTES
       29.     A relevant person may demonstrate that it has collected relevant relationship information by:

                Lower    and        •      Taking reasonable measures to establish source of funds for each
                standard risk              applicant and, when third party funding is involved, making further
                                           enquiries as to the relationship between the person providing the funds and
                                           the applicant.

                Higher risk:        •      Taking reasonable measures to establish a customer’s source of wealth.
                additional          •      Considering whether it is appropriate to take measures to verify source of
                measures                   funds and wealth.



Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                              29
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements


       30.     The “source of funds” is the activity which generates the funds for a customer, e.g. a
               customer’s occupation or business activities. Information concerning the geographical sphere
               of the activities may also be relevant.
       31.     The Money Laundering Order and the Handbook stipulate record keeping requirements for
               transaction records, which require information concerning the remittance of funds to be
               recorded (e.g. the name of the bank and the name and account number of the account from
               which the funds were remitted). This is not to be confused with source of funds.
       32.     “Source of wealth” is distinct from source of funds, and describes the activities which have
               generated the total net worth of a person, i.e. those activities which have generated a
               customer’s funds and property. Information concerning the geographical sphere of the
               activities that have generated a customer’s wealth may also be relevant.
       33.     In determining source of wealth it will often not be necessary to establish the monetary value of
               an individual’s net worth.

3.3.4         Evaluation of customer due diligence information – Stage 2

              GUIDANCE NOTES
       34.     The following factors may be relevant when assessing and evaluating the CDD information
               collected at Stage 1, and are not exhaustive. A relevant person should consider whether other
               variables are appropriate factors to consider in the context of the products and services that it
               provides and its customer base. Where this evaluation of CDD information highlights a higher
               risk, then it may prove necessary to request further CDD information.

       3.3.4.1            Factors to consider

              Country risk

              •     Residence in or connection with higher risk countries or territories.              The following
                    countries or territories may be considered to present a higher risk:
                    • those that have been indentified by the FATF as having strategic deficiencies in the
                      fight against money laundering and the financing of terrorism (countries and territories
                      in Group 3 of Appendix D);
                    • those that have high levels of organised crime;
                    • those that have strong links (such as funding or other support) with terrorist activities;
                    • those that are vulnerable to corruption; and
                    • those that are the subject of United Nations (“UN”) or EU sanctions measures.
                    In assessing which jurisdictions may present a higher risk, objective data published by
                    the IMF, FATF, World Bank, the Egmont Group of Financial Intelligence Units, US
                    Department of State (International Narcotics Control Strategy Report), US Office of
                    Foreign Assets Control (“OFAC”), and Transparency International (Corruption Perception
                    Index) will be relevant.
              •     Geographical sphere of business activities, e.g. the location of the markets in which a
                    customer does business.
              •     Familiarity of a relevant person with a country, including knowledge of its local legislation,
                    regulations and rules, as well as the structure and extent of regulatory oversight, for
                    example, as a result of a relevant person’s own operations within that country.
              See also 3.4.2.




30                                                                                         Effective from: 4 February 2008
                                                                        Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                     Section 3.4 revised: 30 January 2009
                                                                                      Paragraph 48 revised: 22 April 2009
                                                                          Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                       Handbook for regulated financial services businesses

                                                                    Part 1: Section 3 – Customer due diligence requirements




              Product or service risk

              •     Ability to make payments to third parties.
              •     Ability to pay in or withdraw cash.
              •     Ability to migrate from one product to another.
              •     Ability to hold boxes, parcels or sealed envelopes in safe custody.
              •     Ability to use numbered accounts.
              •     Ability to use “hold mail” facilities.
              •     Ability to pool underlying customers.
              •     Mechanism or instrument that could be used to finance activity-based financial
                    prohibitions (i.e. prohibitions on provision of financial services related to the supply, sale,
                    transfer, manufacture or use of prohibited items, materials, equipment, goods and
                    technology).

              Delivery risk

              •     Indirect relationship with the customer - use of intermediaries or gatekeepers.                (See
                    Section 4.10.1 for factors to consider).
              •     Non-face to face relationships - product or service delivered exclusively by post,
                    telephone, internet etc.
              •     Availability of “straight-through processing” of customer transactions.

              Customer risk

              •     Type of applicant or customer. For example, a politically exposed applicant will present a
                    higher risk.
              •     Nature and scope of business activities generating the funds/assets. For example, an
                    applicant or customer conducting “sensitive” activities (as defined by the Commission) or
                    conducting activities which are prohibited if carried on with certain countries; an applicant
                    or customer engaged in higher risk trading activities; or an applicant or customer
                    engaged in a business which involves significant amounts of cash, may indicate higher
                    risk.
              •     Transparency of applicant or customer. For example, persons that are subject to public
                    disclosure rules, e.g. on exchanges or regulated markets (or consolidated subsidiaries of
                    such persons), or subject to licensing by a statutory regulator, e.g. the Jersey
                    Competition Regulatory Authority, may indicate lower risk. Customers where the
                    structure or nature of the entity or relationship makes it difficult to identify the true
                    beneficial owners and controllers may indicate higher risk.
              •     Reputation of applicant or customer. For example, a well known, reputable person, with
                    a long history in its industry, and with abundant independent information about it and its
                    beneficial owners and controllers may indicate lower risk.
              •     Behaviour of applicant or customer. For example, where there is no commercial
                    rationale for a customer buying the products that he seeks, requests undue levels of
                    secrecy, or where it appears that an “audit trail” has been deliberately broken or
                    unnecessarily layered, an applicant for business may indicate higher risk.
              •     The regularity or duration of the relationship. For example, longstanding relationships
                    involving frequent customer contact that result in a high level of understanding of the

Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                         31
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements


                    customer relationship may indicate lower risk.
              •     Type and complexity of relationship. For example, unexplained use of corporate
                    structures and express trusts, and use of nominee and bearer shares may indicate higher
                    risk.
              •     Value of assets handled.
              •     Value and frequency of cash or other “bearer” transactions.
              •     Delegation of authority by the applicant or customer. For example, the use of powers of
                    attorney, mixed boards and representative offices may indicate higher risk.
              •     Nature of the relationship between an applicant’s beneficial owners and controllers and
                    account signatories.
              •     In the case of an express trust, the relationship of the settlor(s) to beneficiaries with a
                    vested right, to other beneficiaries and persons who are the object of a power. (See also
                    Section 4.4.)
              •     In the case of an express trust, the nature of classes of beneficiaries and classes within
                    an expression of wishes. (See also Section 4.4.)


3.3.4.2       External data sources

       35.     Appropriate external data sources will include sources such as domestic legislation applying
               UN and EU sanctions and measures, and guidance issued by the Commission, and may
               include information published by governments and law enforcement authorities on terrorists
               (e.g. United States government agencies such as the Federal Bureau of Investigation and
               OFAC), electronic subscription databases, the internet and other media.
       36.     In particular, HM Treasury maintains a consolidated list of targets listed by the UN, EU, and UK
               under legislation relating to current financial sanctions regimes.

3.3.5         Customer risk assessment – Stage 3

              GUIDANCE NOTES
       37.     A relevant person may demonstrate an effective process to determine an initial customer risk
               assessment by taking into account:
               •   the CDD information obtained at Stage 1 and the evaluation of this information carried out
                   at Stage 2 against relevant “factors to consider” and external data sources; and

               •   inconsistencies between the CDD information obtained, for example, between specific
                   information concerning source of funds or source of wealth, and the nature of transactions.

       38.     In determining a risk assessment for a customer, the presence of one factor to consider that
               might indicate higher risk will not automatically establish that a customer is higher risk.
               Equally, the presence of one lower risk factor should not automatically lead to a determination
               that a customer is lower risk. As set out above, the process of determining an appropriate risk
               assessment should take into account the absence or presence of relevant factors, whether any
               compensating factors apply and the CDD information held by the relevant person.
       39.     The sophistication of the risk assessment process may be determined according to factors
               established by the business risk assessment.
       40.     Where it is appropriate to do so, risk may be assessed generically for applicants and
               customers falling into similar categories.




32                                                                                        Effective from: 4 February 2008
                                                                       Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                    Section 3.4 revised: 30 January 2009
                                                                                     Paragraph 48 revised: 22 April 2009
                                                                         Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                      Handbook for regulated financial services businesses

                                                                   Part 1: Section 3 – Customer due diligence requirements



               •   The business of some relevant persons, their products, and customer base, can be
                   relatively simple, involving few products, with most applicants or customers falling into
                   similar risk categories. In such circumstances, a simple approach, building on the risk that
                   the business’ products are assessed to present, may be appropriate for most customers,
                   with the focus being on those customers who fall outside the norm.

               •   Others may have a greater level of business, but large numbers of their customers may be
                   predominantly retail, served through delivery channels that offer the possibility of adopting
                   a standardised approach to many procedures. Here too, the approach for most customers
                   may be relatively straight forward - building on product risk.

               •   In the case of Jersey residents seeking to establish retail relationships, and in the absence
                   of any information to indicate otherwise, such applicants may be considered to present a
                   lower risk.

       41.     A more complex system may be appropriate for diverse customer bases or businesses with
               broad ranges of products or services.

3.3.6         Updating customer due diligence and customer risk assessments – Stage 5

              GUIDANCE NOTES
       42.     In the case of a business relationship assessed as presenting higher risk, a relevant person
               may demonstrate that its CDD information remains up to date where it is reviewed and updated
               on at least an annual basis.
       43.     In the case of other relationships, a relevant person may demonstrate that its CDD information
               remains up to date where it is reviewed and updated on a risk sensitive basis, including where
               additional “factors to consider” become apparent.
       44.     Trigger events, e.g. the opening of a new account, the purchase of a further product, or
               meeting with a customer may also present a convenient opportunity to update CDD
               information.
       45.     Under Article 13(1)(c) of the Money Laundering Order, where there is doubt about the veracity
               or adequacy of documents, data or information previously obtained under CDD measures, then
               CDD information must be updated.
       46.     A comprehensive understanding of the risk presented by a business relationship may only
               become evident at a later stage following the establishment of relationship. A relevant person
               may demonstrate that its customer risk assessments remain up to date where its review
               procedures (as outlined above), and its monitoring procedures (Section 5) involve
               consideration as to the ongoing appropriateness of the customer’s risk assessment.

3.4            ENHANCED CUSTOMER DUE DILIGENCE

              STATUTORY REQUIREMENTS
       47.     Article 15 of the Money Laundering Order requires that a relevant person apply enhanced CDD
               measures using a risk based approach where:
               •    A customer is not physically present for identification purposes.

               •   The relevant person has or proposes to have a business relationship or proposes to
                   carry out a one-off transaction with a person connected with a country or territory that
                   does not apply or insufficiently applies the FATF Recommendations.




Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                        33
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements


               •   The relevant person has or proposes to have a business relationship or proposes to
                   carry out a one-off transaction with an applicant for business or a customer who is a PEP
                   or where any of the following is a PEP: (i) owner or controller of an applicant or customer,
                   (ii) third party on whose behalf an applicant or customer acts, (iii) beneficial owner or
                   controller of a third party described in (ii), or (iv) person acting, or purporting to act, on
                   behalf of a customer.

               •   The relevant person holds a deposit-taking licence and has or proposes to have a
                   correspondent banking relationship with a bank that is outside Jersey. See sector specific
                   section on correspondent banking.

               •    The nature of the situation is such that a higher risk of money laundering is likely.

       48.     Article 15(5A) of the Money Laundering Order requires that a relevant person that has or
               proposes to have a business relationship or proposes to carry out a one-off transaction with a
               PEP (or relationship or transaction that has a prescribed connection to a PEP) must have
               specific and adequate measures that: (i) require any new business relationship or continuation
               of such a relationship or any new one-off transaction to be approved by the senior
               management of the relevant person; and (ii) establish the source of the wealth of the PEP and
               the source of the funds involved in the business relationship or one-off transaction.
       49.     For the purposes of determining whether a person is a close associate of a PEP a relevant
               person need only consider information that it holds or is publicly known.

3.4.1         Politically Exposed Persons (PEPs)

              OVERVIEW
       50.     Corruption inevitably involves serious crime, such as theft or fraud, and is of global concern.
               The proceeds of such corruption are often transferred to other jurisdictions and concealed
               through private companies, trusts or foundations, frequently under the names of relatives or
               close associates.
       51.     By their very nature, money laundering investigations involving the proceeds of corruption
               generally gain significant publicity and are therefore very damaging to the reputation of both
               businesses and jurisdictions concerned. This is in addition to the possibility of criminal
               charges.
       52.     Indications that an applicant or customer may be connected with corruption include excessive
               revenue from “commissions” or “consultancy fees” or involvement in contracts at inflated prices,
               where unexplained “commissions” or other charges are paid to third parties.
       53.     The risk of handling the proceeds of corruption, or becoming engaged in an arrangement that
               is designed to facilitate corruption, is greatly increased where the arrangement involves a PEP.
               Where the PEP also has connections to countries or business sectors where corruption is
               widespread, the risk is further increased.
       54.     PEP status itself does not, of course, incriminate individuals or entities. It will, however put an
               applicant for business or customer into a higher risk category.
              STATUTORY REQUIREMENTS
       55.     Article 11 of the Money Laundering Order requires a relevant person to put in place appropriate
               risk based systems and controls to determine whether an (i) applicant for business or
               customer, (ii) owner or controller of an applicant or customer, (iii) third party on whose behalf
               an applicant or customer acts, (iv) beneficial owner or controller of a third party described in
               (iii), or (v) person acting, or purporting to act, on behalf of a customer, is a PEP. Such systems
               and controls must recognise that customers may subsequently acquire PEP status.




34                                                                                          Effective from: 4 February 2008
                                                                         Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                      Section 3.4 revised: 30 January 2009
                                                                                       Paragraph 48 revised: 22 April 2009
                                                                           Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                     Handbook for regulated financial services businesses

                                                                  Part 1: Section 3 – Customer due diligence requirements



              GUIDANCE NOTES
       56.     The nature and scope of a relevant person’s activities will generally determine whether the
               existence of PEPs in its customer base is a practical issue for the business.
       57.     Where the existence of PEPs is considered to be a practical issue, a relevant person may
               demonstrate that it has appropriate systems and controls for determining whether it is servicing
               a PEP where it:
               •   Assesses those jurisdictions with which customers are connected, which pose the highest
                   risk of corruption. One source of information is the Transparency International Corruption
                   Perception Index.

               •   Establishes who are the current and former holders of prominent public functions within
                   those higher risk countries and determines, as far as is reasonably practicable, whether or
                   not applicants for business and customers have any connections with such individuals
                   (including through immediate family or close associates). In determining who are the
                   current and former holders of prominent public functions, it may have regard to information
                   already held by the relevant person and to external information sources such as the UN,
                   the European Parliament, the UK Foreign and Commonwealth Office, the Group of States
                   Against Corruption, and commercially available databases.

               •   Exercises vigilance where applicants and customers are involved in business sectors that
                   are vulnerable to corruption such as, but not limited to, oil or arms sales. One source of
                   information is the Transparency International Corruption Perception Index.

3.4.2         Customer who is connected to a higher risk country or territory

               REGULATORY REQUIREMENT

       58.     Countries and territories in Group 1 of Appendix D are to be treated as countries and territories
               that do not apply, or insufficiently apply, the FATF Recommendations under Article 15(3A) of
               the Money Laundering Order. The effect of this is that enhanced CDD measures must be
               applied under Article 15 of the Money Laundering Order.
       59.     Countries and territories in Group 2 of Appendix D are to be treated as countries and territories
               that present a higher risk under normal CDD measures.

3.4.3         Other higher risk customers

              GUIDANCE NOTES
       60.     A relevant person may demonstrate that it has applied enhanced due diligence measures to
               higher risk customers where it undertakes one of more of the measures set out below. The
               nature of the measures to be applied will depend on the circumstances of the relationship or
               transaction and the factors leading to the customer being considered to be higher risk.
       61.     Enhanced due diligence measures include:
               •   obtaining additional CDD information (identification information and relationship
                   information, including further information on the source of funds and source of wealth), from
                   either the customer or independent sources (such as the internet, public or commercially
                   available databases);

               •    taking additional steps to verify the CDD information obtained;

               •   commissioning due diligence reports from independent experts to confirm the veracity of
                   CDD information held;

               •    requiring higher levels of management approval for higher risk new customers;
Effective from: 4 February 2008
Sections 3.3.4.1 and 3.4 revised: 12 January 2009
Section 3.4 revised: 30 January 2009
Paragraph 48 revised: 22 April 2009
Sections 3.3.4.1 and 3.4.2 revised 22 July 2010                                                                       35
Handbook for regulated financial services businesses

Part 1: Section 3 – Customer due diligence requirements


               •    requiring more frequent review of business relationships;

               •   requiring the review of business relationships to be undertaken by the compliance function,
                   or other employees not directly involved in managing the customer; and

               •   setting lower monitoring thresholds for transactions connected with the business
                   relationship.

3.5           CDD REQUIREMENTS WHEN ACQUIRING A BUSINESS OR A BLOCK OF CUSTOMERS

              OVERVIEW
       62.     This sub-section establishes the requirements when established business relationships are
               taken on when acquiring a business or block of customers.
              REGULATORY REQUIREMENTS
       63.     Before acquiring a business with established business relationships or a block of relationships,
               a relevant person must undertake sufficient due diligence on the vendor to establish the level of
               CDD information and evidence of identity held in relation to the business to be acquired.
       64.     A relevant person may rely on the information and evidence of identity previously obtained by
               the vendor where the following criteria are met:
               •   the vendor is a financial services business that is a regulated person or carries on
                   equivalent business to any category of regulated business as defined by Article 5 of the
                   Money Laundering Order (refer to Section 1.7); and

               •   the relevant person has assessed that the vendor’s CDD policies and procedures are
                   satisfactory. This assessment must either involve sample testing, or alternatively an
                   assessment of all relevant CDD information for the relationships to be acquired.

       65.     When relying on this concession, a relevant person must obtain from the vendor the CDD
               information and evidence of identity held for each customer acquired.
       66.     Otherwise, where the vendor is not a financial services business that is a regulated person, or
               is not carrying on equivalent business to any category of regulated business (refer to Section
               1.7), or where deficiencies in the vendor’s CDD policies and procedures are identified (either at
               the time of transfer or subsequently), a business must determine and implement a programme
               to apply CDD measures on each customer and to remedy deficiencies. The business must
               agree its programme with the Commission.
       67.     CDD procedures must be undertaken as soon as possible in line with a risk based approach
               and requirements set out in the Handbook.




36                                                                                        Effective from: 4 February 2008
                                                                       Sections 3.3.4.1 and 3.4 revised: 12 January 2009
                                                                                    Section 3.4 revised: 30 January 2009
                                                                                     Paragraph 48 revised: 22 April 2009
                                                                         Sections 3.3.4.1 and 3.4.2 revised 22 July 2010
                                                                        Handbook for regulated financial services businesses

                                                                   Part 1: Section 4 – Identification and verification of identity




4            IDENTIFICATION AND VERIFICATION OF IDENTITY

4.1            OVERVIEW OF SECTION

       1.      The purpose of this section of the Handbook is to establish the identification information to be
               requested when establishing a business relationship or carrying out a one-off transaction, the
               information to be verified, and how that information is to be verified. This section also sets out
               exceptions and concessions to these general requirements, which apply in certain scenarios.
       2.      Guidance is also given on the timing of verification measures and on what to do where it is not
               possible to complete identification or verification of identity.
       3.      Identification and verification requirements (referred to in the Money Laundering Order as
               “identification measures”) apply at the outset of a business relationship or one-off
               transaction, where there is suspicion of money laundering or financing of terrorism, or where
               there is some doubt as to the veracity or adequacy of documents, data or information that are
               already held (including the circumstances set out in 4 below).
       4.      In particular, identification and verification requirements will apply when there is a:
               • change in identification information of a customer;
               • change in beneficial ownership and control of a customer; or
               • change in the third parties (or beneficial ownership or control of third parties) on whose
                 behalf an applicant or customer acts.
       5.      An applicant for business may be an individual (see Section 4.3), trustee of an express trust
               (see Section 4.4), or a legal body (including companies and foundations (both of which are
               bodies corporate when incorporated in Jersey), anstalts, partnerships, associations, or any
               similar bodies that can establish a business relationship with a relevant person or otherwise
               own property) (see Section 4.5) seeking to enter into a business relationship or to conduct a
               one-off transaction - as principal or on behalf of a third party (see Section 4.7).
       6.      This section should be read and understood in conjunction with Sections 3 and 5, which also
               address customer due diligence requirements.
       7.      Throughout this section, references to an “applicant for business” or “applicant” relate to a
               prospective customer, and references to a “customer” relate to a person with whom a business
               relationship has been formed or one-off transaction conducted.

