Financial Services Businesses Instruction (Number 01)

INSTRUCTION (NUMBER 1) FOR FINANCIAL SERVICES BUSINESSES 11 November 2009 CORPORATE GOVERNANCE AND INTERNAL CONTROLS This Instruction is made under section 49(7) of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999. This Instruction is being issued to reinforce the corporate governance and internal control requirements of the Criminal Justice (Proceeds of Crime) (Financial Services Business) (Bailiwick of Guernsey) Regulations, 2007 (“the Regulations”) and the rules in the Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (“the Handbook”), in light of enforcement action taken by the Commission and as a result of a review by the Commission of compliance issues as a whole arising from international AML/CFT assessments. Since the issue of the Regulations and the Handbook in December 2007, the Commission has taken enforcement action in numerous cases for poor AML/CFT standards. This has resulted in a number of financial services businesses deciding to close or relocate their business. By way of feedback, a common theme amongst the businesses subject to enforcement has been poor corporate governance with Boards paying insufficient attention to AML/CFT requirements. Board consideration of AML/CFT matters must be formal, minuted and comprehensive. It is not sufficient simply to note that no AML/CFT issues have arisen since the last Board meeting or that compliance with particular requirements has been reviewed. The Boards of financial services businesses have effective responsibility for compliance with the Regulations and the rules in the Handbook. Whether a financial services business carries out a function itself, or outsources the function to a third party (either in Guernsey or overseas, or within its group or externally), the financial services business remains responsible for compliance with the Regulations in Guernsey and the requirements of the Handbook. A financial services business cannot contract out of its statutory and regulatory responsibilities to prevent and detect money laundering and terrorist financing.

The Commission is increasingly focusing on corporate governance standards across all areas of its regulatory responsibility and proposes to issue new requirements next year. Action to be taken by Financial Services Businesses In light of the foregoing, the Commission requires the Board of each financial services business to: a. review compliance with regulation 15 of the Regulations and each of the rules in Chapter 2 of the Handbook; b. review compliance with regulations 3 and 13 and each of the rules in Chapters 3 and 11 of the Handbook to ensure that the undertaking of risk assessments of proposed business relationships or occasional transactions are carried out by appropriately trained staff; c. review compliance with regulations 4 and 11 of the Regulations and each of the rules in Chapters 4 and 9 of the Handbook; d. review compliance with regulation 7 and the rules in section 4.13 of the Handbook to ensure that the scope to commence business relationships prior to completion of CDD is only being used exceptionally; e. consider what steps in practice the business must undertake to meet the enhanced customer due diligence requirements of regulation 5 of the Regulations; f. with reference to paragraph 27 in Chapter 2 of the Handbook, ensure that, where a separate audit function is not maintained, documentary evidence is retained as to how the Board satisfies itself that its AML/CFT systems are effective and appropriate to the risk of the business being used for money laundering and terrorist financing; and g. by the close of business on 26 February 2010 have taken any necessary action to remedy any identified deficiencies. When undertaking the review Boards must note that, in accordance with paragraph 29 of the Handbook, the Board of a financial services business must ensure that the Commission is advised of any material failure to comply with the provisions of the Regulations and the rules in the Handbook and of any serious breaches of the policies, procedures or controls of the financial services business. The action taken by each financial services business under this Instruction will be reviewed during on-site inspections and by other means as necessary.