Feedback on Consultation Regarding Amendments to Schedule 3 on Independent Audit, Business Risk Assessments and VASPs

Feedback on the Commission’s consultation on amendments to Schedule 3 of the Proceeds of Crime Law regarding independent audit, business risk assessments, virtual asset service provider obligations and additional requirements on trustees and partners. 10 July 2023 Overview On 28 March 2023 and 9 June 2023, consultations were issued on proposals to amend certain provisions in Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 as amended (“Schedule 3 to the Law”) and associated rules and guidance in the Commission’s Handbook on Countering Financial Crime and Terrorist Financing (the “Handbook”) in relation to i) an independent audit function, ii) business risk assessments, iii) rules and guidance for virtual asset service providers and vi) rules and guidance on additional information disclosures for licensed trustees and partners. We had 16 responses in total. Feedback and comments were received from a wide range of industry sectors from firms directly, or via their representative bodies. The Commission is grateful to everyone who replied. Most responses were positive and supportive of the proposals. Respondents did raise queries and propose suggestions, so a summary of the most common issues raised, and the Commission’s response, is set out below. Independent Audit Function We consulted on proposals for firms to establish an independent audit function (where appropriate, having regard to the money laundering and terrorist financing risks, and the size and nature of the firm) to evaluate the effectiveness of the firm’s AMLCFT controls. It will be mandatory for every firm to consider, on the basis of risk and materiality of its business, whether it should have an independent audit function. Most feedback was on the independent audit function with requests for further clarity on who would be considered suitable to undertake an AMLCFT audit and on ensuring independence was preserved if a firm used its external auditor to also audit its AMLCFT controls. Some respondents expressed concern about resourcing such a function. We have sought to ensure that rules and guidance on an independent audit function do not unduly limit who can perform an audit of a firm’s AMLCFT controls. The final text of section 2.4 of the Handbook gives firms as much flexibility as possible to appoint a person internally to fulfil the audit function, providing they are independent from the design and application of the firm’s AMLCFT policies, procedures and controls, or make an external appointment. Where an external appointment is made, we have clarified that we would expect the firm to follow the principles for outsourcing arrangements in the Commission’s sector guidance notes on outsourcing in determining their suitability. We also acknowledge the concern expressed by some respondents that an external auditor’s independence could be compromised if they also undertook an AMLCFT audit. The proposal in the consultation had been amended in discussion with affected parties, whose assistance has been appreciated. One respondent questioned whether the Commission was making it mandatory for an independent audit to be undertaken every three years. The guidance reflects that audits could occur annually or less frequently without setting the frequency with which an audit should occur as this will be for the firm to determine.

2 | P a g e We were also asked if the factors firms would have to consider in determining whether to have an independent audit function would result in it being mandatory for certain sectors. The Commission does not believe this to be the case. The guidance recognises that within each sector there will be higher and lower risk firms and decisions over an independent audit function do not rest solely on the risk rating attributed to the sector in the National Risk Assessment (“NRA”) or the size of the firm. We have also set out that when assessing firm size, consideration should be given to the number of customers and the value of the assets under management. Business Risk Assessments We consulted on an additional requirement for firms to consider within their business risk assessments the risks and implications of the main criminal offences identified in the Bailiwick’s NRA as being the most likely predicate offences for the Bailiwick being used for money laundering and terrorist financing, together with additional guidance on relevant risks factors. We also consulted on a change to the rule regarding a firm’s compliance review policy. A few respondents questioned whether it was sufficiently clear in the draft legislation and rules what was required of firms in their assessment of the risks from the most likely predicate offences. The wording of the legislation has been amended to align it more closely with the terminology in the NRA. The guidance within the Handbook has been similarly changed. We were asked if the Commission could include a definition of “sensitive industries”. The term is used in guidance on corruption risk factors and a non-exhaustive list of example industries are given in the Handbook. We have not defined the term, but we have expanded the risk factor guidance to draw out that an industry is sensitive where there is dependence on government award of licences, permits etc. We were asked why the guidance on risk factors included information sources on country risks which were not used in Appendix I of the Handbook which lists jurisdictions identified by relevant external sources as presenting a higher risk. Extra information sources on country risk are cited in Chapter 3 to identify to firms where additional information about a country’s risk profile could be found. Some of these sources may concentrate on a specific jurisdiction or region which makes their use in the compilation of Appendix I difficult but nevertheless could be a useful source of information for firms considering the level of corruption risk a country presents. The guidance within Chapter 3 is provided to assist firms when making such risk-based decisions. Virtual Asset Service Providers (“VASPs”) We consulted on a new chapter to the Handbook for VASPs containing rules and guidance on the information which must accompany virtual assets transfers and guidance for VASPs on meeting their obligations generally under Schedule 3 and the Handbook. There were a few suggestions for minor clarifications of the draft legislation. These have been adopted. The small amount of feedback received on the proposed VASPs’ rules and guidance was positive and supportive of the new chapter on VASPs. Additional requirements on licensed trustees and partners We consulted on additional rules and guidance for trustees of relevant trusts and partners of relevant partnerships to hold information on the identity of other regulated agents and service providers to the trust or partnership, and the disclosure of their status as trustee or partner. The reasons for these additional obligations are to meet FATF Recommendations to ensure that beneficial ownership of these types of legal entity is available to the competent authorities.