4.2            OBLIGATION TO IDENTIFY AND VERIFY IDENTITY OF APPLICANT FOR BUSINESS

               OVERVIEW
       8.      Determining that an applicant for business is the person that he, she, or it claims to be is a
               combination of being satisfied that:
               • a person exists - on the basis of appropriate identification information; and
               • the applicant for business is that person - by verifying from reliable, independent source
                 documents, data or information, satisfactory confirmatory evidence of appropriate
                 components of the applicant’s identity.
       9.      Evidence of identity can take a number of forms. In respect of individuals, much weight is
               placed on identity documents and these are often the easiest way of providing evidence as to
               someone’s identity. It is, however, possible to be satisfied as to a customer’s identity by
               obtaining other forms of confirmation, including, in appropriate circumstances, written
               assurances from persons or organisations that have dealt with the customer for some time.




Effective from: 4 February 2008                                                                                                37
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


        10.     How much identification information to ask for, what to verify, and how to verify it in order to be
                satisfied as to a customer’s identity, will depend on the risk assessment for that customer (refer
                to Section 3.3).
        11.     When verifying identity, a relevant person will need to be prepared to accept a range of
                documents, and may also wish to use independent data sources to verify information.
                STATUTORY REQUIREMENTS
        12.     Article 13 of the Money Laundering Order requires identification measures to be conducted in
                respect of an applicant for business and any third parties for whom the applicant is acting
                (reasonable measures to verify identity in the case of the latter). Where the applicant (or any
                third party) is not an individual, Article 13 also requires beneficial owners and controllers of the
                applicant (or third parties) to be identified and reasonable measures to be taken to verify their
                identity.
        13.     For persons who are not individuals, Article 2 of the Money Laundering Order describes:
                • beneficial owners as individuals with ultimate beneficial ownership of that person; and
                • beneficial controllers as individuals who ultimately control that person or otherwise exercise
                  control over the management of that person.
        14.     The description of a beneficial owner or controller will apply whether the individual satisfies the
                description alone or jointly with other persons.
        15.     Article 2 of the Money Laundering Order provides that no individual is to be treated as a
                beneficial owner of a person that is a body corporate, the securities of which are listed on a
                regulated market.
        16.     Article 3 of the Money Laundering Order defines what is meant by customer due diligence
                measures and provides that identification of a person involves:
                • obtaining information about identity; and
                • verification of that information.
        17.     Verification evidence is satisfactory if, on the basis of documents, data or information from a
                reliable and independent source, it is reasonably capable of establishing that the applicant for
                business or customer (and others) is who he is said to be and the person conducting
                verification is satisfied that it does establish that fact.
        18.     Where the person to be identified is not physically present when identification measures are
                carried out, Article 15(3) of the Money Laundering Order requires that the customer due
                diligence measures must take into account the greater risk that is posed.
        19.     Article 13(1) of the Money Laundering Order requires identification measures to be applied
                before the establishment of a business relationship or before carrying out a one-off transaction,
                except where Article 13(4) and (5) apply. It also requires identification measures to be applied
                where the relevant person suspects money laundering or the financing of terrorism or has
                doubts about the veracity or adequacy of documents, data or information previously obtained
                under customer due diligence measures.
        20.     Article 13(4) provides for verification of identity of a person to be completed as soon as
                reasonably practicable after the establishment of a business relationship if:
                • this is necessary not to interrupt the normal conduct of business; and
                • there is little risk of money laundering occurring as a result of completing such verification
                  after the establishment of that relationship.
        21.     Where there is a change in the beneficial owners or controllers of a customer,
                Article 13(1)(c)(ii) of the Money Laundering Order requires that the new beneficial owners or
                controllers are identified and that reasonable measures are taken to verify their identity.
        22.     Article 13 of the Money Laundering Order also requires a relevant person to identify and to take
                reasonable measures to verify the identity of persons purporting to be authorised to act on
                behalf of a customer and to verify the authority of any persons purporting so to act.


38                                                                                       Effective from: 4 February 2008
                                                                                                    Revised 20 July 2009
                                                                       Handbook for regulated financial services businesses

                                                                  Part 1: Section 4 – Identification and verification of identity



4.3            IDENTIFICATION AND VERIFICATION: INDIVIDUALS

               OVERVIEW
       23.     The following requirements are relevant to situations where an individual is the applicant for
               business or where the applicant for business is more than one individual, such as a husband
               and wife opening a joint account.
       24.     They also apply to situations where an individual is a beneficial owner or controller of an
               applicant for business, is acting on behalf of an applicant for business (e.g. is acting according
               to a power of attorney, or who has signing authority over an account), or is a third party
               (underlying customer) on whose behalf an applicant for business is acting (see Section 4.7).

4.3.1          Establishing identity

               REGULATORY REQUIREMENTS
       25.     A relevant person must collect relevant identification information on an individual.
               GUIDANCE NOTES
       26.     A relevant person may demonstrate collection of relevant identification information where it
               requests, receives and keeps up to date the following:

                All customers

                  •     Legal name, any former names (such as maiden name) and any other names used.
                  •     Principal residential address.
                  •     Date of birth.

                Standard and higher risk: additional information

                  •     Place of birth.
                  •     Nationality.
                  •     Sex.
                  •     Government issued personal identification number or other government issued unique
                        identifier.

4.3.2          Verifying identity

               REGULATORY REQUIREMENTS
       27.     A relevant person must verify the identity of the individual.
       28.     Where a particular aspect of an individual’s identity subsequently changes (such as following
               marriage, change of nationality, or change of address), a relevant person must take reasonable
               measures to re-verify that particular aspect of identity of the individual.
       29.     All key documents (or parts thereof) used to verify identity must be understandable (i.e. in a
               language understood by the employees of the business), and must be translated into English at
               the request of the JFCU or the Commission.
               GUIDANCE NOTES
       30.     A relevant person may demonstrate that it has verified the identity of an individual where it
               verifies the following components:




Effective from: 4 February 2008                                                                                               39
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



                  Lower risk – information to be verified

                    •     Legal name, any former names (such as maiden name) and any other names used,
                          and
                    •     Principal residential address or date of birth.
                  using at least one identification verification method (see paragraph 31).

                  Standard risk – information to be verified

                    •     Legal name, any former names (such as maiden name) and any other names used;
                    •     Principal residential address;
                    •     Date of birth;
                    •     Place of birth;
                    •     Nationality; and
                    •     Sex.
                  using at least two identification verification methods (see paragraph 31).

                  Higher risk – information to be verified

                    •     Legal name, any former names (such as maiden name) and any other names used;
                    •     Principal residential address;
                    •     Date of birth;
                    •     Place of birth;
                    •     Nationality;
                    •     Sex; and
                    •     Government issued personal identification number or other government issued unique
                          identifier.
                  using at least two identification verification methods (see paragraph 31).
                  Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

        31.     Components of identity may be verified using the following methods:

                  All customers – identification verification methods

                  General identification information:
                    •     Current passport - providing photographic evidence of identity.
                    •     Current national identity card - providing photographic evidence of identity.
                    •     Current driving licence - providing photographic evidence of identity - where the
                          licensing authority carries out a check on the holder’s identity before issuing.
                    •     Independent data sources (including electronic sources). (Refer to Section 4.3.3).




40                                                                                          Effective from: 4 February 2008
                                                                                                       Revised 20 July 2009
                                                                         Handbook for regulated financial services businesses

                                                                    Part 1: Section 4 – Identification and verification of identity



                All customers – identification verification methods

                Residential address:
                  •     Correspondence from a central or local government department or agency (e.g. States
                        and parish authorities).
                  •     A letter of introduction confirming residential address from: (i) a relevant person that is
                        regulated by the Commission; (ii) a regulated financial services business which is
                        operating in a well-regulated jurisdiction; or (iii) a branch or subsidiary of a group
                        headquartered in a well-regulated jurisdiction which applies group standards to
                        subsidiaries and branches worldwide, and tests the application of, and compliance
                        with, such standards.
                  •     Personal visit to residential address.
                  •     A bank statement or utility bill.
                  •     One of the general identification information sources listed above.

                Lower risk

                Where the above general identification information methods are not possible, identity may be
                verified using:
                  •     A Jersey driving licence; or
                  •     A birth certificate in conjunction with:
                        •     a bank statement or a utility bill;
                        •     documentation issued by a government source; or
                        •     a letter of introduction from a relevant person that is regulated by the
                              Commission.

       32.     Verification methods provide evidence of identity from a number of sources. These sources
               may differ in their integrity, reliability and independence. For example, some identification
               documents are issued after due diligence on an individual’s identity has been undertaken, for
               example passports and national identity cards; others are issued on request, without any such
               checks being carried out. A relevant person should recognise that some documents are more
               easily forged than others.
       33.     Additionally, verification methods incorporating photographic confirmation of customer identity
               provide a higher level of assurance that an individual is the person who he or she claims to be.
       34.     Where a relevant person is not familiar with the form of the evidence obtained to verify identity,
               appropriate measures may be necessary to satisfy itself that the evidence is genuine.
       35.     When applying reasonable measures to the re-verification of identity following a change in a
               particular aspect of identity, e.g. a change of address, a relevant person may apply a risk
               based approach which focuses on higher risk customers.
       36.     In determining whether a jurisdiction is well-regulated, a relevant person may have regard to:
               • the development and standing of the jurisdiction’s regulatory framework; and
               • recent independent assessments of its regulatory environment, such as those conducted
                 and published by the IMF.
       37.     Where components of identity are verified through use of a passport, national identity card, or
               driving licence, which subsequently expires, then, in the absence of other risk factors, no
               further verification is necessary.




Effective from: 4 February 2008                                                                                                 41
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



4.3.3           Independent data sources

                OVERVIEW
        38.     Independent data sources can provide a wide range of confirmatory material on an applicant
                for business or customer, and are becoming increasingly accessible, for example, through
                improved availability of public information and the emergence of commercially available data
                sources such as electronic databases and research firms. Sources include:
                • Registers of electors.
                • Telephone directories.
                • Credit reference agency checks.
                • Business information services.
                • Electronic checks provided by commercial agencies.
        39.     Where a relevant person is seeking to verify identity using an independent data source,
                whether by accessing the source directly or by using an independent third party organisation
                (such as a credit reference agency), an understanding of the depth, breadth and quality of the
                data is important in order to determine that the method of verification does in fact provide
                satisfactory evidence of identity.
                REGULATORY REQUIREMENTS
        40.     Where a relevant person intends to use independent data sources to verify components of
                identity, it must ensure that:
                • The source, scope and quality of the data are satisfactory. At least two matches of each
                  component of an individual’s identity (see Section 4.3.2) must be obtained.
                • Processes allow the relevant person to capture and record the information used to verify
                  identity.
        41.     The level of satisfaction required will depend on the extent that a relevant person relies on the
                independent data sources to obtain satisfactory evidence of identity.
                GUIDANCE NOTES
        42.     Where a relevant person intends to use data held by independent third party organisations to
                verify identity, the business may demonstrate that data is satisfactory where the organisation is
                registered with a data protection agency in the EEA (or with an agency in a jurisdiction that has
                similar data protection provisions to the EEA), and where the organisation:
                • uses a range of positive information sources that can be called upon to link an applicant to
                  both current and historical data;
                • accesses negative information sources such as databases relating to fraud and deceased
                  persons;
                • accesses a wide range of alert data sources; and
                • has transparent processes that enable a relevant person to know what checks have been
                  carried out, what the results of these checks were and to be able to determine the level of
                  satisfaction provided by those checks.

4.3.4           Guarding against the financial exclusion of Jersey residents

                OVERVIEW
        43.     On occasions, an individual may be unable to provide evidence of identity using the verification
                sources set out at Section 4.3.2. Examples of such individuals include:
                • Seasonal workers whose principal residential address is not in Jersey.




42                                                                                     Effective from: 4 February 2008
                                                                                                  Revised 20 July 2009
                                                                       Handbook for regulated financial services businesses

                                                                  Part 1: Section 4 – Identification and verification of identity



               • Individuals living in Jersey in accommodation provided by their employer, with family (for
                 example in the case of minors), or in care homes, who may not pay directly for utility
                 services.
               • Jersey students living in university, college, school, or shared accommodation, who may not
                 pay directly for utility services.
               • Minors.
               REGULATORY REQUIREMENTS
       44.     A relevant person must determine that there is a valid reason for an applicant for business
               being unable to satisfy its more usual verification requirements, and must document that
               reason.
               GUIDANCE NOTES
       45.     In the case of a lower risk minor, whose parent or guardian is unable to produce more usual
               documentation to verify the minor’s identity, and who would otherwise be excluded from
               accessing financial services and products, satisfactory verification of identity may be
               established with a birth certificate.
       46.     In other cases, where a lower risk individual has a valid reason for being unable to produce
               more usual documentation to verify identity, and would otherwise be excluded from accessing
               financial services and products, satisfactory verification of identity may be established by:
               • A letter from the head of the household at which the individual resides confirming that the
                 applicant lives at that Jersey address, setting out the relationship between the applicant and
                 the head of household, together with evidence that the head of household resides at the
                 address.
               • A letter from a Jersey nursing home or residential home for the elderly, which a relevant
                 person is satisfied that it can place reliance on, confirming residence of the applicant.
               • A letter from a Jersey employer, which a relevant person is satisfied that it can place
                 reliance on, which confirms residence at a stated Jersey address, and indicates the
                 expected duration of employment. In the case of a seasonal worker, the worker’s principal
                 residential address in his country of origin should also be obtained.
               • A letter from a principal of a university or college, which a relevant person is satisfied that it
                 can place reliance on, that confirms residence at a stated address. In the case of a Jersey
                 student studying outside the Island, a residential address in Jersey should also be obtained.
       47.     Confirmatory letters should be written on appropriately headed notepaper.

4.3.5          Verification of residential address of overseas residents

               OVERVIEW
       48.     On occasions, an individual that resides abroad may be unable to provide evidence of his
               principal residential address using the verification methods set out at Section 4.3.2. Examples
               of such individuals include residents of countries without postal deliveries and few street
               addresses, who rely upon post office boxes or employers for delivery of mail, and residents of
               countries where, due to social restraints, private addresses may not be verified by personal
               visits.
       49.     It is essential for law enforcement purposes that a record of an individual’s residential address
               (or details of how that individual’s place of residence may be reached) be recorded. As a
               result, it is not acceptable only to record a post office box number as an address, or to fail to
               take steps to verify that a residential address is valid where required by this Handbook.
               REGULATORY REQUIREMENTS
       50.     A relevant person must determine that there is a valid reason for an applicant for business
               being unable to satisfy its more usual verification of address requirements, and must document
               that reason.


Effective from: 4 February 2008                                                                                               43
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


        51.      Where alternative methods to verify address are relied on, a relevant person must consider
                 whether enhanced monitoring of activity and transactions is appropriate.
                 GUIDANCE NOTES
        52.      Where an individual has a valid reason for being unable to produce more usual documentation
                 to verify residential address, satisfactory verification of address may be established by:
                 • Verification of a “locator” address - a locator address is an address at which it would
                   normally be possible to physically meet or contact an individual (with or without prior
                   arrangement), for example, an individual’s place of work.
                 • A written confirmation received from an individual satisfying the criteria for a suitable certifier
                   - Section 4.8.1 - that confirms residential address and that the certifier has visited the
                   individual at that address.

4.4              IDENTIFICATION AND VERIFICATION: TRUSTEES AND EXPRESS TRUSTS

                 OVERVIEW
        53.      There is a wide variety of trusts ranging from large, nationally and internationally active
                 organisations subject to a high degree of public scrutiny and transparency, through to trusts set
                 up under testamentary arrangements and trusts established for wealth management purposes.
        54.      Express trusts cannot form business relationships or carry out one-off transactions themselves.
                 It is the trustee of the trust who will enter into a business relationship or carry out the one-off
                 transaction on behalf of the trust and who will be considered to be the applicant for business
                 (i.e. the trustee is acting on behalf of a third party – the trust and the individuals concerned with
                 the trust).
        55.      In forming a relationship or carrying out a one-off transaction with a trustee, a relevant person
                 will be dependent on information supplied by the trustee relating to the trust and the individuals
                 concerned with the trust. When determining the risk assessment for an express trust
                 (Section 3.3), the risk factors set out in Section 3.3.4.1 and Section 4.10.1 will be relevant. In
                 addition, the monitoring measures maintained by a relevant person (Section 5) may provide
                 additional comfort that relevant and up to date identification and relationship information has
                 been provided.
        56.      The following requirements are relevant to situations where a trustee of an express trust is the
                 applicant for business. Where the trustee of an express trust is a relevant person that is a
                 regulated person (defined in Article 1 of the Money Laundering Order) or is a person who
                 carries on equivalent business to any category of regulated business, the concession set out in
                 Section 4.9.1 will be relevant. Where the trustee of an express trust is a relevant person that is
                 overseen for AML/CFT compliance in Jersey or is a person who carries on an equivalent
                 business (see Section 1.7), the concession set out in Section 4.10 (for the individuals
                 concerned with the trust) will also be relevant.
        57.      These requirements also apply to situations where a trustee is a beneficial owner or controller
                 of an applicant for business, or is a third party (underlying customer) on whose behalf an
                 applicant for business is acting.
        58.      The requirements where an applicant for business is wishing to settle a trust are covered in a
                 sector specific section for trust company business 9 .
        59.      Notwithstanding the requirement to obtain and verify information in relation to the trustee, the
                 trust and those individuals who are concerned with the trust, a relevant person is not expected
                 to establish the detailed terms of the trust, nor rights of the beneficiaries.




        9
              Sector specific section for trust company business published 23 December 2009.



44                                                                                             Effective from: 4 February 2008
                                                                                                          Revised 20 July 2009
                                                                                       Handbook for regulated financial services businesses

                                                                                  Part 1: Section 4 – Identification and verification of identity



4.4.1            Establishing identity

                 REGULATORY REQUIREMENTS
       60.       A relevant person must collect relevant identification information on the trustee(s) and on the
                 express trust (and any subsequent changes).
       61.       A relevant person must collect relevant identification information on the individuals who are
                 concerned with the trust (and any subsequent changes).
                 GUIDANCE NOTES
       62.       A relevant person may demonstrate the collection of relevant identification information where it
                 requests and receives from the trustee(s): (i) the following information; and (ii) certain
                 assurances.

                  All customers

                    •     Name of trust.
                    •     Date of establishment.
                    •     Official identification number (e.g. tax identification number or registered charity or
                          non-profit organisation number).
                    •     Identification information of trustee(s) - in line with guidance for individuals and legal
                          bodies.
                    •     Mailing address of trustee(s).
                    •     Identification information of settlor(s) 10 - in line with guidance for individuals and legal
                          bodies.
                    •     Identification information of protector(s) - in line with guidance for individuals and legal
                          bodies.

                  Standard and higher risk – additional information

                    •     Identification information on beneficiaries with a vested right - in line with guidance for
                          individuals and legal bodies.
                    •     Identification information on any other beneficiaries and persons who are the object of
                          a power and that have been identified as presenting higher risk - in line with guidance
                          for individuals and legal bodies.
                  Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

       63.       The assurances are that the trustee(s) has provided all of the information requested, and that
                 the trustee(s) will update the information provided in the event of subsequent change.

4.4.2            Verifying identity

                 REGULATORY REQUIREMENTS
       64.       A relevant person must verify the name and date of establishment of the express trust. Whilst
                 there is no requirement to review an existing trust instrument (or similar instrument) as a whole,
                 satisfactory evidence of the appointment of the trustee(s), and the nature of his duties must be
                 obtained.
       65.       A relevant person must verify the identity of the trustee(s) of the express trust and any
                 subsequent change in trustee(s) (in line with guidance for individuals and legal bodies).


       10
             The settlors of a trust include the initial settlors and any persons subsequently settling funds into a trust.



Effective from: 4 February 2008                                                                                                               45
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


        66.     A relevant person must take reasonable measures to verify the identity of the individuals who
                are concerned with the express trust (as set out at Section 4.4.1) and any subsequent changes
                (in line with guidance for individuals and legal bodies).
        67.     In the case of a standard or higher risk relationship, a relevant person must take reasonable
                measures to verify the identity of a beneficiary with a vested right at the time of or before
                distribution of trust property or income.
        68.     In the case of a standard or higher risk relationship, a relevant person must take reasonable
                measures to verify the identity of any other beneficiaries and persons who are the object of a
                power and that have been identified as presenting higher risk, at the time that the risk is
                identified.
        69.     All key documents (or parts thereof) used to verify identity must be understandable (i.e. in a
                language understood by the employees of the business), and must be translated into English at
                the request of the JFCU or the Commission.
                GUIDANCE NOTES
        70.     Where a relevant person seeks to verify the identity of individuals who are concerned with a
                trust on a non-face to face basis, for example, through copy documentation provided by the
                trustee(s), reference should be made to the requirements and guidance set out in Section 4.8
                for non-face to face identification and verification.
        71.     For higher risk relationships, also refer to Section 3.4 for enhanced due diligence requirements.
        72.     Where a relevant person is not familiar with the form of the evidence obtained to verify identity,
                appropriate measures may be necessary to satisfy itself that the evidence is genuine.

4.5             IDENTIFICATION AND VERIFICATION: LEGAL BODIES

                OVERVIEW
        73.     The following requirements are relevant to situations where a legal body is the applicant for
                business.
        74.     The requirements also apply to situations where a legal body is a beneficial owner or controller
                of an applicant for business, or is a third party (underlying customer) on whose behalf an
                applicant for business is acting.
        75.     For the purpose of this section, a legal body includes companies and foundations (both of
                which are bodies corporate when incorporated in Jersey), anstalts, partnerships, associations,
                or any similar bodies that can establish a business relationship with a relevant person or
                otherwise own property. For the purposes of this section, it also includes incorporated and
                unincorporated clubs, societies, charities, church bodies, institutes, mutual and friendly
                societies, co-operative and provident societies.
        76.     The identification measures to be applied to a legal body that is not a foundation are set out in
                Sections 4.5.1 and 4.5.2. The identification measures to be applied to a legal body that is a
                foundation are set out in Sections 4.5.3 and 4.5.4. For the avoidance of doubt, the
                identification measures that are to be applied to a foundation that is a charity are those set out
                in Sections 4.5.1 and 4.5.2.
        77.     Where identification information relating to a legal body is not available from a public source, a
                relevant person will be dependent on the information that is supplied by the legal body. When
                determining the risk assessment for a legal body (Section 3.3), the risk factors set out in
                Section 3.3.4.1 will be relevant. The risk factors set out in Section 4.10.1 are also relevant to
                the risk assessment for a legal body where information and evidence of identity are obtained
                through a trust and company service provider. In addition, the monitoring measures
                maintained by a relevant person (Section 5) may provide additional comfort that relevant and
                up to date identification and relationship information has been provided.
        78.     Where a director (or equivalent) of a legal body holds this role by virtue of his employment by
                (or position in) a business that is a regulated Jersey trust company, the concession set out in



46                                                                                     Effective from: 4 February 2008
                                                                                                  Revised 20 July 2009
                                                                                Handbook for regulated financial services businesses

                                                                           Part 1: Section 4 – Identification and verification of identity



                paragraph 95 of Section 4.5.2 (verification of director’s identity) will be relevant. Similar
                provision is made for a council member of a foundation at paragraph 108 of Section 4.5.4.
       79.      Article 2 of the Money Laundering Order, which describes those persons to be considered to
                be beneficial owners of a body corporate, provides that no individual is to be treated as a
                beneficial owner of a person that is a body corporate, the securities of which are listed on a
                regulated market. In the case of an applicant for business that is a subsidiary of such a body
                corporate, this provision means that there will be no need to identify or verify the identity of the
                owners of the shares of the holding body corporate. The obligation to identify individuals with
                ultimate effective control over the body corporate assets (or as otherwise provided for lower
                risk relationships) remains. Guidance published by the UK’s Joint Money Laundering Steering
                Group on what may be considered to be a regulated market can be found under Guidance on
                Equivalent Markets.
       80.      The requirements where an applicant for business is wishing to incorporate a company or
                foundation are covered in a sector specific section for trust company business 11 .

4.5.1           Establishing identity (except foundations)

                REGULATORY REQUIREMENTS
       81.      A relevant person must collect relevant identification information on a legal body (and any
                subsequent changes).
       82.      A relevant person must collect relevant identification information on the beneficial owners and
                controllers of the legal body (and any subsequent changes).
                GUIDANCE NOTES
       83.      A relevant person may demonstrate collection of relevant identification information where it
                requests and receives from the legal body: (i) the following information; and (ii) certain
                assurances.

                 All customers

                   •     Name of body.
                   •     Any trading names.
                   •     Date and country of incorporation/registration.
                   •     Official identification number.
                   •     Registered office address.
                   •     Mailing address (if different).
                   •     Principal place of business/operations (if different).
                   •     Names of all directors (or equivalent).
                   •     Identification information of directors (or equivalent) who have authority to operate a
                         relationship or to give the relevant person instructions concerning the use or transfer of
                         funds or assets - in line with guidance for individuals.
                   •     Identification information of individuals ultimately holding a 25% or more interest in the
                         capital of the legal body - in line with guidance for individuals and trustees.




       11
             Sector specific section for trust company business published 23 December 2009.



Effective from: 4 February 2008                                                                                                        47
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



                  Standard and higher risk – additional information

                    •     Identification information of individuals with ultimate effective control over the legal
                          body’s assets, including the individuals comprising the mind and management of the
                          legal body, e.g. directors - in line with guidance for individuals.
                    •     Identification information of individuals ultimately holding a material interest in the
                          capital of the legal body - in line with guidance for individuals and trustees.
                  Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

        84.     Where information is not available from public sources, the assurances are that the directors
                (or equivalent) of the legal body have provided all of the information requested, and that the
                directors (or equivalent) will update the information provided in the event of subsequent
                change.
        85.     For lower risk relationships, a general threshold of 25% is considered to indicate a material
                interest in the capital of a legal body. Whilst this principle may also apply to standard and
                higher risk relationships, where the distribution of interests is uneven the percentage where
                effective control may be exercised (a material interest) may be less than 25% when the
                distribution of other interests is taken into account, i.e. interests of less than 25% may be
                material interests.

4.5.2           Verifying identity (except foundations)

                REGULATORY REQUIREMENTS
        86.     A relevant person must verify the identity of the legal body.
        87.     A relevant person should take reasonable measures to verify the beneficial owners and
                controllers of the legal body and any subsequent changes in beneficial ownership and control
                (in line with guidance for individuals and trustees).
        88.     All key documents (or parts thereof) used to verify identity must be understandable (i.e. in a
                language understood by the employees of the business), and must be translated into English at
                the request of the JFCU or the Commission.
                GUIDANCE NOTES
        89.     A relevant person may demonstrate that it has verified the identity of a legal body where it
                verifies the following components:

                  All customers

                    •     Name of body.
                    •     Date and country of incorporation/registration.
                    •     Official identification number.

                  Standard and higher risk – additional verification

                    •     Registered office address.
                    •     Principal place of business/operations (where different to registered office).

        90.     Components of identity may be verified using one or more of the following verification methods:




48                                                                                         Effective from: 4 February 2008
                                                                                                      Revised 20 July 2009
                                                                          Handbook for regulated financial services businesses

                                                                     Part 1: Section 4 – Identification and verification of identity




                Lower risk – minimum one verification method
                Standard and higher risk – minimum two verification methods

                  •     Certificate of incorporation (or other appropriate certificate of registration or licensing).
                  •     Memorandum and Articles of Association (or equivalent).
                  •     Company registry search, including confirmation that body is not in the process of
                        being dissolved, struck off, wound up or terminated.
                  •     Latest audited financial statements.
                  •     Independent data sources, including electronic sources, e.g. business information
                        services.
                  •     Personal visit to principal place of business (standard or higher risk only).
                Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

       91.     A relevant person may demonstrate that it has taken reasonable measures to verify the
               beneficial owners and controllers of the legal body where it verifies the identity of the following:

                All customers

                  •     Those directors (or equivalents) who have authority to operate a relationship or to give
                        the relevant person instructions concerning the use or transfer of funds or assets - in
                        line with guidance for individuals.

                Standard and higher risk

                  •     Individuals with ultimate effective control over the legal body’s assets, including the
                        individuals comprising the mind and management of the legal body, e.g. directors - in
                        line with guidance for individuals.
                  •     Individuals ultimately holding a material interest in the capital of the legal body - in line
                        with guidance for individuals and trustees.
                Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

       92.     Individuals having ultimate effective control over a legal body will often include directors or
               equivalent. In the case of partnerships, associations, clubs, societies, charities, church bodies,
               institutes, mutual and friendly societies, co-operative and provident societies, this will often
               include members of the governing body or committee plus executives.
       93.     Where a relevant person is not familiar with the form of the evidence obtained to verify identity,
               appropriate measures may be necessary to satisfy itself that the evidence is genuine.
       94.     Where a relevant person verifies the identity of beneficial owners and controllers on a remote
               basis, reference should be made to the requirements and guidance set out in Section 4.8 for
               non-face to face identification and verification.
       95.     Where a director (or equivalent) holds this role by virtue of his employment by (or position in) a
               business that is a regulated Jersey trust company, a relevant person may demonstrate that it
               has taken reasonable measures to identify that person and to verify his identity where it obtains
               the following:
               • the full name of the director; and
               • an assurance from the trust company that the individual is an officer or employee.




Effective from: 4 February 2008                                                                                                  49
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



4.5.3           Establishing identity – foundations (except charities)

                REGULATORY REQUIREMENTS
        96.     A relevant person must collect relevant identification information on a foundation (and any
                subsequent changes).
        97.     A relevant person must collect relevant identification information on the persons who are
                concerned with the foundation (and any subsequent changes).
                GUIDANCE NOTES
        98.     A relevant person may demonstrate collection of relevant identification information where it
                requests and receives from the foundation: (i) the following information; and (ii) certain
                assurances.

                  All customers

                    •     Name of foundation.
                    •     Date and country of incorporation.
                    •     Official identification number.
                    •     Business address. In the case of a foundation incorporated under the Foundations
                          (Jersey) Law 2009, this will be the business address of the qualified member of the
                          council.
                    •     Mailing address (if different).
                    •     Principal place of business/operations (if different).
                    •     Names of all council members and, if any decision requires the approval of any other
                          person, the name of that person.
                    •     Identification information for all council members who have authority to operate a
                          relationship or to give the relevant person instructions concerning the use or transfer of
                          funds or assets - in line with guidance for individuals and legal bodies.
                    •     Identification information for the founder, a person (other than the founder of the
                          foundation) who has endowed the foundation, and, if any rights a founder of the
                          foundation had in respect of the foundation and its assets have been assigned to
                          some other person, that person - in line with guidance for individuals and legal bodies.
                    •     Identification information for the guardian - in line with guidance for individuals and
                          legal bodies. The guardian of a foundation takes such steps as are reasonable to
                          ensure that the council of the foundation carries out its functions.


                  Standard and higher risk – additional information

                    •     Identification information for all council members and, if any decision requires the
                          approval of any other person, that person - in line with guidance for individuals and
                          legal bodies.
                    •     Identification information on any beneficiary entitled to a benefit under the foundation
                          in accordance with the charter or the regulations of the foundation - in line with
                          guidance for individuals and legal bodies.
                    •     Identification information on any other beneficiary and person in whose favour the
                          council may exercise discretion under the foundation in accordance with its charter or
                          regulations and that have been identified as presenting higher risk - in line with
                          guidance for individuals and legal bodies.
                  Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.



50                                                                                        Effective from: 4 February 2008
                                                                                                     Revised 20 July 2009
                                                                         Handbook for regulated financial services businesses

                                                                    Part 1: Section 4 – Identification and verification of identity



       99.     Where information is not available from public sources, the assurances are that the council
               members have provided all of the information requested and that the council members will
               update the information provided in the event of subsequent change.

4.5.4          Verifying identity – foundations (except charities)

               REGULATORY REQUIREMENTS
       100. A relevant person must verify the identity of the foundation.
       101. A relevant person should take reasonable measures to verify the identity of persons who are
            concerned with the foundation and any subsequent changes of persons who are concerned
            with the foundation (in line with guidance for individuals and legal bodies).
       102. All key documents (or parts thereof) used to verify identity must be understandable (i.e. in a
            language understood by the employee of the business), and must be translated into English at
            the request of the JFCU or the Commission.
               GUIDANCE NOTES
       103. A relevant person may demonstrate that it has verified the identity of a foundation where it
            verifies the following components:

                All customers

                  •     Name of foundation.
                  •     Date and country of incorporation.
                  •     Official identification number.

                Standard and higher risk-additional verification

                  •     Business address.
                  •     Principal place of business/operations (if different).

       104. Components of identity may be verified using one or more of the following verification methods:

                Lower risk – minimum one verification method
                Standard and higher risk – minimum two verification methods

                  •     Charter (or equivalent).
                  •     Registry search.
                  •     Latest audited financial statements.
                  •     Independent data sources, including electronic sources.
                  •     Commission website (for the business address of the qualified member of the council).
                Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

       105. A relevant person may demonstrate that it has taken reasonable measures to verify the identity
            of persons who are concerned with the foundation where it verifies the identity of the following:




Effective from: 4 February 2008                                                                                                 51
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



                  All customers

                    •     Council members who have authority to operate a relationship or to give the relevant
                          person instructions concerning the use or transfer of funds or assets – in line with
                          guidance for individual and legal bodies.
                    •     Founder, a person (other than the founder of the foundation) who has endowed the
                          foundation, and, if any rights a founder of the foundation had in respect of the
                          foundation and its assets have been assigned to some other person, that person – in
                          line with guidance for individual and legal bodies.
                    •     Guardian – in line with guidance for individual and legal bodies. The guardian of a
                          foundation takes such steps as are reasonable to ensure that the council of the
                          foundation carries out its functions.

                  Standard and higher risk

                    •     All council members and, if any decision requires the approval of any other person,
                          that person - in line with guidance for individuals and legal bodies.
                    •     Any beneficiary entitled to a benefit under the foundation in accordance with the
                          charter or the regulations of the foundation - in line with guidance for individuals and
                          legal bodies (at the time of or before distribution).
                    •     Any other beneficiary and person in whose favour the council may exercise discretion
                          under the foundation in accordance with its charter or regulations and that have been
                          identified as presenting higher risk - in line with guidance for individuals and legal
                          bodies (at the time that the risk is identified).
                  Refer to Section 3.4 for enhanced due diligence requirements for higher risk relationships.

        106. Where a relevant person is not familiar with the form of the evidence obtained to verify identity,
             appropriate measures may be necessary to satisfy itself that the evidence is genuine.
        107. Where a relevant person verifies information on a remote basis, reference should be made to
             the requirements and guidance set out in Section 4.8 for non-face to face identification and
             verification.
        108. Where a council member who is an individual holds this role by virtue of his employment by (or
             position in) a business that is a regulated Jersey trust company, a relevant person may
             demonstrate that it has taken reasonable measures to identify that person and to verify his
             identity where it obtains the full name of the council member and an assurance from the trust
             company that the individual is an officer or employee.

4.6             IDENTIFICATION AND VERIFICATION: AUTHORISED AGENT OF APPLICANTS FOR
                BUSINESS

                OVERVIEW
        109. Article 13 of the Money Laundering Order requires a relevant person to identify persons
             purportedly authorised to act on behalf of an applicant for business that is not an individual and
             to take reasonable measures to obtain satisfactory evidence of identity of such persons. This
             will include account signatories and those to whom powers of attorney have been granted. In
             addition, Article 13 requires a relevant person to verify the authority of any person purporting to
             act.
        110. Article 18(7) and (8) of the Money Laundering Order provides an exception to this requirement
             where a person authorised to act on behalf of an applicant for business is acting in the course
             of employment by a person that:
                • is regulated by the Commission; or



52                                                                                       Effective from: 4 February 2008
                                                                                                    Revised 20 July 2009
                                                                     Handbook for regulated financial services businesses

                                                                Part 1: Section 4 – Identification and verification of identity



               • carries on equivalent business to any category of business that is regulated by the
                 Commission (see Article 5 of the Money Laundering Order and Section 1.7). Refer to
                 Section 4.9.4.
               REGULATORY REQUIREMENTS
       111. A relevant person must obtain a copy of the power of attorney (or other authority or mandate)
            that provides the individuals representing the applicant for business with the right to act on its
            behalf.
               GUIDANCE NOTES
       112. For lower risk relationships a relevant person may demonstrate that it has taken reasonable
            measures to obtain satisfactory evidence where it verifies the identity of a minimum of two
            individuals that have purported authority to act on behalf of an applicant for business.
       113. For standard or higher risk relationships, a relevant person should take into account factors
            such as the risk posed by the relationship and the materiality of the authority delegated to
            individuals.

4.7            IDENTIFICATION AND VERIFICATION: APPLICANTS ACTING FOR THIRD PARTIES
               (INTERMEDIARY RELATIONSHIPS)

               OVERVIEW
       114. This section covers the scenario where the applicant for business is acting on behalf of a third
            party (e.g. on behalf of an underlying customer(s)). Where that applicant for business meets
            the criteria detailed in Articles 16 or 17 of the Money Laundering Order, then a relevant person
            may be able to benefit from concessions provided by those articles (Section 4.10). Otherwise,
            the requirements detailed in this section apply.
       115. The specific situation of a trustee acting on behalf of a third party (the trust), where the trustee
            is not a business that is a regulated person or does not carry on an equivalent business to any
            category of regulated business, is addressed in Section 4.4.
               STATUTORY REQUIREMENTS
       116. Article 13 of the Money Laundering Order requires a determination as to whether an applicant
            is acting for a third party or parties.
       117. Whenever an applicant is acting for a third party or parties, Article 13 requires a relevant
            person to identify each third party and the individuals who are its beneficial owners and
            controllers and to take reasonable measures to verify the identity of each third party and its
            beneficial owners and controllers, in addition to undertaking measures to identify and verify the
            identity of the applicant.
       118. Where there is a subsequent change of the third party or the beneficial owners or controllers of
            a third party, Article 13 requires that the new third party or new beneficial owners or controllers
            are identified and that reasonable measures are taken to verify their identity.

4.8            NON-FACE TO FACE IDENTIFICATION AND VERIFICATION

               OVERVIEW
       119. Frequently, relationships will be established where there is no face to face contact with the
            individuals to be identified, for example:
               • relationships established by individuals through the post, by telephone or via the internet;
                 and
               • where identification information is provided through a trustee on persons who are concerned
                 with a trust, or by a company on the persons who are its beneficial owners and controllers.
       120. There may also be circumstances where there is face to face contact with an individual, but
            where documentary evidence is to be provided at a time when the individual is not present.


Effective from: 4 February 2008                                                                                             53
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


        121. Article 15(3) of the Money Laundering Order requires that enhanced customer due diligence
             measures be applied where a customer has not been physically present for identification
             purposes.
        122. This section contains requirements that are relevant where there has been no face to face
             contact with a person, and where documentary evidence is to be provided at a time when the
             individual is not present.
                REGULATORY REQUIREMENTS
        123. Where a relationship is established or transaction conducted remotely, or where the identity of
             an individual is to be verified using documentary evidence when the individual is not physically
             present, a relevant person must perform an additional check to reduce the risk of identity fraud.
                GUIDANCE NOTES
        124. A relevant person may demonstrate that the specific additional check undertaken is appropriate
             where it takes into account the customer risk assessment, matching the level of assurance
             given by the check to the risk presented by the customer.
        125. Additional checks to reduce the risk of identity fraud include:
                • Verification of identity using a further verification method listed at Section 4.3.2.
                • Obtaining copies of identification documents certified by a suitable certifier.
                • Requiring the first payment for the financial services product or service to be drawn on an
                  account in the customer’s name at a bank that is a regulated person or carries on equivalent
                  business (refer to Section 1.7).
                • Verifying additional aspects of identity or other customer due diligence information from
                  independent sources.
                • Telephone contact with the applicant for business prior to establishing a relationship on a
                  home or business number which has been verified, or a “welcome call” to the customer
                  before transactions are permitted, using the call to verify additional aspects of identification
                  information that have been previously provided.
                • Internet sign-on following verification measures where the customer uses security codes,
                  tokens, and/or other passwords which have been set up during account opening and
                  provided by mail (or secure delivery) to the named individual at an independently verified
                  address.
                • Specific card or account activation measures.
        126. For higher risk customers where suitable certification is relied upon, a relevant person may
             demonstrate that it has obtained appropriate verification of identity where it takes steps to
             check that the suitable certifier is real, or alternatively, performs a further check to reduce the
             risk of identity fraud.