3 | P a g e A few comments were received in relation to the definitions of regulated agent, the information which should be held and a request to disapply the requirements for the trustee or partner to hold accurate and up to date information on the identity of the regulated agent, if the regulated agent is located in a jurisdiction on the equivalent jurisdictions list in Appendix C of the Handbook. The legislation on these information requirements which the rules and guidance support, contains no means by which the legal obligations can be disapplied. This is because there is no leeway for a jurisdiction to take a risk-based approach in the relevant FATF Recommendation which forms the basis of the legislation, which the States of Guernsey Policy & Resources Committee consulted on earlier this year. We have however provided further guidance explaining that a trustee or partner is likely to hold sufficient information on the regulated agent or service provider’s identity through their correspondence with them and the agent or service provider’s reports. We have also revised the information which should be held on a regulated agent or service provider where they are an individual. When do the amendments take effect? We were asked if there would be a transitional period for firms to implement the amendments. There are no transitional provisions which set a deadline for firms to comply with the amendments to Schedule 3 and rules in the Handbook. The amendments take effect immediately. Licensees are expected to have considered the new obligation on risk at their next mandatory annual review of their business risk assessments, and to have met the requirements around the independent audit function when the Board next considers AML/CFT matters, which would reasonably be expected to occur before the end of 2023. The introduction of rules and guidance for VASPs coincides with the commencement of the supervision of this sector from this month with the rules taking effect immediately. The additional information disclosure requirements on trustees and partners take effect immediately but are likely to be already met in practice as the information will be held by trustees and partners via agreements and reports from regulated agents and service providers. Next steps The Commission has updated Chapters 2, 3, and 7 of the Handbook and is issuing a new chapter 18 following its consideration of all consultation responses. This feedback is being issued simultaneously with today’s publication of the updated Handbook.

CONSULTATION ON AMENDMENTS TO THE LEGAL PROVISIONS IN RELATION TO INTERNAL AUDIT, BUSINESS RISK ASSESSMENT AND VASPS 28 MARCH 2023

1. Introduction 1.1 This consultation paper seeks comments on: (a) proposed amendments to paragraphs 3 and 15 of Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 as amended (“Schedule 3”) (appendix 1) and associated rules and guidance in chapters 2 and 3 of the Guernsey Financial Services Commission’s Handbook on Countering Financial Crime and Terrorist Financing (“the Handbook”) (see the link below) in relation to an independent audit function and the requirement for all financial services businesses and prescribed businesses subject to Schedule 3 to consider the money laundering (“ML”) and terrorist financing (“TF”) risks to their business presented by the main predicate offences identified within the Bailiwick’s money laundering and terrorist financing national risk assessment (“NRA”) and the risk factors associated with them; and (b) a draft Ordinance amending the Proceeds of Crime Law (appendix 2), which provides for information requirements for virtual asset transfers, the introduction of a £1,000 threshold for virtual asset transactions over which customer due diligence will be required, and amendment of the definition of “funds” in Schedule 3 to clarify that references to “funds”, which presently covers all assets, specifically includes virtual assets. A similar clarification is proposed to be made to the definition of “property” in the Proceeds of Crime Law.
2. Independent audit function 2.1 The Financial Action Task Force (“FATF”) standards on combating ML and TF and financing of proliferation of weapons of mass destruction include a recommendation that firms should be required to implement programmes against ML and TF, which have regard to the ML and TF risks and the size of the business, and which include an independent audit function to test the firm’s AML/CFT controls. In light of this reference to independent audit, some enhancement is needed to Schedule 3 and the Handbook. 2.2 The proposed amendments to paragraphs 3 and 15(1)(ba) of Schedule 3 and associated amendments of chapter 2 of the Handbook would introduce a requirement for a firm to establish an independent audit function (where appropriate, having regard to the ML and TF risks, and the size and nature, of the specified business in question) for the purposes of evaluating the adequacy and effectiveness of the policies, procedures and controls adopted by the specified business.