4.8.1           Suitable certifiers

                OVERVIEW
        127. Use of a certifier guards against the risk that copy documentation provided is not a true copy of
             the original document and that the documentation does not correspond to the applicant whose
             identity is to be verified. For certification to be effective, the certifier will need to have seen the
             original documentation and, where documentation is to be used to provide satisfactory
             evidence of identity for an individual, have met the individual (where certifying evidence of
             identity containing a photograph). A suitable certifier will also be subject to professional rules
             (or equivalent) providing for the integrity of his conduct.
                REGULATORY REQUIREMENTS
        128. A suitable certifier must be subject to professional rules of conduct, which provide comfort as to
             the integrity of the certifier.
        129. A suitable certifier must certify that:

54                                                                                        Effective from: 4 February 2008
                                                                                                     Revised 20 July 2009
                                                                      Handbook for regulated financial services businesses

                                                                 Part 1: Section 4 – Identification and verification of identity



               • he has seen original documentation verifying identity and/ or residential address;
               • the copy of the document (which he certifies) is a complete and accurate copy of that
                 original; and
               • where the documentation is to be used to verify identity of an individual and contains a
                 photograph, the photograph contained in the document certified bears a true likeness to the
                 individual requesting certification,
               or use wording to the same effect.
       130. The certifier must also sign and date the copy document, and provide adequate information so
            that he may be contacted in the event of a query.
       131. In circumstances where the suitable certifier is located in a higher risk jurisdiction, or where a
            relevant person has some doubts as to the veracity of the information or documentation
            provided by the applicant, the relevant person must take steps to check that the suitable
            certifier is real.
               GUIDANCE NOTES
       132. Acceptable persons to certify evidence of identity (suitable certifiers) may include:
               • a member of the judiciary, a senior civil servant, or a serving police or customs officer;
               • an officer of an embassy, consulate or high commission of the country of issue of
                 documentary evidence of identity;
               • a lawyer or notary public who is a member of a recognised professional body;
               • an actuary who is a member of a recognised professional body;
               • an accountant who is a member of a recognised professional body;
               • a tax advisor who is a member of a recognised professional body;
               • an individual that is qualified to undertake certification services under authority of the
                 Certification and International Trade Committee (in Jersey this service is available through
                 the Jersey Chamber of Commerce); and
               • a director, officer, or manager of a regulated financial services business which is operating
                 in a well-regulated jurisdiction, or of a branch or subsidiary of a group headquartered in a
                 well-regulated jurisdiction which applies group standards to subsidiaries and branches
                 worldwide, and tests the application of and compliance with such standards.
       133. A higher level of assurance will be provided where the relationship between the suitable
            certifier and the subject (individual, legal body or express trust) is of a professional rather than
            personal nature.
       134. An adequate level of information to be provided by a suitable certifier would include his name,
            position or capacity, his address and a telephone number or email address at which he can be
            contacted.
       135. A relevant person may apply a risk based approach to applying steps to check that a suitable
            certifier is real, that considers factors such as the stature and track record of the certifier,
            previous experience of accepting certifications from certifiers in that profession or jurisdiction,
            the adequacy of the framework to counter money laundering and the financing of terrorism in
            place in the jurisdiction in which the certifier is located and the extent to which the framework
            applies to the certifier.
       136. In determining whether a jurisdiction is well-regulated, a relevant person may have regard to:
               • the development and standing of the jurisdiction’s regulatory framework; and
               • recent independent assessments of its regulatory environment, such as those conducted
                 and published by the IMF.




Effective from: 4 February 2008                                                                                              55
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


        137. Where the copy document is to be used to verify identity, best efforts should be exercised by
             the suitable certifier to provide an adequate quality copy of the photographic evidence to be
             certified.

4.9             EXCEPTIONS FROM IDENTIFICATION MEASURES

                OVERVIEW
        138. Article 18 of the Money Laundering Order provides for exceptions to the general requirement to
             carry out identification measures that would otherwise be required under Article 13.
        139. The exceptions set out in Article 18 do not apply where a relevant person suspects money
             laundering or in any situation which by its nature can present a higher risk of money
             laundering.
        140. Article 2 of the Money Laundering Order provides that no individual is to be treated as a
             beneficial owner of a person that is a body corporate, the securities of which are listed on a
             regulated market. In the case of an applicant for business that is a subsidiary of such a body
             corporate, this provision means that there will be no need to identify or verify the identity of the
             owners of the shares of the holding body corporate. The obligation to identify controllers
             remains.

4.9.1           Regulated persons and those carrying on equivalent businesses

                OVERVIEW
        141. The Money Laundering Order requires a relevant person to perform identification and
             verification of identity measures in respect of an applicant for business, its beneficial owners
             and controllers, and any third parties (underlying customers) for whom the applicant is acting
             (as well as for the beneficial owners and controllers of such third parties).
        142. Where the applicant for business is a regulated person (or person who carries on equivalent
             business), then, in line with Article 18(7) of the Money Laundering Order, there is no
             requirement to apply identification measures in respect of the applicant or on the beneficial
             owners and controllers of the applicant. However, these provisions do not also provide an
             exemption in respect of any third parties (underlying customers) for whom the applicant is
             acting, or for the beneficial owners and controllers of such third parties. Refer to Section 4.10
             for concessions concerning the underlying customers.
                STATUTORY REQUIREMENTS
        143. Under Article 18(7) of the Money Laundering Order, a relevant person need not identify or
             verify the identity of an applicant for business or its beneficial owners and controllers, whether
             acting as principal or on behalf of third parties, where there are reasonable grounds for
             believing that the applicant for business is:
                • a regulated person; or
                • a person carrying out an equivalent business to any category of regulated business (refer to
                  Section 1.7).
                REGULATORY REQUIREMENT
        144. A relevant person must obtain and retain documentation establishing that the applicant for
             business is entitled to benefit from the exemption provided in Article 18(7) of the Money
             Laundering Order.

4.9.2           Companies with listed securities

                OVERVIEW
        145. Where an applicant for business is a body corporate the securities of which are listed on a
             regulated market, then, in line with Article 18(6A) of the Money Laundering Order, there is no
             requirement to apply identification measures on that body corporate or on the beneficial owners


56                                                                                    Effective from: 4 February 2008
                                                                                                 Revised 20 July 2009
                                                                   Handbook for regulated financial services businesses

                                                              Part 1: Section 4 – Identification and verification of identity



               and controllers of the body. However, the obligations to apply identification measures to any
               third party for which the body corporate may be acting and to persons purporting to act on
               behalf of the body corporate continue.
       146. Guidance published by the UK’s Joint Money Laundering Steering Group on what may be
            considered to be a regulated market can be found on: Guidance on Equivalent Markets.
               REGULATORY REQUIREMENT
       147. A relevant person must obtain and retain documentation establishing that the applicant for
            business is entitled to benefit from the concession in Article 18(6A) of the Money Laundering
            Order.

4.9.3          Jersey public authorities

               OVERVIEW
       148. Where an applicant for business is a Jersey public authority, then, in line with Article 18(2) of
            the Money Laundering Order, there is no requirement to apply identification measures on that
            public authority or on the beneficial owners and controllers of the authority. However, the
            obligations to apply identification measures to any third party for which the authority may be
            acting and to persons purporting to act on behalf of the authority continue.
               REGULATORY REQUIREMENTS
       149. A relevant person must obtain and retain documentation establishing that the applicant for
            business is entitled to benefit from the concession in Article 18(2) of the Money Laundering
            Order.
               GUIDANCE NOTES
       150. The following may be considered to be public authorities in Jersey:
               • A department of the States of Jersey;
               • A majority States-owned company;
               • An agency established by a law of the States of Jersey; or
               • A parish authority.

4.9.4          Persons authorised to act on behalf of an applicant

               STATUTORY REQUIREMENTS
       151. Under Article 18(7) of the Money Laundering Order a relevant person need not identify or verify
            the identity of persons authorised to act on behalf of an applicant for business, where that
            applicant is a regulated person, or carries on equivalent business to any category of regulated
            business. See Section 1.7.
       152. Under Article 18(8) of the Money Laundering Order a relevant person need not identify or verify
            the identity of persons purporting to be authorised to act on behalf of an applicant for business
            where the person who is so authorised acts in the course of employment by a business that is
            a regulated person, or carries on equivalent business to any category of regulated business.
               GUIDANCE NOTES
       153. Where a person authorised to act on behalf of an applicant for business holds this role by virtue
            of his employment by (or position in) a business that is a regulated person, a relevant person
            may demonstrate that this exception applies where it obtains:
               • the full name of the individual; and
               • an assurance from the financial services business that the individual is an officer or
                 employee.




Effective from: 4 February 2008                                                                                           57
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



4.9.5           Identification measures for pension schemes

                STATUTORY REQUIREMENTS
        154. Under Article 18(3) of the Money Laundering Order, a relevant person need not apply
             identification measures where the business relationship or one-off transaction relates to a
             pension, superannuation, or similar scheme:
                • where contributions are made by an employer or by way of a deduction from wages, and
                • the scheme rules do not permit the assignment of members’ interests under the scheme.

4.9.6           Other exceptions

                STATUTORY REQUIREMENTS
        155. Under Article 18(4), (5) and (6) of the Money Laundering Order, a relevant person need not
             apply identification measures when the application is for an insurance business policy:
                • taken out in connection with a pension scheme relating to the customer’s employment or
                  occupation, if the policy contains no surrender clause and cannot be used as security for a
                  loan; or
                • where the premium is a single payment of no more than £1,750; or
                • where the premium payments do not exceed £750 in any calendar year.

4.10            IDENTIFICATION AND VERIFICATION                   OF   IDENTITY   IN   INTERMEDIARY             AND
                INTRODUCED RELATIONSHIPS

                OVERVIEW
        156. Article 13 of the Money Laundering Order requires a relevant person to determine whether the
             applicant for business is acting for any third party (underlying customer), and if so, requires the
             relevant person to identify and take reasonable measures to verify the identity of the third party
             (underlying customer) and its beneficial owners and controllers. Such relationships are
             referred to as intermediary relationships, as no direct relationship between the relevant
             person and the underlying customer arises; the business relationship is instead between the
             relevant person and the intermediary. Intermediary relationships differ from introduced (also
             known as referred) relationships, as with introduced relationships, the underlying customer
             does form a direct relationship with the relevant person.
        157. However, in certain circumstances where the risk of money laundering and the financing of
             terrorism may be lower, such as where the intermediary (or introducer) itself is subject to legal
             requirements to combat money laundering and financing of terrorism equivalent to those in
             place in Jersey, and is supervised for compliance with those requirements, the Money
             Laundering Order permits reduced or simplified due diligence measures to be carried out on
             the intermediary, or reliance to be placed on the intermediary or introducer to have conducted
             aspects of customer due diligence.
        158. This section sets out the circumstances where reduced or simplified measures may be applied
             or where reliance may be placed:
                • Where the applicant for business – an intermediary - is a certain type of regulated person or
                  carries on an equivalent business to certain categories of regulated business (covered by
                  Article 17 of the Money Laundering Order); and
                • Where the relationship involves either an intermediary or introducer that is a carrying on a
                  financial services business that is overseen for AML/CFT compliance in Jersey, or a person
                  who carries on equivalent business (covered by Article 16 of the Money Laundering Order).




58                                                                                     Effective from: 4 February 2008
                                                                                                  Revised 20 July 2009
                                                                   Handbook for regulated financial services businesses

                                                              Part 1: Section 4 – Identification and verification of identity




       159. Intermediary relationships may cover a single underlying customer or more than one customer,
            including a pool of customers. Relationships established by an intermediary on behalf of a
            single customer, including relationships involving sub-accounts for each underlying customer,
            are described in the Handbook as designated relationships. A relationship established by an
            intermediary on behalf of more than one customer is described in the Handbook as a pooled
            relationship.
       160. Examples of intermediary relationships may include:
               • Trustees establishing relationships with other persons carrying on financial services
                 businesses on behalf of express trusts.
               • Stock-brokers and investment management firms acting as nominees for underlying
                 investors.
       161. Some examples of pooled relationships include:
               • Overseas banks (typically Swiss banks) that place pooled deposits on a fiduciary basis with
                 Jersey banks.
               • Open-ended or closed-ended investment companies, trustees of unit trusts, and general
                 partners of limited partnerships that wish to establish banking facilities for a collective
                 investment fund.
               • Client accounts operated by trust companies, investment managers, lawyers and
                 accountants.
               Introduced relationships
       162. An introduced relationship is where an introducer has an established relationship with a
            customer and wishes to introduce that customer to another person carrying on a financial
            services business. Here, it is the customer who is the applicant for business, and who seeks to
            form a direct relationship with a relevant person. The customer will therefore have two direct
            relationships, one with the introducer and one with the relevant person to which he has been
            introduced.
       163. Examples of introducers include:
               • Investment advisors who arrange for their customers to invest in a financial product
                 provided by another person carrying on a financial services business, where the investment
                 is held in the name of the customer and not that of the investment advisor.
               • Company service providers who arrange for a bank or investment account, for example, to
                 be established in the name of a client company, and not in the name of the company
                 service provider.
               • The qualified member of a foundation that is incorporated under the Foundations (Jersey)
                 Law 2009, to the extent that the foundation wishes to form a business relationship or carry
                 out a one-off transaction with another relevant person, e.g. to open a bank account.
               Outsourcing
       164. Outsourcing arrangements are not included within the scope of this section, as these are
            distinct from introduced and intermediary relationships. In an outsourcing arrangement, the
            customer will have a direct relationship with a relevant person and not with the delegate
            carrying on the outsourced activity. Although the delegate may have substantial contact with
            the customer, the customer is a customer of the relevant person and not of the delegate. The
            delegate will be carrying on the outsourced activity for the relevant person according to the
            terms of a contract with the relevant person. An example of a typical outsourcing arrangement
            is where a trustee of a collective investment fund outsources the management of the fund to a
            third party.




Effective from: 4 February 2008                                                                                           59
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity



4.10.1          Assessment of risk where reliance placed on intermediaries and introducers

                OVERVIEW
        165. Where it is possible to avoid applying identification measures because these have already
             been conducted by an intermediary, or to place reliance on measures that have already been
             conducted by an intermediary, this introduces an additional risk that must be considered. A
             similar risk is introduced where reliance is placed on an introducer to have conducted
             identification measures. This section considers this additional risk.
        166. The risk factors that are set out in this section will also be relevant to a customer risk
             assessment that is conducted under Section 3.3.4.1 in the cases highlighted at Sections 4.4
             (paragraph 55) and 4.5 (paragraph 77).
                STATUTORY REQUIREMENTS
        167. In certain cases, Articles 16 of the Money Laundering Order provides for reliance to be placed
             on intermediaries and introducers to have applied identification measures in order to meet a
             relevant person’s obligations under Article 13 of the Money Laundering Order. In order to
             place such reliance, a relevant person must have conducted an assessment as to whether it is
             appropriate to place reliance.
        168. In certain cases, Article 17 of the Money Laundering Order provides that a relevant person
             need not apply the requirement in Article 13 of the Money Laundering Order to identify and
             verify the identity of the intermediary’s underlying customer. Article 17 may be applied only
             where a relevant person has conducted an assessment as to whether it is appropriate to apply
             the concession.
                REGULATORY REQUIREMENTS
        169. In order to avoid applying identification measures under Article 17 or to rely on measures that
             have been conduced by an intermediary or introducer under Article 16, a relevant person must
             first assess the risk in avoiding applying such measures or placing reliance. Where
             appropriate, it should take additional measures to manage its risk.
                GUIDANCE NOTES
                Risk assessment – factors to consider
        170. One or more of the following factors will be relevant when conducting a risk assessment for an
             introducer or intermediary:
                • The stature and regulatory track record of the intermediary or introducer.
                • The adequacy of the framework to combat money laundering and financing of terrorism in
                  place in the jurisdiction in which the intermediary or introducer is based and the period of
                  time that the framework has been in place.
                • The adequacy of the supervisory regime to combat money laundering and terrorist financing
                  to which the intermediary or introducer is subject.
                • The adequacy of the measures to combat money laundering and financing of terrorism in
                  place at the intermediary or introducer.
                • Previous experience gained from existing relationships connected with the intermediary or
                  introducer.
                • The nature of the business conducted by the intermediary or introducer. Relevant factors
                  include:
                     a.    the geographic location of the customer base;
                     b.    the general nature of the customer base, e.g. whether institutional or private client;
                     c.    the risk appetite of the intermediary or introducer; and
                     d.    the nature of the services which the intermediary or introducer provides to its
                           customers.


60                                                                                         Effective from: 4 February 2008
                                                                                                      Revised 20 July 2009
                                                                      Handbook for regulated financial services businesses

                                                                 Part 1: Section 4 – Identification and verification of identity



               • Whether relationships are conducted by the intermediary or introducer on a face to face
                 basis.
               • Whether specific relationships are fully managed by an introducer.
               • The extent to which the intermediary or introducer itself relies on third parties to identify its
                 customers and to hold evidence of identity or to conduct other due diligence measures, and
                 whether such third parties are relevant persons or carry out an equivalent business.
               • Whether or not specific intermediary or introduced relationships involve PEPs or other
                 higher risk relationships.
               Additional measures
       171. Where, having assessed risk, a relevant person determines that additional measures are
            required, these may include all, or some, of those listed below:
               • Making specific enquiries of the intermediary or introducer to determine the adequacy of
                 measures to combat money laundering and financing of terrorism in place.
               • Reviewing the policies and procedures to combat money laundering and financing of
                 terrorism in place at the intermediary or introducer.
               • Where the intermediary or introducer is a member of a financial services group, making
                 enquiries concerning the extent to which group standards are applied to and assessed by
                 the intermediary’s or introducer’s compliance function or internal audit function.
               • Conducting (or commissioning from an external expert) periodic sample testing of the
                 adequacy of the intermediary’s or introducer’s policies and procedures to combat money
                 laundering and financing of terrorism, whether through onsite visits, or through requesting
                 specific customer due diligence information and/or copy documentation to be provided.
               • Requesting specific customer due diligence information and/or copy documentation to be
                 provided, to confirm that the intermediary or introducer is able to satisfy any requirement for
                 such information and documentation to be available without delay at the request of the
                 relevant person.
               • Where an intermediary or introduced relationship presents higher money laundering or
                 financing terrorism risk, considering whether it is appropriate to rely solely upon the
                 information provided by the intermediary or introducer, and whether additional customer due
                 diligence information and/or documentation is required.
               • Requiring that pooled relationships must not be used for higher risk customers, and that
                 designated relationships with increased disclosure of information be put in place for such
                 customers.

4.10.2         Intermediary relationships – Article 17

               OVERVIEW
       172. Where an intermediary meets the criteria outlined in Article 17 of the Money Laundering Order,
            a relevant person need not identify or verify the identity of the intermediary’s underlying
            customers, whether pooled or designated relationships. However, the relevant person’s risk
            assessment of the intermediary may necessitate the relevant person taking additional
            measures, as set out in Section 4.10.1, above.
       173. The capacity in which the intermediary is acting will be relevant. Where an intermediary is
            acting other than in the course of: (a) deposit-taking business; (b) insurance business; (c)
            investment business or (d) fund services business, or is a permit holder or a certificate holder,
            then a relevant person may not rely on Article 17.
               STATUTORY REQUIREMENTS
       174. Under Article 17 of the Money Laundering Order a relevant person need not identify and verify
            the identity of third parties (underlying customers) for whom an intermediary is acting (or any



Effective from: 4 February 2008                                                                                              61
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


                beneficial owners and controllers of those third parties) where it establishes that there are
                reasonable grounds for believing that:
                • the intermediary is acting in the course of: deposit-taking business, insurance business,
                  investment business, fund services business, or is a permit holder or certificate holder; or
                • the intermediary carries on equivalent business to the above categories of regulated
                  business (refer to Section 1.7).
        175. A relevant person may not rely on the concession in the Money Laundering Order where it has
             suspicion of money laundering.
                REGULATORY REQUIREMENTS
        176. A relevant person must be able to demonstrate that the conditions required by the Money
             Laundering Order are met.

4.10.3          Intermediary and introduced relationships – Article 16

                OVERVIEW
        177. Where an intermediary or introducer meets the requirements outlined in Article 16 of the Money
             Laundering Order, a relevant person is permitted to place reliance on the intermediary or
             introducer to have conducted identification measures in respect of the relevant person’s
             underlying or introduced customers. This means that a relevant person does not need to
             duplicate identification measures that will have already been conducted by the intermediary or
             introducer.
        178. Whilst a customer information profile containing necessary CDD information on the underlying
             customer and its beneficial owners and controllers must be obtained for both designated and
             pooled relationships with intermediaries, and applicants introduced by introducers, the relevant
             person accepting the relationship is not also required to obtain evidence of identity. Evidence
             of identity may be held by the intermediary or introducer, so long as the relevant person is
             satisfied that the intermediary or introducer will provide the evidence that it holds on request
             and without delay.
        179. In the case of a trustee that is an intermediary for a trust, the underlying customer is
             considered to be the individuals concerned with the trust (Section 4.4).
        180. When considering the relevant requirements to apply to intermediary relationships, provisions
             concerning lower risk products (Section 4.10.5) may also be relevant.
        181. Where customer due diligence information is passed by an intermediary to a relevant person in
             order to comply with requirements to counter money laundering and the financing of terrorism,
             the Data Protection (Jersey) Law 2005 restricts the use of the information to that purpose,
             except where another condition for processing personal data applies.
                STATUTORY REQUIREMENTS
        182. Article 16 of the Money Laundering Order permits a relevant person to rely upon an
             intermediary or introducer to have applied specified identification measures, where it obtains a
             confirmation from an intermediary or introducer on certain matters. It may do so where:
                • the applicant for business is an intermediary (i.e. is acting on behalf of underlying
                  customers) that meets the conditions set out below; or
                • the applicant for business is introduced by an introducer that meets the conditions set out
                  below.
        183. The relevant person must have reasonable grounds for believing that:
                • the intermediary or introducer is a relevant person that is overseen for AML/CFT compliance
                  in Jersey; or
                • the intermediary or introducer is a person who carries on equivalent business (refer to
                  Section 1.7).
        184. The relevant person must obtain a confirmation from the intermediary or introducer that:

62                                                                                   Effective from: 4 February 2008
                                                                                                Revised 20 July 2009
                                                                        Handbook for regulated financial services businesses

                                                                   Part 1: Section 4 – Identification and verification of identity



               • is in writing;
               • confirms that the applicant for business is an established customer of the introducer (where
                 the customer relationship is introduced);
               • contains adequate assurance that the intermediary or introducer has undertaken the
                 necessary customer identification measures;
               • for intermediary relationships, contains sufficient information about the third parties
                 (underlying customers) for whom the intermediary is acting (and of any beneficial owners
                 and controllers of the third parties);
               • for introduced relationships, in line with Articles 13 and 3 of the Money Laundering Order
                 contains sufficient information about the applicant for business and any beneficial owners
                 and controllers of the applicant, and also any third parties that the introduced customer may
                 be acting for, and any person purporting to act on behalf of the introduced customer –
                 where reliance is placed on the introducer;
               • contains adequate assurance that the intermediary or introducer is required to keep and
                 does keep records containing the evidence of identity of:
                   a.    for intermediary relationships, the third parties (underlying customers) for whom the
                         intermediary is acting (and of any beneficial owners and controllers of the third parties);
                         or
                   b.    for introduced relationships, the applicant for business and any beneficial owners and
                         controllers of the applicant, and also any third parties that the introduced customer may
                         be acting for, and any person purporting to act on behalf of the introduced customer –
                         where reliance is placed on the introducer; and
               • contains adequate assurance that the intermediary or introducer will provide the evidence of
                 the identity without delay at the request of the relevant person.
       185. A relevant person may not rely on this concession where it suspects money laundering.
       186. The ultimate responsibility for ensuring that customer identification and verification measures
            are adequate remains with the relevant person. In order to place reliance on an introducer or
            intermediary, the introducer or intermediary must have provided its consent to do so.


               REGULATORY REQUIREMENTS
       187. A relevant person must be able to demonstrate that the conditions required by the Money
            Laundering Order are met.
       188. In order to demonstrate that a relevant person has obtained sufficient information about the
            underlying customer, or introduced customer, a relevant person must:
               • Obtain customer information profiles from the intermediary or introducer on each of the
                 intermediary’s underlying customers, or introduced customers - in line with guidance for
                 individuals, trustees, and legal bodies – set out in Sections 4.3 to 4.5. The information
                 provided in the customer information profile will depend upon the relevant person’s
                 assessment of the risk presented by a particular individual, trustee or legal body.
               • Be satisfied that the intermediary or introducer will notify the relevant person of any material
                 changes to the customer information profile provided.
       189. All evidence of identity passed by the intermediary or introducer to a relevant person (on
            request) must be confirmed by the intermediary or introducer as being a true copy of either an
            original or copy document held on its file.
       190. In the event that an introducer terminates its relationship with a customer introduced to a
            relevant person, the relevant person must require the introducer to provide the relevant person
            with:
               • copies of the relevant evidence of identity held; or


Effective from: 4 February 2008                                                                                                63
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


                • an assurance that the introducer will continue to hold the necessary evidence on behalf of
                  the relevant person until such time as is agreed.
                GUIDANCE NOTES
                Access to CDD information and documentation
        191. A relevant person may demonstrate that an intermediary or introducer will provide CDD
             information and documentation in relation to underlying customers, and introduced customers,
             without delay where it requires relevant CDD information and documentation to be made
             available within 5 working days of a request.
        192. Where an intermediary or introducer is located in a jurisdiction known to have restrictive
             secrecy provisions, a relevant person may demonstrate that it has adequate access to CDD
             information and documentation where it periodically requests such information or
             documentation to be provided (and it is provided), or otherwise obtains access to review the
             relevant information and documentation held by the intermediary or introducer.
                Responsibility for failures in identification measures
        193. A relevant person will remain responsible for the satisfactory performance of all elements of
             identification measures. However, where the measures taken are reasonable, it will have a
             defence should the intermediary or introducer fail to have performed satisfactory measures.
                Template customer information profiles
        194. Refer to Appendix C for template customer information profiles setting out customer
             information to be collected for intermediary and introduced relationships.

4.10.4          Group intermediaries and introducers in certain jurisdictions – Article 16

                OVERVIEW
        195. Where the following criteria are met, then under Article 16 of the Money Laundering Order, a
             relevant person may rely on an intermediary or introducer that is in the same group as the
             relevant person to have obtained and to hold evidence of identity on its behalf in the way
             described in Section 4.10.3, notwithstanding that the intermediary or introducer itself may not
             be directly subject to legal requirements to combat money laundering and financing of terrorism
             that are consistent with the FATF Recommendations or subject to direct supervision.
        196. As for other intermediary or introduced relationships, a customer information profile containing
             necessary CDD information on the underlying customer and its beneficial owners and
             controllers or introduced customer must be obtained for each group intermediary or group
             introduced relationship. Evidence of identity may be held by the intermediary or introducer, so
             long as the relevant person is satisfied that the group intermediary or introducer will provide the
             evidence on request and without delay.
                GUIDANCE NOTES
        197. A group intermediary or introducer may demonstrate that it has met the criteria established in
             Article 5 of the Money Laundering Order where:
                • The intermediary or introducer carried on a category of business equivalent to a category
                  outlined in Schedule 2 of the Proceeds of Crime Law and is a branch or subsidiary in the
                  same group as the relevant person;
                • The intermediary or introducer is registered or otherwise authorised in another country;
                • The intermediary or introducer is subject to group requirements to combat money
                  laundering and financing of terrorism;
                • The conduct of the intermediary’s or introducer’s business is subject to supervision for
                  compliance with group requirements to combat money laundering and financing of terrorism
                  by an overseas regulatory authority; and
                • The group’s parent meets the conditions required by Article 5 of the Money Laundering
                  Order for equivalent businesses (refer to Section 1.7).


64                                                                                    Effective from: 4 February 2008
                                                                                                 Revised 20 July 2009
                                                                        Handbook for regulated financial services businesses

                                                                   Part 1: Section 4 – Identification and verification of identity



4.10.5         Intermediary customers and lower risk products

               OVERVIEW
       198. Where an intermediary is covered by Article 16 (but not also Article 17), a customer information
            profile will be required for each underlying customer. However, the following section sets out
            circumstances where a relevant person provides a lower risk product, or where the product that
            is controlled or administered by the intermediary itself presents lower risk, where it may be
            appropriate to operate a relationship without a customer information profile for each underlying
            customer.
               GUIDANCE NOTES
       199. A relevant person may demonstrate that it has satisfied the requirement of the Money
            Laundering Order for sufficient customer information to be obtained under Article 16 of the
            Money Laundering Order, where the relationship is established on an undisclosed basis with
            an intermediary (that is covered by Article 16) for one or more of the following:
               • Investment products controlled or administered by the intermediary which are closed-ended,
                 where there is no liquid market for shares, units, or interests in the investment product, and
                 where the funds for investment and the proceeds of the investment are received from and
                 returned to the investor, and not third parties.
               • Employee benefit schemes (including pension schemes) controlled or administered by the
                 intermediary, which are funded either by the sponsor or by deductions from employee
                 remuneration, and which are for the benefit only of the sponsor’s employees, or the
                 employees’ immediate family.
               • The limited pooling of funds by an intermediary for one of the following purposes:
                   a.    the facilitation of immovable Jersey property transactions;
                   b.    pending the transfer to a designated account for an underlying customer, where the
                         funds are not to be held on an undisclosed basis for longer than 40 days;
                   c.    pending the receipt of instructions when exiting a customer relationship, where the
                         funds are not to be held on an undisclosed basis for longer than 40 days;
                   d.    to facilitate ad hoc (not routine) cheque payments where designated accounts do not
                         otherwise have this facility;
                   e.    to provide underlying customers with access to low cost banking facilities where
                         customers’ liquid assets are of insufficient value and volume for the establishment of a
                         designated relationship (e.g. balances of £1,000 or less per relationship, with little
                         activity);
                   f.    to facilitate the aggregation of statutory fees for onward payment;
                   g.    to receive fees payable to the intermediary which have been paid in advance; and
                   h.    to receive customer money on an ad hoc basis paid to the intermediary in error.
       200. A relevant person may also demonstrate that it has satisfied the requirements of the Money
            Laundering Order, without obtaining CDD information in the form of a customer information
            profile, where it accepts an aggregated deposit of customer funds (or funds for investment)
            from a bank account held in the name of a person carrying on financial services business that
            is a regulated person (or is regulated by the Guernsey Financial Services Commission or the
            Isle of Man Financial Supervision Commission), where the funds (and any income or profit
            generated) will only be returned to the bank account from which the funds originated.




Effective from: 4 February 2008                                                                                                65
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity




4.11            REDUCED OR SIMPLIFIED MEASURES: VERIFICATION OF IDENTITY CONCESSION FOR
                VERY LOW RISK PRODUCTS/SERVICES

                OVERVIEW
        201. Where funds involved in a relationship:
                • have been received from a bank that is a regulated person or carries on equivalent business
                  to deposit-taking (refer to Section 1.7); and
                • have come from an account in the sole or joint name of the applicant for business,
                then the receipt of funds from such an account will be considered to provide a satisfactory
                means of verifying the identity of an applicant for business, where: (i) the product or service
                requested by the applicant for business is considered to present a very low money laundering
                risk, and (ii) where the applicant for business is not considered to present higher risk.
        202. The basis for this concession is that funds may only be received from and paid to an account in
             the customer’s name, i.e. a product or service where funds may not be paid in by, or paid out
             to, third parties.
                REGULATORY REQUIREMENTS
        203. In considering whether it is appropriate for verification of a customer’s identity to be carried out
             using this concession, a relevant person must be able to demonstrate that an applicant for
             business does not present higher risk and that it is reasonable for the concession to apply.
             Particular care must be taken in circumstances where an applicant is not an individual.
        204. To benefit from this concession, the product or service must satisfy the following conditions:
                • all initial and future payments must be received from an account at a bank that is a
                  regulated person or carries on an equivalent business to deposit-taking (refer to
                  Section 1.7), where the account can be confirmed as belonging to the applicant for
                  business;
                • no initial or future payments may be received from third parties;
                • cash withdrawals are not permitted, with the exception of face to face withdrawals by the
                  customer, where he is required to produce evidence of identity before the withdrawal can be
                  made;
                • no payments may be made, other than to an account at a bank that is a regulated person or
                  carries on an equivalent business to deposit-taking (refer to Section 1.7), where the account
                  can be confirmed as belonging to the customer, or on the death of the customer to a
                  personal representative named in the grant of probate or the letters of administration; and
                • no future changes must be made to the product or service that enable funds to be received
                  from or paid to third parties.
        205. In the event that the above conditions are breached, the identity of the customer must be
             verified at that time in accordance with Section 4.3, Section 4.4, or Section 4.5.
        206. A relevant person must obtain and retain evidence confirming that payment has been received
             from an account at a bank that is a regulated person or carries on an equivalent business to
             deposit-taking (refer to Section 1.7), and, where a request for a withdrawal or transfer to
             another bank account is received, confirmation that this account is also in the customer’s name
             and held at a bank that is a regulated person or carries on an equivalent business to deposit-
             taking (refer to Section 1.7).
        207. If a relevant person has reason to suspect the motive behind a particular transaction or
             believes that the business is being structured to avoid standard identification measures, it must
             not use this concession.




66                                                                                    Effective from: 4 February 2008
                                                                                                 Revised 20 July 2009
                                                                       Handbook for regulated financial services businesses

                                                                  Part 1: Section 4 – Identification and verification of identity




4.12           TIMING OF INITIAL IDENTIFICATION AND VERIFICATION OF IDENTITY

               STATUTORY REQUIREMENTS
       208. Article 13(1) of the Money Laundering Order requires identification measures to be applied
            before the establishment of a relationship or before carrying out a one-off transaction.
       209. However, Article 13(4) of the Money Laundering Order permits verification of identity to be
            completed as soon as reasonably practicable after the establishment of a business relationship
            if:
               • it is necessary not to interrupt the normal conduct of business; and
               • there is little risk of money laundering occurring as a result of completing such verification
                 after establishing the relationship.

               GUIDANCE NOTES
       210. Funds may be received from an applicant during the course of establishing a business
            relationship. A relationship is established once a relevant person acts on instructions as to the
            operation of that relationship, for example, invests funds in a financial product on behalf of a
            customer.
       211. Guidance as to appropriate steps to take where a relevant person is unable to complete
            identification measures is provided in Section 4.14.

4.12.1         Delayed completion of verification requirements

               OVERVIEW
       212. Article 13(4) of the Money Laundering Order allows, in certain circumstances, a relevant
            person a reasonable timeframe to undertake the necessary enquiries for the completion of
            verification measures after the initial establishment of a relationship. Where a reasonable
            excuse for the continued non-completion of verification measures cannot be provided, in order
            to comply with Article 14(2) of the Money Laundering Order, a relevant person must terminate
            the relationship (Section 4.14).
       213. In the case of a customer that is a trustee, paragraph 67 of this section is relevant. In the case
            of a customer that is a foundation, paragraph 105 of this section is relevant (to the extent that it
            applies to any beneficiary that is entitled to benefit under the foundation).
               REGULATORY REQUIREMENTS
       214. A relevant person may complete verification of identity after the initial establishment of a
            relationship if the following conditions are met:
               • all other necessary customer due diligence information (including information on identity)
                 has been obtained;
               • the need to perform verification of identity at a later stage is essential not to interrupt the
                 normal conduct of business;
               • verification of identity is carried out as soon as is reasonably practicable;
               • it highlights to its customer its obligation to terminate the relationship at any time on the
                 basis of non-completion of verification measures; and
               • money laundering risk is effectively managed.
       215. In any event, a relevant person must not pay away funds to a third party, other than to invest or
            deposit the funds on behalf of the customer, until such time as identity has been verified.
               GUIDANCE NOTES
       216. A relevant person may demonstrate that it has a right to terminate a relationship where terms
            of business which govern its relationships with its customers encompass the termination of

Effective from: 4 February 2008                                                                                               67
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 4 – Identification and verification of identity


                relationships due to non-completion of verification measures. Terms and conditions should
                clearly state that termination may lead to an applicant suffering losses – where, e.g. funds have
                been invested in a collective investment fund.
        217. Money laundering risk may be effectively managed where:
                • policies and procedures establish timeframes for the completion of verification measures;
                • the establishment of any relationship benefiting from this concession has received
                  appropriate authorisation and such relationships are appropriately monitored so that
                  verification of identity is carried out as soon as is reasonably practicable; and
                • appropriate limits or prohibitions are placed on the number, type and amount of transactions
                  over an account.

4.13            SUBSEQUENT IDENTIFICATION AND VERIFICATION OF IDENTITY

                STATUTORY REQUIREMENTS
        218. Article 13(1)(c)(i) of the Money Laundering Order requires a relevant person to carry out
             identification measures where it suspects money laundering, whether or not an exemption or
             concession from identification measures had previously been applied.
        219. In addition, where a relevant person has doubts about the veracity or adequacy of documents,
             data or information previously obtained under customer due diligence measures,
             Article 13(1)(c)(ii) of the Money Laundering Order requires the business to take steps to carry
             out identification measures.
        220. Article 14(6) of the Money Laundering Order provides that identification measures need not be
             applied where a relevant person is acting with the consent of the JFCU and where an existing
             relationship is terminated, relationship is not established, or one-off transaction not completed
             or carried out.
                GUIDANCE NOTES
        221. A relevant person may demonstrate that it has carried out the identification measures required
             under Article 13(1)(c)(ii) of the Money Laundering Order where it does so in cases where a
             trustee, legal body, foundation, intermediary or introducer advises of a change to identification
             information that it has provided to the relevant person under Sections 4.4.1, 4.5.1, 4.5.3, and
             4.10.3 respectively.

4.14            FAILURE TO COMPLETE IDENTIFICATION OR VERIFICATION OF IDENTITY

                OVERVIEW
        222. Where identification measures cannot be completed, a relevant person must not proceed or
             continue with a relationship or one-off transaction. The ease, with which a relationship may be
             terminated, will depend upon how funds have been invested. For example, whereas a bank
             can close an account relatively easily and returns funds to a customer, it may be less
             straightforward for a fund to affect a compulsory redemption, particularly where it is closed
             ended, or where valuation dates are infrequent.
        223. Wherever possible, when terminating a relationship where customer money or other assets
             have been received, a relevant person should return the assets directly to the customer, for
             example by returning money to the account from which it was received.
        224. Where the customer requests that money or other assets be transferred to third parties, or to a
             different account in the customer’s name, the relevant person should assess whether this
             provides grounds for knowledge or suspicion, or reasonable grounds for knowledge or
             suspicion, of money laundering or financing of terrorism.




68                                                                                     Effective from: 4 February 2008
                                                                                                  Revised 20 July 2009
                                                                   Handbook for regulated financial services businesses

                                                              Part 1: Section 4 – Identification and verification of identity




               STATUTORY REQUIREMENTS
       225. If a relevant person is unable to apply identification measures before the establishment of a
            relationship or before carrying out a one-off transaction (except in the circumstances provided
            for in Article 13(4) of the Money Laundering Order), Article 14(1) of the Money Laundering
            Order requires that a relevant person shall not establish that business relationship or carry out
            that one-off transaction.
       226. Article 14(2) of the Money Laundering Order provides that if a relevant person is unable to
            apply identification measures in the circumstances described in Article 13(4), it shall terminate
            the relationship.
       227. Article 14(4) of the Money Laundering Order provides that a relevant person must terminate a
            business relationship where it cannot apply ongoing identification measures.
       228. Article 14(11) of the Money Laundering Order provides that a business relationship or one-off
            transaction may proceed or continue where a relevant person is acting with the consent of the
            JFCU.




Effective from: 4 February 2008                                                                                           69
Revised 20 July 2009
Handbook for regulated financial services businesses

Part 1: Section 5 – Monitoring activity and transactions




5              MONITORING ACTIVITY AND TRANSACTIONS

5.1             OVERVIEW OF SECTION

       1.       Sections 3 and 4 address the capturing of sufficient information about a customer that will allow
                a relevant person to: develop a profile of expected activity to provide a basis for recognising
                unusual activity and transactions; and identify higher risk activity or transactions, which may
                indicate money laundering or financing of terrorism.
       2.       This section requires a relevant person to monitor business relationships and to apply scrutiny
                to unusual and higher risk activity or transactions, and also to specific higher risk activity, so
                that money laundering or the financing of terrorism may be identified and, where possible,
                prevented. An effective monitoring system requires a relevant person to identify unusual and
                higher risk activity, to maintain up to date customer due diligence information and to ask
                pertinent questions to determine whether there is a rational explanation for the activity or
                transactions identified. The scrutiny of activity and transactions may involve requesting
                additional customer due diligence information.
       3.       For some customers, a complete customer profile and appropriate risk assessment may only
                become evident once the relationship has been established, making monitoring of customer
                activity and transactions key to obtaining a complete understanding of business relationships.
       4.       Unusual activity or transactions may be identified as activity that is inconsistent with the
                expected pattern of activity within a particular relationship, or with the normal business
                activities for the type of product or service that is being delivered. Where a relevant person’s
                customer base is homogeneous, and where the products and services provided to customers
                result in uniform patterns of activity or transactions, it will be more straightforward to establish
                parameters to identify usual and unusual activity. However, where each customer is unique,
                and where the product or service provided is bespoke, a relevant person will need to tailor
                monitoring systems to the nature of its business and facilitate the application of additional
                judgement and experience to the identification of unusual activity. For such businesses,
                appropriate staff training in the recognition of unusual activity is vital.
       5.       Monitoring procedures may involve both real time and post event monitoring. Real time
                monitoring will focus on activity and transactions when information or instructions are received
                from customers, before or as the instruction is processed. Post event monitoring may involve
                end of day, weekly, monthly or annual reviews of customer activity and transactions. Real time
                monitoring of activity will be more effective at reducing a relevant person’s exposure to money
                laundering and financing terrorism risk. Post event monitoring may be more effective at
                identifying patterns of unusual customer activity or transactions.
       6.       Monitoring may involve manual and automated procedures. Automated monitoring procedures
                may add value to manual procedures (particularly for businesses with large volumes of
                customer transactions) by producing exception reports identifying transactions or activity for
                further examination that fall outside of parameters for usual activity. The appropriateness of
                automated monitoring procedures will depend on the relevance of the parameters to the nature
                of business undertaken by a relevant person.
       7.       Unusual or higher risk activity or transactions may indicate money laundering or financing
                terrorism activity where there is no apparent economic or visible lawful purpose.
       8.       Where monitoring indicates possible money laundering or financing terrorism activity, and the
                process of undertaking identification procedures is managed without due care, contact between
                a relevant person and a customer (or his advisors) could unintentionally lead to the customer
                being tipped off. Section 6.4 considers this situation.
       9.       Reporting of knowledge, suspicion, or reasonable grounds for knowledge or suspicion of
                money laundering and financing of terrorism is addressed in Section 6.


70                                                                                       Effective from: 4 February 2008
                                                                                      Section 5.2.1 Revised 22 July 2010
                                                                      Handbook for regulated financial services businesses

                                                                     Part 1: Section 5 – Monitoring activity and transactions



       10.     Sufficient guidance and training of staff is essential to enable them to recognise money
               laundering and financing terrorism activity. Requirements for training in the recognition and
               handling of suspicious activity are covered in Section 7.
       11.     This section should be read and understood in conjunction with Sections 3, 4, and 6.