2 2.3 The proposed amendments to chapter 2 of the Handbook provide guidance on the circumstances when a firm would be expected to establish an independent audit function, and set out what arrangements would constitute an independent audit function and what such an audit should cover. 2.4 It will not be mandatory for any one sector to have an independent audit function in order to maintain a risk-based approach. However, by way of enhancement of the existing approach, the proposed draft rules would make mandatory: i) for every financial services firm and prescribed business which has no audit function falling within the arrangements described, to consider annually whether to establish such a function and where it decides not to, clearly documenting what the reasons are for making that decision (rule 2.28 refers), ii) the factors which a firm must consider in determining whether to have an independent audit function (rule 2.24 refers), and iii) ensuring independence within any internal audit function which it establishes (rule 2.23 refers). 2.5 In developing this approach, the Commission has taken into account the large number of financial services and prescribed businesses which have an independent audit function falling within the arrangements described in the draft guidance and sectoral guidance papers on the risk-based approach issued by the FATF, as well as discussions with representatives of the fiduciary and investment sectors in developing the rules and guidance. 2.6 The changes proposed are pitched at meeting the FATF standards, to assist firms in properly applying a risk-based approach, and are compatible with the measures adopted in other jurisdictions such as the UK, Jersey and the Isle of Man. 3. Business risk assessment 3.1 The proposed amendment to paragraph 3(3) of Schedule 3 would introduce a requirement for a firm’s business risk assessment to include consideration of the implications and risks to its business of the predicate crimes specified in the NRA as presenting a high or higher risks of the Bailiwick being used for ML or TF. This is aimed at ensuring, and demonstrating, that Guernsey is expressly taking account of the risks in the NRA report published in 2020 and the forthcoming update to that report. 3.2 The Commission proposes to extend rule 3.36, which already requires firms to take account in their business risk assessments of the relevance to their business of the risks identified in the NRA, for firms to include consideration of all primary ML and TF risks identified in the NRA including specifically bribery, corruption and fraud (including tax evasion). The purpose of this is to highlight more forcefully that the main areas of risk must be considered in these assessments. There is proposed additional guidance in this chapter on the relevant risk factors firms should be considering.

3 3.3 The Commission is also proposing to introduce a new rule (rule 3.53) to make clear that a firm’s reviews of its business risk assessment must be recorded, as supervisory findings have indicated that some firms could not evidence this. 3.4 The Commission is taking the opportunity also to consult on proposed changes to the rules and guidance regarding a firm’s policy for reviewing compliance. These changes are to clarify that a firm’s policy for reviewing compliance should set out how it will monitor that it is in compliance with Schedule 3 and the Handbook. 4. Links 4.1 The proposed changes to Chapters 2 and 3 of the Handbook are available through these links to marked up texts. Chapter 2 Chapter 3 5. Virtual assets 5.1 This consultation paper includes draft legislation (appendix 2) on the information requirements for virtual assets transfers, the introduction of a £1,000 threshold for virtual asset transactions over which customer due diligence will be required, and the extension of the definition of “funds” to include virtual assets. These changes are to meet FATF Standards, which include requirements that virtual asset service providers hold and submit certain information on the originator and beneficiary on a virtual asset transfer, which is colloquially known as “the travel rule”. These requirements are similar to the existing requirements for wire transfers. The Commission, mindful of the importance of the alignment of global requirements for the virtual asset sector, is developing rules and guidance for consultation in quarter two, which will take into account the proposed information disclosure requirements being considered in the UK and EU. These rules and guidance will include specific information requirements on originators and beneficiaries of virtual asset transfers and the information requirements on virtual asset transfers of £1,000 or less as indicated in the draft legislation. It is considered important to consult now on the draft legislation so feedback can be taken into account in formulating the rules and guidance for a separate consultation by the Commission. 5.2 The draft Ordinance in appendix 2 will form part of the regulatory framework developed by the Bailiwick for virtual asset services providers who, from 1 July 2023, must be licensed under the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022 (“the LCF Law”) if they carry on or provide by way of business in or from within the Bailiwick virtual asset services or activities defined in the LCF Law.