5.2            OBLIGATION TO MONITOR

               STATUTORY REQUIREMENTS
       12.     Article 13 of the Money Laundering Order requires a relevant person to scrutinise transactions
               undertaken throughout the course of a business relationship to determine whether the
               transactions being conducted are consistent with the relevant person’s knowledge of the
               customer.
       13.     Article 11 provides that policies for the application of customer due diligence procedures are
               appropriate having regard to the degree of risk of money laundering. The policies referred to
               include those:
               •   which provide for the identification and scrutiny of:

                   a.   complex or unusually large transactions;
                   b.   unusual patterns of transactions, which have no apparent economic or lawful purpose;
                   c.   business relationships and transactions connected with jurisdictions that do not, or
                        insufficiently, apply the FATF Recommendations;
                   d.   business relationships and transactions with persons or jurisdictions that are subject to
                        UN or EU sanctions and measures or measures imposed by one more countries for
                        insufficient or non-existent application of FATF Recommendations; or
                   e.   any other activity, the nature of which causes the relevant person to regard it as
                        particularly likely to be related to money laundering or the financing of terrorism.
               •   which specify additional procedures where products and transactions are susceptible to
                   anonymity and;

               •   which determine whether a customer is a PEP.

       14.     Article 15 requires that a relevant person apply enhanced customer due diligence using a risk
               based approach where:
               •   a customer is not physically present for identification purposes;

               •   the relevant person proposes to have a business relationship or carry out a one-off
                   transaction with a PEP;

               •   the relevant person is a holds a deposit-taking licence and proposes to establish a
                   correspondent banking relationship; and

               •   the nature of the situation is such that a higher risk of money laundering is likely.

              REGULATORY REQUIREMENTS
       15.     A relevant person must, as a part of its ongoing identification procedures, establish appropriate
               customer activity and transaction monitoring procedures that scrutinise the activity and
               transactions of its customers.
       16.     The monitoring procedures must require more intensive scrutiny of higher risk customers
               (including PEPs) and higher risk products/services.
       17.     The monitoring procedures must:


Effective from: 4 February 2008
Section 5.2.1 Revised 22 July 2010
                                                                                                                          71
Handbook for regulated financial services businesses

Part 1: Section 5 – Monitoring activity and transactions


                •    involve a relevant person applying its understanding of its business (i.e. the outcome of its
                     business risk assessment – Section 2.3.1) to determine the nature of usual activity and its
                     expectations for unusual and higher risk activity and transactions;

                •    be designed to result in the identification of unusual and higher risk activity or transactions;

                •    require that, in particular, special attention is paid to specific higher risk activity and
                     transactions (see 18 below);

                •    require the examination of any unusual or higher risk activity or transaction by an
                     appropriate person to determine the background and purpose of the activity or transaction;

                •    in connection with the above examination, involve the collection of additional information
                     (where appropriate);

                •    establish whether there is a rational explanation (an apparent economic or visible lawful
                     purpose) for the unusual or higher risk activity or transaction, and document these findings
                     in writing; and

                •    result in appropriate action being taken as a result of the findings of the above procedures.

       18.      When conducting monitoring procedures, the following are to be considered to be higher risk
                activity and transactions:
                •    complex transactions;

                •    unusual large transactions;

                •    unusual patterns of transactions, which have no apparent economic or lawful purpose;

                •    activity and transactions: (i) connected with jurisdictions which do not, or insufficiently
                     apply, the FATF Recommendations; or (ii) which are the subject of UN or EU
                     countermeasures; and

                •    activity and transactions that may be conducted with persons who are the subject of UN or
                     EU sanctions and measures.

       19.      A relevant person must have policies and procedures in place to address any specific risks
                associated with customer relationships established where the customer was not physically
                present for identification purposes (i.e. non-face to face).
               GUIDANCE NOTES
       20.      Appropriate monitoring systems. In determining the nature of the monitoring procedures
                appropriate for a business, a relevant person may have regard to the following factors:
                •    its business risk assessment;

                •    the size and complexity of its business;

                •    its ability to monitor transactions or activity in real time (i.e. before customer instructions
                     are put into effect);

                •    whether it is possible to establish appropriate standardised parameters for unusual activity;
                     and

                •    the monitoring procedures that already exist to satisfy other business needs.



72                                                                                        Effective from: 4 February 2008
                                                                                       Section 5.2.1 Revised 22 July 2010
                                                                     Handbook for regulated financial services businesses

                                                                    Part 1: Section 5 – Monitoring activity and transactions



       21.     Identifying unusual activity/transactions. Appropriate factors to consider in determining
               whether activity or transactions are unusual include:
               •   the expected frequency, size, volume and origin/destination of customer funds whether
                   specific to an individual customer, or for a generic customer type or product type; and

               •   the presence of risk factors specific to the nature of the activity and customer base of the
                   relevant person. A relevant person should determine risk factors based on its knowledge of
                   its customer base (refer to Section 2.3.1) and should have regard to typologies (whether
                   external or developed from its own experiences) relevant to the nature of business
                   activities.

       22.     Examining unusual and higher risk activity. A relevant person may demonstrate that it is
               appropriately examining unusual and higher risk activity and transactions where it:
               •   reviews the identified activity/transaction in light of the customer risk assessment and the
                   customer due diligence information that it holds;

               •   makes further enquiries to obtain any further information required to enable a determination
                   as to whether the activity/transaction has a rational explanation; and

               •   considers the activity or transaction in the context of any other relationships connected with
                   the customer.

       23.     The examination of unusual and higher risk activity or transactions may be conducted either by
               customer facing staff, or by an independent reviewer. In any case, the reviewer must have
               access to relevant customer due diligence information, and the enquiries made and the
               conclusions reached by the reviewer must be appropriate. Refer to Section 8 for record
               keeping requirements in relation to the examination of higher risk activity and transactions.
       24.     Appropriate follow up action may include:
               •   Updating customer due diligence information to record the results of the enquiries made;

               •   Reviewing the appropriateness of the customer risk assessment in light of the unusual
                   activity and/or additional customer due diligence information obtained;

               •   Considering whether tuning of the monitoring system is required, e.g. to result in further
                   staff training in the identification of unusual or higher risk activity and transactions,
                   refinement of the monitoring system’s parameters, enhancement of controls for more
                   vulnerable products/services/business units;

               •   Applying increased levels of monitoring to particular relationships;

               •   Where the activity or transaction does not have a rational explanation, considering whether
                   the circumstances require a suspicious activity report to be submitted to the relevant
                   person’s MLRO (Section 6).

       25.     In line with enhanced due diligence requirements for higher risk customers (Section 3.4), more
               intensive scrutiny of customer activity and transactions may involve, for example:
               •   More frequent review and updating of customer due diligence information;

               •   More regular review of customer activity and transactions against the customer’s expected
                   activity profile;

               •   The application of lower thresholds for the monitoring of customer activity and transactions;

               •   Customer reviews being conducted by persons not directly involved in managing customer
                   relationships.

Effective from: 4 February 2008
Section 5.2.1 Revised 22 July 2010
                                                                                                                         73
Handbook for regulated financial services businesses

Part 1: Section 5 – Monitoring activity and transactions




5.2.1          Countries and territories that do not, or insufficiently, apply FATF Recommendations

               OVERVIEW
       26.      The risk that relationships are tainted by funds that are the proceeds of crime or are used to
                fund terrorism is increased where the relationship has a connection with a jurisdiction that does
                not apply, or insufficiently applies, the FATF Recommendations, as a weak framework to
                combat money laundering and the financing of terrorism increases the risk that the proceeds of
                crime or terrorist funding can enter the financial system, and remain undetected. For example,
                where the requirements for customer due diligence procedures are weak, or where there is an
                absence of transparency or regulatory measures for legal bodies or express trusts.
               REGULATORY REQUIREMENT
       27.      Countries and territories in Group 1 of Appendix D are to be treated as countries and territories
                that do not apply, or insufficiently apply, the FATF Recommendations under Article 15(3A) of
                the Money Laundering Order.

5.3             AUTOMATED MONITORING METHODS

               OVERVIEW
       28.      Automated monitoring methods may be effective in recognising unusual and higher risk activity
                or transactions.
       29.      Exception procedures and reports can provide a simple but effective means of monitoring all
                transactions to or from particular geographical locations or accounts, and any activity that falls
                outside of pre-determined parameters - based on thresholds that reflect the nature and level of
                activity and the risk profiles or the relationships that are being monitored.
       30.      Large or more complex relevant persons may also use automated monitoring systems to
                facilitate the monitoring of significant volumes of transactions, or - in an e-commerce
                environment - where the opportunity for human scrutiny of individual transactions is limited.
       31.      However, use of automated monitoring systems does not remove the requirement for a
                relevant person to otherwise remain vigilant. Factors such as staff intuition, direct contact with
                a customer, and the ability, through experience, to recognise activity and transactions that do
                not seem to make sense, cannot be automated.
       32.      In the case of monitoring activity and transactions that may be conducted with individuals who
                are the subject of countermeasures, applied under UN and EU sanctions and measures, the
                use of electronic external data sources may be particularly effective.




74                                                                                     Effective from: 4 February 2008
                                                                                    Section 5.2.1 Revised 22 July 2010
                                                                                Handbook for regulated financial services businesses

                                  Part 1: Section 6 - Reporting Money Laundering and Financing of Terrorism Activity and Transactions




6             REPORTING MONEY LAUNDERING AND FINANCING
              TERRORISM ACTIVITY AND TRANSACTIONS

6.1            OVERVIEW OF SECTION

       1.      This section outlines the statutory provisions concerning disclosure of information where a
               relevant person has knowledge, suspicion, or reasonable grounds for knowledge or suspicion
               that the business itself, or another person, is involved in money laundering or financing
               terrorism, and the requirements for reporting procedures. It also provides guidance on making
               internal and external suspicious activity reports. Additional information on these statutory
               provisions is contained within Part 2 of the Handbook.
       2.      This section describes disclosures made under the Proceeds of Crime Law, Drug Trafficking
               Offences Law and Terrorism Law, and reports made according to a relevant person’s reporting
               procedures (as required by the Money Laundering Order) as suspicious activity reports.
               Although referred to here as suspicious activity reports, depending on the circumstances the
               reports may involve knowledge of money laundering or financing of terrorism, rather than
               suspicion (or reasonable grounds for knowledge or suspicion).
       3.      There are three situations in which a relevant person, or one of its employees, will make a
               suspicious activity report:
               • where the relevant person (or one of its employees) believes that the business may have,
                 itself, committed a money laundering or financing of terrorism offence, for example by
                 becoming concerned in an arrangement facilitating money laundering or the financing of
                 terrorism;
               • where legislation contains an offence of failure to make a suspicious activity report to JFCU
                 that another person is connected with either money laundering or the financing of terrorism;
                 and
               • as a result of obligations under the Money Laundering Order for a relevant person to have
                 procedures in place to disclose that another person is engaged in money laundering or the
                 financing of terrorism.
       4.      Often, a single report may cover two separate provisions. For example, internal reporting
               procedures at a relevant person may lead to a suspicious activity report (under Article 21 of the
               Money Laundering Order) that another person (“person A”) is engaged in money laundering.
               Where the same relevant person also knows or suspects that it has become concerned in an
               arrangement with person A, then the suspicious activity report may also relate to Article 32 of
               the Proceeds of Crime Law - so that it does not commit an offence under that article.
       5.      Throughout this section, references to an “applicant for business” or “applicant” relate to a
               prospective customer, and references to a “customer” relate to a person with whom a business
               relationship has been formed or transaction conducted.

6.2            DISCLOSURE OF KNOWLEDGE OR SUSPICION TO THE JFCU

               STATUTORY REQUIREMENTS
       6.      Article 32 (assisting another to retain the benefit of criminal conduct) and Article 33 (acquisition,
               possession or use of proceeds of criminal conduct) of the Proceeds of Crime Law state that
               where a person is concerned in an arrangement involving the proceeds of crime, or has
               possession of the proceeds of crime, he will not have committed an offence if he discloses
               knowledge or suspicion of his involvement in money laundering to a police officer (or to the
               MLRO in accordance with his employer’s procedures):
               • before any further actions, and if any further actions are done with the consent of a police
                 officer, or

Effective from: 4 February 2008
                                                                                                                                  75
Handbook for regulated financial services businesses

Part 1: Section 6 - Reporting Money Laundering and Financing of Terrorism Activity and Transactions


               • after an action, so long as the disclosure is made as soon as is reasonably possible.
       7.      Articles 37 and 38 of the Drug Trafficking Offences Law contain similar provisions. Article 22 of
               the Terrorism Law contains similar provisions in circumstances where offences would
               otherwise be committed under Article 15 (fund-raising), Article 16 (use and possession of
               property), Article 17 (funding arrangements) and Article 18 (money laundering).
       8.      Article 40 of the Drug Trafficking Offences Law also contains an offence where any person fails
               to report to a police officer (or to the MLRO in accordance with his employer’s procedures)
               knowledge or suspicion that another person is involved in drug money laundering, where that
               person acquired the knowledge or suspicion in the course of his trade, profession, business or
               employment. Article 20 of the Terrorism Law contains a similar offence of failure to report
               knowledge or suspicion of the financing of terrorism or money laundering, where the
               knowledge or suspicion arose during the course of a trade, profession, business or
               employment, other than that of a financial services business.
       9.      Article 23 of the Terrorism Law contains a further offence, where a person fails to report
               another person’s involvement in the financing of terrorism or money laundering, where he has
               knowledge, suspicion, or where there are reasonable grounds for knowledge or suspicion (the
               objective test), and where this arose during the course of financial services business.

6.3            PROCEDURES FOR REPORTING TO THE JFCU

               STATUTORY REQUIREMENTS
       10.     Article 37 of the Proceeds of Crime Law enables the Treasury and Resources Minister to
               prescribe reporting procedures to be followed by a relevant person.
       11.     The reporting procedures have been set down in Part 5 of the Money Laundering Order.
       12.     Article 21 requires that a relevant person must establish and maintain reporting procedures
               which:
               • communicate the identity of the MLRO (and any deputy MLROs) to the relevant person’s
                 employees;
               • require that a report is made to the MLRO (or to a deputy MLRO) of any information or other
                 matter coming to the attention of any member of staff handling financial services business
                 which, in the opinion of that person, gives rise to knowledge, suspicion or reasonable
                 grounds for knowledge or suspicion that another person is engaged in money laundering or
                 the financing of terrorism;
               • require that a report is considered promptly by the MLRO (or a deputy MLRO) in the light of
                 all other relevant information for the purpose of determining whether or not the information
                 or other matter contained in the report gives rise to knowledge, suspicion or reasonable
                 grounds for knowledge or suspicion of money laundering or financing terrorism;
               • allow the MLRO (or a deputy MLRO) to have access to all other information which may be
                 of assistance in considering the report; and
               • provide for the information or other matter contained in a report to be disclosed as soon as
                 is reasonably practicable by the MLRO (or deputy MLRO) to the JFCU in writing, where the
                 MLRO (or deputy MLRO) knows, suspects or has reasonable grounds to know or suspect
                 that another person is engaged in money laundering or the financing of terrorism.
       13.     Article 22 of the Money Laundering Order states that if a deputy MLRO, on considering a
               report, concludes that it does not give rise to knowledge, suspicion or reasonable grounds for
               knowledge or suspicion that another person is engaged in money laundering, the deputy
               MLRO need not forward it to the MLRO. If a deputy MLRO, on considering a report, has
               concluded that it does give rise to knowledge, suspicion or reasonable grounds for knowledge
               or suspicion that another person is engaged in money laundering, the MLRO need not consider
               that question.



76                                                                                                    Effective from: 4 February 2008
                                                                                Handbook for regulated financial services businesses

                                  Part 1: Section 6 - Reporting Money Laundering and Financing of Terrorism Activity and Transactions



6.3.1          Internal reporting procedures

               REGULATORY REQUIREMENTS
       14.     A relevant person must provide that:
               • Where an applicant for business or customer fails to supply adequate customer due
                 diligence information, or adequate documentation verifying identity (including the identity of
                 any beneficial owners and controllers), consideration is given to making a suspicious activity
                 report.
               • Internal reporting procedures encompass the reporting of attempted transactions and
                 business that has been turned away.
               • Staff make internal suspicious activity reports containing all relevant information to the
                 MLRO (or a deputy MLRO) as soon as it is reasonably practicable after the information
                 comes to their attention – in writing.
               • Suspicious activity reports include as full a statement as possible of the information giving
                 rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion of money
                 laundering or financing terrorism activity and full details of the applicant for business or
                 customer.
               • Reports are not filtered out by supervisory staff or managers such that they do not reach the
                 MLRO (or deputy MLRO).
               • Reports are acknowledged by the MLRO (or a deputy MLRO).
       15.     A relevant person must establish and maintain arrangements for disciplining any member of
               staff who fails, without reasonable excuse, to make an internal suspicious activity report where
               he or she has knowledge, suspicion or reasonable grounds for knowledge or suspicion of
               money laundering or financing terrorism.
               GUIDANCE NOTES
       16.     A relevant person may demonstrate that disclosure of knowledge, suspicion or reasonable
               grounds for knowledge or suspicion is made to the JFCU as soon as is reasonably practicable
               by:
               • Having in place reporting lines that are as short as possible with the minimum number of
                 people between the employee initiating the internal suspicious activity report and the MLRO
                 (or deputy MLRO). While a relevant person may allow its staff to discuss relationships and
                 transactions with line managers before making a suspicious activity report, it will be the
                 decision of the staff member whether to make the internal report to the MLRO.
               • In the case of a larger relevant person, or to cover temporary absences of the MLRO,
                 appointing deputy MLROs to assist the MLRO.
       17.     A relevant person may demonstrate that it has established and maintained appropriate
               arrangements for disciplining staff, where employment contracts and employment handbooks
               provide for the imposition of disciplinary sanctions for failing to report knowledge, suspicion or
               reasonable grounds for knowledge or suspicion without reasonable excuse.

6.3.2          Evaluation of suspicious activity reports by the MLRO

               REGULATORY REQUIREMENTS
       18.     A relevant person must provide that:
               • All relevant information is promptly made available to the MLRO (or deputy MLRO) on
                 request so that internal suspicious activity reports are properly assessed.
               • Each suspicious activity report is considered by the MLRO (or deputy MLRO) in light of all
                 relevant information.
               • The MLRO (or deputy MLRO) documents the evaluation process followed and reasons for
                 the decision to report or not to report to the JFCU.

Effective from: 4 February 2008
                                                                                                                                  77
Handbook for regulated financial services businesses

Part 1: Section 6 - Reporting Money Laundering and Financing of Terrorism Activity and Transactions


               GUIDANCE NOTES
       19.     In order to demonstrate that a report is considered in light of all relevant information when
               evaluating a suspicious activity report, the MLRO (or deputy MLRO) may:
               • Review and consider transaction patterns and volumes, previous patterns of instructions,
                 the length of the business relationship and customer due diligence information.
               • Examine other connected accounts or relationships. Connectivity can arise through
                 commercial connections, such as transactions to or from other customers or common
                 introducers, or through connected individuals, such as third parties, common ownership of
                 entities or common signatories. However, the need to search for information concerning
                 connected accounts or relationships should not delay the making of a report to the JFCU.

6.3.3          Reporting to the JFCU

               REGULATORY REQUIREMENTS
       20.     A relevant person must require that the MLRO makes external suspicious activity reports
               containing all relevant information directly to the JFCU as soon as is reasonably practicable, in
               a format approved by the JFCU (Appendix A). Relevant information includes:
               • Full details of the customer and as full a statement as possible of the information giving rise
                 to knowledge, suspicion or reasonable grounds for knowledge or suspicion.
               • If a particular type of criminal conduct is suspected, a statement of this conduct.
               • Where a relevant person has additional relevant evidence that could be made available, the
                 nature of this evidence.
               • Statistical information to assist the JFCU in its analysis of reports.

6.4            TIPPING OFF

               STATUTORY REQUIREMENTS
       21.     Article 35 of the Proceeds of Crime Law and Articles 41 and 44 of the Drug Trafficking
               Offences Law make it an offence for any person to disclose to a third party any information
               likely to prejudice an investigation where that person knows or suspects that a suspicious
               activity report has been made, or that an investigation is under way or proposed. Under
               Article 35 of the Terrorism Law, the offence is committed where the person discloses
               information likely to prejudice an investigation when he has reasonable grounds to know or
               suspect that either a suspicious activity report has been made or will be made, or that an
               investigation is proposed or under way.


               GUIDANCE NOTES
       22.     In order to prevent committing a tipping off offence, at the time of acknowledging receipt of an
               internal suspicious activity report, the MLRO (or deputy MLRO) may provide a reminder to the
               member of staff submitting the report of the risk of communicating information that might
               prejudice law enforcement enquiries.

6.4.1          The customer due diligence process

               OVERVIEW
       23.     Article 13(1) the Money Laundering Order requires identification information to be obtained and
               verified before the establishment of a business relationship or before carrying out a one-off
               transaction except in some limited circumstances. Article 13(1)(c) of the Money Laundering
               Order further requires that identification measures be applied, where a relevant person
               suspects money laundering or has doubts about the veracity or adequacy of documents, data
               or information previously obtained under customer due diligence measures.


78                                                                                                    Effective from: 4 February 2008
                                                                                Handbook for regulated financial services businesses

                                  Part 1: Section 6 - Reporting Money Laundering and Financing of Terrorism Activity and Transactions



       24.     Where a relevant person suspects money laundering, the performance of identification
               measures could unintentionally lead to the customer being tipped off, where the process is
               managed without due care.
       25.     Where there is a particular risk that the performance of identification measures could lead to
               the customer being tipped off, then under Article 14(6) of the Money Laundering order it is not
               necessary to undertake such measures, where a suspicious activity report has been made to
               the JFCU and the relevant person is acting with the consent of that officer.
               GUIDANCE NOTES
       26.     In circumstances where a suspicious activity report has been filed with the JFCU, and where
               there is a requirement to conduct identification measures, the risk of tipping off a customer (and
               its advisers) may be minimised by:
               • Ensuring that employees undertaking identification measures are aware of tipping off
                 provisions and are provided with adequate support, such as specific training or assistance
                 from the MLRO.
               • Obtaining advice from the JFCU where a relevant person is concerned that undertaking
                 identification measures will lead to the customer being tipped off.

6.4.2          JFCU consent

               OVERVIEW
       27.     While waiting for the JFCU to provide consent to proceed with an activity or transaction (where
               it is necessary for consent to be provided), or in the event that the JFCU notifies a relevant
               person that consent will not be given, where a relevant person fails to act on a customer
               instruction it should be aware of the risk of committing a tipping off offence.
       28.     Refusal to act upon a customer’s instruction (for example, as a result of the JFCU refusing to
               give consent for a transaction to proceed) may also lead to civil proceedings being instituted by
               the customer.
               GUIDANCE NOTES
       29.     The risk of tipping off a customer (or its advisers) whilst waiting for JFCU consent to proceed
               (or where consent has been refused by the JFCU) may be minimised by promptly notifying the
               JFCU of a customer’s instruction and seeking its advice, or by seeking legal advice on the
               information that the relevant person is able to disclose.
       30.     It may be necessary in circumstances where a customer has instigated civil proceedings for the
               relevant person to seek the directions of the court.

6.4.3          Terminating a relationship

               OVERVIEW
       31.     Unless required to do so by the JFCU, a relevant person is not obliged to continue
               relationships with customers if such action would place them at commercial risk.
               GUIDANCE NOTES
       32.     If a relevant person, having filed a suspicious activity report, wishes to terminate a relationship
               and is concerned that, in doing so, it may prejudice an investigation, it should seek advice from
               the JFCU. This is to avoid the danger of tipping off. The decision to terminate a relationship,
               however, remains with the relevant person.




Effective from: 4 February 2008
                                                                                                                                  79
Handbook for regulated financial services businesses

Part 1: Section 7 – Vetting, awareness and training of employees




7              VETTING,  AWARENESS                                   AND            TRAINING                   OF
               EMPLOYEES

7.1            OVERVIEW OF SECTION

       1.      One of the most important controls over the prevention and detection of money laundering and
               the financing of terrorism is to have appropriately vetted staff who are: (i) alert to money
               laundering and financing terrorism risks; and (ii) well trained in the identification of unusual or
               higher risk activities or transactions, which may indicate money laundering or financing
               terrorism activity (Section 5).
       2.      The effective application of even the best designed systems and controls can be quickly
               compromised if staff lacks competence or probity, are unaware of or fail to apply systems and
               controls, and are not adequately trained.
       3.      It is essential that a relevant person has a clear and well articulated policy for ensuring that
               appropriate staff are:
               • competent and have probity;
               • aware of their obligations under the Proceeds of Crime Law, Drug Trafficking Offences Law,
                 Terrorism Law, United Nations Measures and the Money Laundering Order (and by
                 extension, also the Handbook); and
               • trained in the identification of unusual or higher risk activities or transactions, which may
                 indicate money laundering or financing terrorism activity (Section 5), and in the business’
                 customer due diligence reporting and record keeping procedures.
       4.      In particular, customer facing employees and those who handle or are responsible for the
               handling of customers and transactions will provide the business with its strongest defence, or
               its weakest link.
       5.      A relevant person should also encourage its staff to “think risk” as they carry out their duties
               within the legal and regulatory framework governing money laundering and the financing of
               terrorism.

7.2            OBLIGATION TO PROMOTE AWARENESS AND TO TRAIN

               OVERVIEW
       6.      The Money Laundering Order’s requirements concerning both training and awareness apply to
               employees whose duties relate to the provision of financial services (hereafter referred to as
               “relevant employees”), and not to all employees of a relevant person. However, primary
               money laundering and financing of terrorism offences are wider in scope, and all employees
               will need to have a basic understanding of money laundering and the financing of terrorism and
               an awareness of internal reporting procedures (including the identity of the MLRO).


               STATUTORY REQUIREMENTS
       7.      Article 37 of the Proceeds of Crime Law enables the Treasury and Resources Minister to
               prescribe training procedures to be followed by a financial services business.
       8.      The policies and procedures have been laid down in Article 11(9) and (10) of the Money
               Laundering Order.
       9.      Article 11(9) and (10) requires that a relevant person must, in relation to employees whose
               duties relate to the provision of financial services:
               • take appropriate measures from time to time for the purposes of making them aware of:



80                                                                                     Effective from: 4 February 2008
                                                                                  Handbook for regulated financial services businesses

                                                                      Part 1: Section 7 – Vetting, awareness and training of employees



                    a.    the customer due diligence record keeping and internal reporting procedures, and such
                          other procedures of internal control and communication as may be appropriate for the
                          purposes of preventing and detecting money laundering and the financing of terrorism;
                          and
                    b.    the enactments in Jersey relating to money laundering and the financing of terrorism;
                • provide those employees from time to time with training in the recognition and handling of
                  transactions carried out by or on behalf of any person who is or appears to be engaged in
                  money laundering or the financing of terrorism; and
                • establish and maintain procedures that monitor and test the effectiveness of the relevant
                  person’s systems, employees’ awareness and the training provided to employees.
                • regulatory requirements.


                REGULATORY REQUIREMENTS
       10.      The term employee must not be limited to individuals working under a contract of employment,
                but must also include temporary and contract staff, and the staff of any third parties fulfilling a
                function in relation to a relevant person under an outsourcing agreement.
                GUIDANCE NOTES
       11.      When determining whether an employee is a relevant employee, a relevant person may take
                into account the following:
                • whether the employee is undertaking any customer facing functions, or handles or is
                  responsible for the handling of business relationships or transactions;
                • whether the employee is directly supporting a colleague who carries out the above activity;
                  and
                • whether an employee’s role has changed to involve the above activities.
       12.      Relevant customer facing employees will include, for example, relationship managers, trust and
                company administrators, and stock-brokers. Non-customer facing relevant employees will
                include, for example, the MLRO, the MLCO and individuals processing and book-keeping
                customer transactions. Relevant employees will also include the Board and senior managers.

7.3             VETTING OF RELEVANT EMPLOYEES

                REGULATORY REQUIREMENTS
       13.      A relevant person must vet and monitor the competence and probity of relevant employees.
                GUIDANCE NOTES
       14.      A relevant person may demonstrate that vetting procedures are appropriate where (at the time
                of recruitment or subsequent change in role) it carries out one or more of the following
                activities, as appropriate for the nature of the employee’s role and responsibilities:
                • Obtains and confirms references.
                • Obtains and confirms employment history and qualifications disclosed.
                • Obtains details of any regulatory action taken against the individual (or absence of such
                  action).
                • Obtains and confirms details of any criminal convictions 12 (or absence of such convictions).

       12
             Enquiries into an individual’s criminal record must be subject to the Rehabilitation of Offenders (Jersey) Law 2001, which
             prevents a relevant person requesting information from its directors, senior managers and other employees (and
             prospective directors, senior managers and other employees) about convictions that are "spent", except where provided for
             by the Rehabilitation of Offenders (Exceptions) (Jersey) Law 2002 (“the Regulations”).




Effective from: 4 February 2008                                                                                                     81
Handbook for regulated financial services businesses

Part 1: Section 7 – Vetting, awareness and training of employees




7.4            AWARENESS OF EMPLOYEES

               REGULATORY REQUIREMENTS
       15.     A relevant person must have appropriate measures in place to make relevant employees
               aware of:
               • The relevant person’s systems and controls (including policies and procedures) designed to
                 prevent and detect money laundering and the financing of terrorism.
               • The statutory obligations under which the business operates and under which employees
                 may be held personally liable.
               • The implications of failing to report information in accordance with procedures, and that as
                 well as criminal or regulatory sanctions, disciplinary proceedings can also arise.

7.4.1          All relevant employees (customer facing and non-customer facing)

               GUIDANCE NOTES
       16.     A relevant person may demonstrate that it has appropriate measures in place where it:
               • Provides relevant employees with a copy of the relevant person’s procedures manual for
                 anti-money laundering and countering the financing of terrorism.
               • Provides relevant employees with a document outlining the relevant person’s and their own
                 obligations and potential criminal liability under the Proceeds of Crime Law, Drug Trafficking
                 Offences Law, Terrorism Law, United Nations Measures and the Money Laundering Order
                 (and by extension, also the Handbook).
               • Requires employees to acknowledge that they have received and understood the business’
                 procedures manual and document outlining statutory obligations.
               • Periodically tests employees’ awareness of policies and procedures and statutory
                 obligations.
       17.     It is not sufficient to provide employees with a copy of the Handbook, as the Handbook is
               designed to provide a base from which a relevant person can design and implement systems
               and tailor its own policies and procedures appropriate to its business.

7.4.2          Non-relevant employees

       18.     A relevant person may demonstrate that it has appropriate measures in place where it:
               • Informs staff of the identity of the MLRO and the procedures to make internal suspicious
                 activity reports.
               • Provides staff with a document outlining the relevant person’s and their own obligations and
                 potential criminal liability under the Proceeds of Crime Law, Drug Trafficking Offences Law,
                 Terrorism Law, United Nations Measures and the Money Laundering Order (and by
                 extension, also the Handbook).
               • Requires employees to acknowledge that they have received and understood the business’
                 procedures for making internal suspicious activity reports and document outlining statutory
                 obligations.

7.4.3          Ongoing awareness (all employees)

               OVERVIEW
       19.     With the passage of time between training initiatives, the level of employee awareness of the
               risk of money laundering and financing of terrorism decreases. The utilisation of techniques to
               maintain a high level of awareness can greatly enhance the effectiveness of a relevant
               person’s defences against money laundering and the financing of terrorism.



82                                                                                   Effective from: 4 February 2008
                                                                       Handbook for regulated financial services businesses

                                                            Part 1: Section 7 – Vetting, awareness and training of employees



               GUIDANCE NOTES
       20.     A relevant person may demonstrate that it has appropriate measures to maintain awareness
               where it:
               • keeps employees aware of anti-money laundering and financing of terrorism developments
                 (such as updates issued by the Commission or JFCU, or developments in international
                 standards) as they occur;
               • provides employees with case studies illustrating how products or services provided by the
                 business may be abused;
               • advises employees of current news stories involving money laundering and financing
                 terrorism activity; and
               • sends e-mail reminders of employee obligations and the need to remain vigilant.

7.5            TRAINING OF EMPLOYEES

               OVERVIEW
       21.     The guiding principle of all training should be to encourage employees, irrespective of their
               level of seniority, to understand and accept their responsibility to contribute to the protection of
               the business against the threat of money laundering and the financing of terrorism.
       22.     There is a tendency, in particular on the part of more junior employees, non-customer facing
               staff, and support staff to mistakenly believe that the role that they play is less pivotal than, or
               secondary to, that of more senior colleagues or customer facing colleagues. Such an attitude
               can lead to failures to report important information because of mistaken assumptions that the
               information will have already been identified and dealt with by other colleagues.
               REGULATORY REQUIREMENTS
       23.     A relevant person must provide employees with adequate training at appropriate frequencies
               so that employees are kept informed of new developments and risk factors connected with
               money laundering and the financing of terrorism. Such training must:
               • be tailored to the business and relevant to the employees to whom it is delivered;
               • highlight to employees the importance of the contribution that they can individually make to
                 the prevention and detection of money laundering and the financing of terrorism; and
               • cover key aspects of legislation to prevent and detect money laundering and the financing of
                 terrorism.

7.6            ADEQUACY OF TRAINING


7.6.1          All relevant employees (customer facing and non-customer facing)

               GUIDANCE NOTES
       24.     A relevant person may demonstrate the provision of adequate training to relevant staff where it
               addresses:
               • The Proceeds of Crime Law, Drug Trafficking Offences Law, Terrorism Law, United Nations
                 Measures and the Money Laundering Order.
               • Vulnerabilities of services and products offered by the relevant person, and subsequent
                 money laundering and financing terrorism risk.
               • Policies and procedures, and employees’ responsibilities.
               • Application of risk based CDD policies and procedures.




Effective from: 4 February 2008                                                                                          83
Handbook for regulated financial services businesses

Part 1: Section 7 – Vetting, awareness and training of employees


               • Recognition of and dealing with unusual or higher risk activity and transactions, such as
                 activity outside of expected patterns, unusual settlements, abnormal payment or delivery
                 instructions and changes in the patterns of business relationships.
               • Money laundering and financing of terrorism developments, including techniques, methods,
                 trends and typologies.
               • Management of business relationships or transactions which have been the subject of a
                 suspicious activity report, e.g. risk of committing the offence of tipping off, and dealing with
                 questions from such customers, and/or their advisers.

7.6.2          The Board

               GUIDANCE NOTES
       25.     A relevant person may demonstrate the provision of adequate training where (in addition to
               training for relevant employees) it addresses the evaluation of the effectiveness of systems and
               controls (and policies and procedures) in place to prevent and detected money laundering and
               the financing of terrorism.

7.6.3          The MLCO

               GUIDANCE NOTES
       26.     A relevant person may demonstrate the provision of adequate training where (in addition to
               training for relevant employees) it addresses:
               • the design and implementation of systems and controls to counter money laundering and
                 the financing of terrorism; and
               • the design and implementation of compliance testing and monitoring programmes.

7.6.4          The MLRO and deputy MLROs

               GUIDANCE NOTES
       27.     A relevant person may demonstrate the provision of adequate training where (in addition to
               training for relevant employees) it addresses:
               • the handling and validation of internal disclosures;
               • liaising with the JFCU and law enforcement;
               • management of the risk of tipping off; and
               • the handling of production and restraint orders.

7.6.5          Non-relevant employees

               GUIDANCE NOTES
       28.     A relevant person may demonstrate the provision of adequate training where the training
               promotes an awareness of the threat of money laundering and the financing of terrorism and
               the reporting procedures that should be followed in the event that unexplained unusual, or
               higher risk activity or transactions are spotted.

7.7            TIMING AND FREQUENCY OF TRAINING

               GUIDANCE NOTES
       29.     A relevant person may demonstrate the provision of training at appropriate frequencies by:
               • Providing all employees with induction training within 10 working days of the
                 commencement of employment and, when necessary, where there is a subsequent change
                 in an employee’s role.



84                                                                                    Effective from: 4 February 2008
                                                                    Handbook for regulated financial services businesses

                                                         Part 1: Section 7 – Vetting, awareness and training of employees



               • Delivering training to all employees at least once every two years, and otherwise
                 determining the frequency of training for relevant employees on the basis of risk, with more
                 frequent training where appropriate.

7.8           MONITORING THE EFFECTIVENESS OF PROMOTION AND AWARENESS AND OF
              TRAINING

               GUIDANCE NOTES
       30.     A relevant person may demonstrate that it has assessed the effectiveness of training provided
               by:
               • Testing employees’ understanding of the business’ policies and procedures to combat
                 money laundering and the financing of terrorism, and also their ability to recognise money
                 laundering and financing terrorism activity.
               • Monitoring the compliance of employees with systems and controls (including policies and
                 procedures) to prevent and detect money laundering and the financing of terrorism, and
                 taking any action that may be necessary.
               • Monitoring internal reporting patterns and taking any action that may be necessary.
               • The routine supervision of employees.




Effective from: 4 February 2008                                                                                       85
Handbook for regulated financial services businesses

Part 1: Section 8 – Record keeping




8             RECORD KEEPING

8.1            OVERVIEW OF SECTION

       1.      The record keeping obligations of the Money Laundering Order and additional regulatory
               requirements are essential to facilitate effective investigation, prosecution and confiscation of
               criminal property. If law enforcement agencies, either in Jersey or elsewhere, are unable to
               trace criminal property due to inadequate record keeping, then prosecution for money
               laundering and confiscation of criminal property may not be possible. Likewise, if the funds
               used to finance terrorist activity cannot be traced back through the financial system, then the
               sources and the destination of terrorist funding will not be identified.
       2.      Records may be kept:
               • by way of original documents;
               • by way of photocopies of original documents (certified where appropriate);
               • in scanned form; or
               • in computerised or electronic form.

8.2           RECORDING EVIDENCE OF IDENTITY AND OTHER CUSTOMER DUE DILIGENCE
              MEASURES

               STATUTORY REQUIREMENTS
       3.      Article 37 of the Proceeds of Crime Law enables the Treasury and Resources Minister to
               prescribe record keeping procedures to be followed by a relevant person.
       4.      Article 19(2)(a) of the Money Laundering Order requires a relevant person to make and retain
               the following records:
               • copies of evidence of identity or information that enables a copy of such evidence to be
                 obtained; and
               • all the supporting documents, data and information in respect of a business relationship or
                 one-off transaction which is the subject of CDD measures.
       5.      Article 19(4) requires a relevant person to keep records in such a manner that they can be
               made available on a timely basis to the Commission, police or customs officer for the purpose
               of complying with a requirement under any enactment, e.g. a production order under Article 40
               of the Proceeds of Crime Law.
       6.      Article 20 requires a relevant person to retain records in relation to evidence of identity for at
               least five years from the end of the relationship with the customer (or the completion of the
               one-off transaction).
       7.      Article 20(5) provides for the Commission to require a relevant person to retain CDD
               information for a period that is more than five years.


               REGULATORY REQUIREMENTS
       8.      A relevant person must make and retain orderly records of CDD information for at least five
               years from the end of the relationship with the customer (or the completion of the transaction,
               for one-off transactions). This must include information and evidence of identity obtained in
               line with the requirements of Sections 3 and 4 and any customer files and business
               correspondence relating to the relationship.
       9.      A relevant person must record and store CDD information in a way that facilitates periodic
               updating of the information.



86                                                                                    Effective from: 4 February 2008
                                                                      Handbook for regulated financial services businesses

                                                                                       Part 1: Section 8 – Record Keeping




               GUIDANCE NOTES
       10.     A relevant person may demonstrate adequate recording and storage of CDD information by
               ensuring that updated information relating to a customer that is obtained through meetings,
               discussions, or other methods of communication with the customer is recorded and retained.

8.3            RECORDING TRANSACTIONS

               STATUTORY REQUIREMENTS
       11.     Article 37 of the Proceeds of Crime Law enables the Treasury and Resources Minister to
               prescribe record keeping procedures to be followed by a relevant person.
       12.     Article 19(2)(b) of the Money Laundering Order requires a relevant person to make and retain a
               record containing details of every transaction carried out with or for the customer in the course
               of financial services business. In every case, sufficient information must be recorded to enable
               the reconstruction of individual transactions.
       13.     Article 19(4) requires a relevant person to keep records in such a manner that they can be
               made available on a timely basis to the Commission, police or customs officer for the purpose
               of complying with a requirement under any enactment, e.g. a production order under Article 40
               of the Proceeds of Crime Law.
       14.     Article 20(3) requires a relevant person to retain records relating to transactions for at least five
               years from the date when all activities relating to the transaction are completed.
       15.     Article 20(5) provides for the Commission to require a relevant person to retain records of
               transactions for a period that is more than five years.

               REGULATORY REQUIREMENTS
       16.     Records must contain the following details of each transaction carried out with or for a
               customer in the course of financial services business:
               • the name and address of the customer;
               • if a monetary transaction, the kind of currency and the amount;
               • if the transaction involves a customer’s account, the number, name or other identifier for the
                 account;
               • the date of the transaction;
               • details of the counterparty, including account details;
               • the nature of the transaction; and
               • details of the transaction.
       17.     The records prepared and retained by a relevant person in relation to customer transactions
               must be orderly and such that the audit trail for incoming and outgoing funds or asset
               movement is clear and complete.
       18.     When original documents (such as transaction related vouchers used to input data onto
               computer systems) that would ordinarily have been destroyed are requested for investigation
               purposes, a relevant person must ascertain whether the documents have in fact been
               destroyed.
               GUIDANCE NOTES
       19.     Adequate recording of details of transactions may be demonstrated by including (where
               appropriate):
               • valuation(s) and price(s);
               • the form (e.g. cash, cheque, electronic transfer) in which funds are transferred;




Effective from: 4 February 2008                                                                                        87
Handbook for regulated financial services businesses

Part 1: Section 8 – Record keeping


               • memoranda of instruction(s) and authority(ies);
               • memoranda of purchase and sale;
               • custody of title documentation; and
               • other records in support of transaction records where these are necessary to enable a clear
                 and complete audit trail of fund or asset movements to be established.
       20.     Adequate recording of details of transactions may be demonstrated by recording all
               transactions undertaken on behalf of a customer within that customer’s records, enabling a
               complete transaction history for each customer to be easily constructed. For example, a
               customer’s records should include all requests for wire transfer transactions where settlement
               is provided other than from funds drawn from a customer’s account with the relevant person.
       21.     When original vouchers or documents are used for account entry, for example, and are not
               returned to the customer or his agent, it is of assistance to the law enforcement agencies if
               these original documents are kept for at least one year to assist forensic analysis.

8.4            OTHER RECORD KEEPING REQUIREMENTS

8.4.1          Compliance monitoring and procedures

               REGULATORY REQUIREMENTS
       22.     A relevant person must keep for at least five years adequate and orderly records to enable the
               Commission, internal and external auditors and other competent authorities to assess the
               effectiveness of systems and controls that are maintained by a financial services business to
               prevent and detect money laundering and the financing of terrorism.
       23.     A relevant person must keep adequate and orderly records documenting its policies and
               procedures to prevent and detect money laundering and the financing of terrorism for at least
               five years from the date those policies and procedures are superseded.
               GUIDANCE NOTES
       24.     A relevant person may demonstrate that it has retained adequate records to permit an
               assessment of effectiveness of systems and controls where it keeps:
               • its business risk assessment;
               • compliance reports to the Board; and
               • the working papers of the MLCO to the extent that these provide details of the testing
                 programmes conducted.
       25.     This does not necessitate the retention of all compliance testing working papers.

8.4.2          Suspicious activity reports

               REGULATORY REQUIREMENTS
       26.     A relevant person must keep, for a period of five years from the date that a business
               relationship ends, or, if in relation to a one-off transaction, for five years from the date that a
               transaction was completed, orderly records containing:
               • internal suspicious activity reports and supporting documentation;
               • the decision of the MLRO (or deputy MLRO) concerning whether to make an external
                 suspicious activity report and the basis of that decision; and
               • any external suspicious activity reports,
               in relation to that business relationship or one-off transaction.




88                                                                                     Effective from: 4 February 2008
                                                                      Handbook for regulated financial services businesses

                                                                                       Part 1: Section 8 – Record Keeping



8.4.3          Records relating to higher risk activity and transactions

               REGULATORY REQUIREMENTS
       27.     A relevant person must keep adequate and orderly records containing the findings of reviews
               of:
               • complex transactions;
               • unusual large transactions; and
               • unusual patterns of transactions, which have no apparent economic or visible lawful
                 purpose,
               for a period of five years from the date the business relationship ends, or, if in relation to a one-
               off transaction, for five years from the date that the transaction was completed.
       28.     A relevant person must keep adequate and orderly records containing the findings of reviews
               of activity and transactions: (i) connected with jurisdictions which do not, or insufficiently, apply
               the FATF Recommendations; or (ii) which are the subject of UN or EU countermeasures - for a
               period of five years from the date the business relationship ends, or, if in relation to a one-off
               transaction, for five years from the date that the transaction was completed.

8.4.4          Training and awareness

               REGULATORY REQUIREMENTS
       29.     A relevant person must keep adequate and orderly records for five years detailing the dates on
               which training on the prevention and detection of money laundering and the financing of
               terrorism was provided, the nature of the training and the names of employees who received
               the training.

8.5            ACCESS TO AND RETRIEVAL OF RECORDS

               REGULATORY REQUIREMENTS
       30.     A relevant person must record CDD information (including transaction information) in a way
               that facilitates ongoing monitoring of each relationship - in order to meet obligations that are set
               out in Section 5.
       31.     For all other purposes, the records retained by a relevant person must be readily accessible by
               the person. Unless otherwise specified, records relating to evidence of identity, other CDD
               measures, and transactions must be accessible within 5 working days (whether held in Jersey
               or outside Jersey), or such longer period as agreed with the Commission. Other records must
               be accessible within 10 working days (whether held in Jersey or outside Jersey), or such longer
               period as agreed with the Commission.
       32.     A relevant person must periodically review the accessibility of, and condition of, paper and
               electronically retrievable records and consider the adequacy of the safekeeping of records.
       33.     A relevant person must periodically test procedures relating to retrieval of records.
       34.     A relevant person that undergoes mergers, take-overs, or internal reorganisations, must ensure
               that records remain readily retrievable for the required period when rationalising computer
               systems and storage arrangements.
       35.     Records must be maintained in a format that can be made readily available. Where records
               are kept other than in legible form, they must be maintained so as to be readable at a computer
               terminal in Jersey - so that they may be produced in legible form.




Effective from: 4 February 2008                                                                                        89
Handbook for regulated financial services businesses

Part 1: Section 8 – Record keeping



8.5.1          External record-keeping

               OVERVIEW
       36.     Where documentation is held overseas or by third parties, such as under outsourcing
               arrangements, or where reliance is placed on introducers or intermediaries, this will present
               additional factors for a relevant person to consider.
       37.     Where record keeping is outsourced, a relevant person remains responsible for compliance
               with all requirements.
       38.     Where an introducer ceases to trade or have a relationship with a customer that it has
               introduced to a relevant person, particular care needs to be taken to retain, or hand over, the
               appropriate customer records. Section 4 sets out the steps to be taken for introduced
               business.
               REGULATORY REQUIREMENTS
       39.     A relevant person must not enter into outsourcing arrangements or place reliance on third
               parties to retain records where access to records is likely to be impeded by confidentiality or
               data protection restrictions.

8.5.2          Requirements on closure or transfer of business

               OVERVIEW
       40.     Where a relevant business terminates activities, or disposes of business or a block of
               customers to other service providers, record keeping requirements are unaffected by the
               termination or disposal.
               REGULATORY REQUIREMENTS
       41.     Record-keeping arrangements must be agreed with the Commission where a relevant person
               terminates activities, or disposes of business or a block of customers to another service
               provider.




90                                                                                  Effective from: 4 February 2008
                                                                       Handbook for regulated financial services businesses

                                                                                     Part 1: Section 9 – Existing Customers




9              EXISTING CUSTOMERS

9.1             OVERVIEW OF SECTION

       1.       FATF Recommendation 5 states that “financial institutions” should be required to apply that
                Recommendation (which deals with CDD measures) to existing customers on the basis of
                materiality and risk, and should conduct CDD measures on such existing relationships at
                appropriate times.
       2.       For the purposes of the Money Laundering Order, an existing customer means a relationship
                established before the Money Laundering Order came into force on 4 February 2008.
       3.       CDD measures are defined in Article 3 of the Money Laundering Order to mean: (i)
                identification measures; and (ii) ongoing monitoring.
       4.       Identification measures include identifying and verifying the identity of:
                • the customer;
                • where the customer is not an individual, the owners and controllers of the customer; and
                • any person on whose behalf the customer is acting.
                This information is referred to in Section 3 as identification information. Identification measures
                also include obtaining information on the business relationship. This information is referred to
                in Section 3 as relationship information.
       5.       Ongoing monitoring covers: (i) scrutiny of transactions; and (ii) ensuring that documents, data,
                or information obtained under identification measures are kept up to date.
       6.       This section deals with the application of identification measures to existing customers.
       7.       Ongoing monitoring applies to all customers, including existing customers. However,
                monitoring of existing customers will be based on information that is held by a relevant
                business, and the requirement to keep documents, data, or information up to date will be
                understood within the context of what is actually held. Where something is not held then it
                cannot be kept up to date.
       8.       In order to apply a risk based approach to existing customers, it is implicit that a relevant
                person will have conducted a risk assessment of its existing customer base - based on the
                information that it holds at the time that it conducts the review.
       9.       Irrespective of risk, identification measures must always be applied to existing customers:
                • where a relevant person suspects money laundering; or
                • where a relevant person has doubts about the veracity or adequacy of documents, data or
                  information that is held,
                except where a relevant person suspects money laundering and does not conduct identification
                measures with the consent of the JFCU.

9.2             APPLICATION OF IDENTIFICATION MEASURES TO EXISTING CUSTOMERS

                STATUTORY REQUIREMENTS
       10.      Article 13(2) of the Money Laundering Order says that, where a relevant person has a business
                relationship with a customer that commenced before the Money Laundering Order came into
                force, a relevant person must apply CDD measures that are in line with the Money Laundering
                Order to that relationship at appropriate times.
       11.      Article 13(3) of the Money Laundering Order says that “appropriate times” means for the
                application of identification measures:



Effective from: 1 April 2008                                                                                            91
Handbook for regulated financial services businesses

Part 1: Section 9 – Existing Customers


               • times that are appropriate having regard to the degree of risk of money laundering, taking
                 into account the type of customer, business relationship, product or transaction concerned;
                 and
               • any time when a relevant person suspects money laundering (unless agreed otherwise with
                 the JFCU).
       12.     Article 3(2) of the Money Laundering Order sets out what is meant by CDD measures. CDD
               measures include identification measures. Identification of a person means: finding out the
               identity of a person; and obtaining satisfactory evidence that is reasonably capable of verifying
               that the person to be identified is who the person is said to be and satisfies the person
               responsible for the identification that the evidence does establish that fact.
       13.     Article 3(6) provides that, in the case of a relationship with a person that is not an individual
               and/ or is acting (as an intermediary) on behalf of another person, procedures for obtaining
               evidence of identity must involve reasonable measures - having regard to all the circumstances
               of the case, including the degree of risk assessed.



               REGULATORY REQUIREMENTS
       14.     A relevant person must review its existing customer base in order to determine a risk
               assessment for each customer.
       15.     When considering the risk presented by an existing intermediary or introduced customer (as
               defined in Section 4.10), its review must consider the status of the review of existing customers
               by that intermediary or introducer.
               GUIDANCE NOTES (EXCEPT FOR INTRODUCED AND INTERMEDIARY RELATIONSHIPS)
       16.     In the case of an existing customer, an appropriate time to conduct identification measures will
               be at any time when a relevant person suspects money laundering or has doubts about the
               veracity or adequacy of documents, data or information previously obtained, and a relevant
               person may demonstrate that it has applied identification measures where it does so in
               accordance with Section 4.
       17.     In the case of a higher risk customer, an appropriate time to apply identification measures will
               also be as soon as is practicable after the risk has been assessed as “higher”, and a relevant
               person may demonstrate that it has applied identification measures where it does so in
               accordance with Section 4, taking into account any factors that are relevant to an existing
               relationship.
       18.     In the case of standard and lower risk customers, an appropriate time to apply identification
               measures (excluding obtaining evidence of identity) will also include:
               • when a transaction of significance takes place; and
               • when a relevant person’s customer documentation standards change substantially.
       19.     Whilst a relevant person may demonstrate that it has applied identification measures for
               standard and lower risk customers, where it does so in accordance with Section 4, it may also,
               in a circumstance covered in paragraph 18:
               • take account of other factors when collecting identification information (that are relevant to
                 an existing relationship); and
               • delay obtaining evidence of identity until such time (if any) that the relationship is assessed
                 as presenting a “higher risk” (the appropriate time).
       20.     This means that, in many cases, the identification information that is collected for an existing
               customer may be different to the identification information that is collected in line with Section 4
               and, in the case of a lower or standard risk customer, may not have been verified. It also
               means that it may not be necessary to collect additional identification information.
       21.     This guidance will be reviewed within one year of the Money Laundering Order coming into
               force.



92                                                                                          Effective from: 1 April 2008
                                                                      Handbook for regulated financial services businesses

                                                                                    Part 1: Section 9 – Existing Customers



                GUIDANCE NOTES FOR INTRODUCED RELATIONSHIPS
       22.      Separate provisions apply where an existing relationship has been introduced by a financial
                services business that is overseen for AML/CFT compliance in Jersey or which carries on
                equivalent business.
       23.      In the case of an existing customer that has been introduced (and reliance placed on the
                introducer to have applied an element of customer due diligence), an appropriate time to
                conduct identification measures will be at any time when a relevant person suspects money
                laundering or has doubts about the veracity or adequacy of documents, data or information
                previously obtained, and a relevant person may demonstrate that it has applied identification
                measures where it does so in accordance with Section 4.
       24.      In the case of a higher risk customer that has been introduced (and reliance placed on the
                introducer to have applied an element of customer due diligence), an appropriate time to apply
                identification measures will also be as soon as is practicable after the risk has been assessed
                as “higher”.
       25.      Whilst a relevant person may demonstrate that it has applied identification measures for a
                higher risk customer where it does so in accordance with Section 4, taking into account any
                factors that are relevant to an existing relationship, it may also delay obtaining satisfactory
                evidence of identity until such time as this has been collected by the introducer (the appropriate
                time) - so long as it receives confirmation from the introducer that identification measures are to
                be applied by the introducer within a reasonable period of time (and it periodically checks that
                this is the case). Where confirmation is received that such measures have been applied then
                this confirmation may be considered to present satisfactory evidence of identity, and there is no
                need to obtain an assurance from the introducer that is in line with Article 16(4) of the Money
                Laundering Order.
       26.      Otherwise, identification measures for lower and standard risk customers may be delayed until
                such time (if any) that the relationship is assessed as presenting a “higher risk” (the appropriate
                time).
       27.      This guidance will be reviewed within one year of the Money Laundering Order coming into
                force.
                GUIDANCE NOTES FOR INTERMEDIARY RELATIONSHIPS
       28.      Separate provisions apply where an existing relationship is with an intermediary that is a
                financial services business that is overseen for AML/CFT compliance in Jersey or which carries
                on equivalent business. .
       29.      In the case of an existing relationship with an intermediary, an appropriate time to conduct
                identification measures will be at any time when a relevant person suspects money laundering
                or has doubts about the veracity or adequacy of documents, data or information previously
                obtained, and a relevant person may demonstrate that it has applied identification measures
                where it does so in accordance with Section 4.
       30.      In the case of existing relationships with intermediaries, an appropriate time to apply
                identification measures will also be as soon as is practicable after the Money Laundering Order
                has come into force.
       31.      A relevant person may demonstrate that it has applied identification measures to an existing
                intermediary where it does so in accordance with Section 4, taking into account any factors that
                are relevant to an existing customer.
       32.      Notwithstanding this, in the case set out at paragraph 30, a relevant person may also find out
                the identity of a third party where it limits the collection of full identification information (in
                accordance with Section 4) to those third parties that it has assessed as presenting a higher
                risk. This means that it may collect just the name of a third party where it assesses a third
                party as presenting a lower or standard risk.
       33.      In the case of an intermediary that is a trustee, the third parties to be identified are the
                individuals that are concerned with the trust (in line with Section 4.4).




Effective from: 1 April 2008                                                                                           93
Handbook for regulated financial services businesses

Part 1: Section 9 – Existing Customers


       34.     In the case set out at paragraph 30, a relevant person may also delay obtaining satisfactory
               evidence of identity for a third party until such time as this has been collected by the
               intermediary (the appropriate time) - so long as the relevant person receives confirmation from
               the intermediary that identification measures are to be applied to all third parties within a
               reasonable period of time (and it periodically checks that this is the case). Where confirmation
               is received that such measures have been applied then this confirmation may be considered to
               present satisfactory evidence of identity, and there is no need to obtain an assurance from the
               intermediary that is in line with Article 16(4) of the Money Laundering Order.
       35.     This guidance will be reviewed within one year of the Money Laundering Order coming into
               force.




94                                                                                       Effective from: 1 April 2008
                                                             Handbook for regulated financial services businesses

                                                                                                        Glossary




GLOSSARY

 a business’ policies and procedures    the way in which a business’ systems and controls are
                                        implemented into the day-to-day operation of the business

 a business’ systems and controls       a relevant person’s general framework to combat money
                                        laundering and the financing of terrorism

 AML/CFT                                anti-money laundering / countering the financing of terrorism

 BB(J)L                                 Banking Business (Jersey) Law 1991

 CIF(J)L                                Collective Investment Funds (Jersey) Law 1988

 customer due diligence information     comprises both identification information and relationship
                                        information

 deputy MLRO                            a person designated by the relevant person to whom
                                        suspicious activity reports may be made

 designated police or customs officer   notices issued under Article 6(1) and 6(2) of the Money
                                        Laundering Order providing that police and customs officers
                                        that hold posts within the JFCU are designated officers

 designated relationship                a relationship established by an intermediary on behalf of a
                                        single customer, including a relationship involving sub-
                                        accounts for each underlying customer

 Drug Trafficking Offences Law          Drug Trafficking Offences (Jersey) Law 1988

 equivalent business                    being overseas business that:
                                         •    if carried on in Jersey would be financial services
                                              business;
                                         •    may only be carried on in the jurisdiction by a person
                                              registered or otherwise authorised under the law of that
                                              jurisdiction to carry on that business;
                                         •    is subject to requirements to prevent and detect money
                                              laundering consistent with those in the FATF
                                              Recommendations in respect of that business; and
                                         •    is supervised for compliance with those requirements by
                                              an overseas regulatory authority

 equivalent jurisdiction                a jurisdiction which the Commission considers to have in place
                                        requirements to prevent and detect money laundering and the
                                        financing of terrorism that are consistent with those in the
                                        FATF Recommendations

 FS(J)L                                 Financial Services (Jersey) Law 1998

 his                                    The term “his” when used in the Handbook with reference to
                                        any individual should be understood to mean either “his or
                                        her”




Effective from: 4 February 2008                                                                               95
Handbook for regulated financial services businesses

Glossary



 IB(J)L                                                Insurance Business (Jersey) Law 1996

 IMF                                                   International Monetary Fund

 Intermediary                                          a person - A - who has, or seeks to establish, a business
                                                       relationship or seeks to carry out a one-off transaction on
                                                       behalf of A’s customer with a relevant person, where A
                                                       becomes a customer of the relevant person

 Introducer                                            a person who has a business relationship with a customer and
                                                       who introduces that customer to a relevant person with the
                                                       intention that the customer will form a business relationship or
                                                       conduct a one-off transaction with the relevant person so that
                                                       the introducer’s customer also becomes a customer of the
                                                       relevant person

 licence                                               a generic term to cover:
                                                        •     a registration granted under the BB(J)L;
                                                        •     a permit granted pursuant to the CIF(J)L;
                                                        •     a certificate issued pursuant to the CIF(J)L;
                                                        •     a registration granted under the FS(J)L; and
                                                        •     a permit granted pursuant to the IB(J)L

 LLP                                                   limited liability partnership

 Money Laundering Order                                Money Laundering (Jersey) Order 2008

 PEP                                                   politically exposed person

 pooled relationship                                   a relationship established by an intermediary on behalf of
                                                       more than one customer

 Proceeds of Crime Law                                 Proceeds of Crime (Jersey) Law 1999

 regulated business                                    any business that falls to be licensed under any of the
                                                       regulatory laws

 regulated person                                      a person that carries on a regulated business

 regulatory laws                                       Collective name for the: BB(J)L; CIF(J)L; FS(J)L and IB(J)L

 relevant employees                                    employees whose duties relate to the provision of financial
                                                       services

 relevant person                                       a person carrying on financial services business in or from
                                                       within Jersey, and a Jersey body corporate or LLP carrying on
                                                       financial services business anywhere in the world

 sensitive activities                                  this refers to the activities that have been established, as a
                                                       matter of policy, by the Commission as sensitive activities, and
                                                       which are listed on the Commission website – sensitive
                                                       activities

 source of funds                                       activity which generates funds for a relationship




96                                                                                             Effective from: 4 February 2008
                                                       Handbook for regulated financial services businesses

                                                                                                  Glossary



 source of wealth                 activities which have generated the total net worth of a person

 Terrorism Law                    Terrorism (Jersey) Law 2002

 the OFAC                         the Office of Foreign Assets Control

 the Commission                   the Jersey Financial Services Commission

 the EEA                          the European Economic Area

 the EU                           the European Union

 the FATF                         the Financial Action Task Force on Money Laundering

 the Handbook                     Handbook for the Prevention and Detection of Money
                                  Laundering and the Financing of Terrorism for Regulated
                                  Financial Services Businesses

 the JFCU                         the Joint Financial Crimes Unit
                                  Officers of the JFCU are the designated police and customs
                                  officers for the purposes of the Money Laundering Order

 the MLCO                         the Money Laundering Compliance Officer

 the MLRO                         the Money Laundering Reporting Officer

 the UN                           the United Nations

 the United Nations Measures      Terrorism (United Nations Measures) (Channel Islands) Order
                                  2001, and
                                  Al-Qa’ida and Taliban (United Nations Measures) (Channel
                                  Islands) Order 2002




Effective from: 4 February 2008                                                                         97

								
To top