4 5.3 Updates are also being made in the Ordinance to the definition of financial services business in Schedule 1 of the Proceeds of Crime Law to cover financial services businesses which will be licensed under the LCF Law, which replaces the Registration of Non-Regulated Financial Services Businesses (Bailiwick of Guernsey) Law, 2008 from 1 July this year and to update references to the revised Regulatory Laws. 6. Responses to this consultation Any responses to this consultation paper should be provided by email to policyandresources@gov.gg and either AMLCFT@gfsc.gg or via the Consultation Hub on the Commission’s website by the close of business on 25 April 2023.

APPENDIX 1 GUERNSEY STATUTORY INSTRUMENT 2023 No. The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Regulations, 2023 Made , 2023 Coming into operation , 2023 Laid before the States , 2023 THE POLICY & RESOURCES COMMITTEE, in exercise of the powers conferred on it by sections 49AA(4) and 54 of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999a and all other powers enabling it in that behalf, hereby makes the following Regulations:- Amendment of Schedule 3 to the Proceeds of Crime Law.

1. (1) Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 is amended as follows. (2) At the end of subparagraph (3)(c)(ii) of paragraph 3 (duty to carry out risk assessments), for "." substitute ",", and after subparagraph (3)(c)(ii) insert – "and the business risk assessments must include (without limitation) consideration of the implications for, and risks to, the business of the predicate

---

a Order in Council No. VIII of 1999; this enactment has been amended.

2 criminality specified in the NRA as presenting a high or higher risk for the Bailiwick of being used for money laundering or terrorist financing.". (3) After paragraph 15(1)(b), insert – "(ba) without prejudice to the generality of subparagraph (b), establish an independent audit function (where appropriate, having regard to the money laundering and terrorist financing risks, and the size and nature, of the specified business in question), for the purpose of evaluating the adequacy and effectiveness of the policies, procedures and controls adopted by the specified business to comply with the requirements of this Schedule, the relevant enactments and the Handbook,". (4) In paragraph 15(2), for "that country" substitute "country". Citation and commencement. 2. These Regulations may be cited as the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Regulations, 2023 and shall come into force on the * April, 2023. Dated this day of April, 2023 P.T.R. FERBRACHE President of the Policy & Resources Committee For and on behalf of the Committee

3 EXPLANATORY NOTE (This note is not part of the Regulations) These Regulations amend Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (which is concerned with specified businesses within the meaning of that Law) to make further provision about business risk assessments, and to introduce a requirement for such businesses to establish an independent audit function. They also amend a minor typographical error. These Regulations come into force on the * day of *, 2023.

APPENDIX 2 1 The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Ordinance, 2023 THE STATES, in pursuance of their Resolution of the 2nd February, 2021a, and in exercise of the powers conferred on them by section 53A of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999b and all other powers enabling them in that behalf, hereby order:- Amendment of Law.

1. The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 is further amended as follows.
2. In section 50(1) after "incorporeal property" insert "and also including, for the avoidance of doubt, virtual assets within the meaning of section 17(4) of the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022".
3. For Schedule 1 ("financial services businesses") substitute the following Schedule –

---

a Article VI of Billet d'État No. IV of 2021. b Ordres en Conseil Vol. XXXIX, p. 137; this enactment has been amended.

2 "SCHEDULE 1 Section 49 FINANCIAL SERVICES BUSINESSES

1. (1) The businesses specified in Part I of this Schedule are "financial services businesses" for the purposes of this Law. (2) However – (a) businesses specified in paragraphs 2 to 20 of Part I of this Schedule are only financial services businesses for the purposes of this Law when carried on by way of business for or on behalf of a customer, and (b) businesses are not financial services businesses for the purposes of this Law where they constitute incidental or other activities within the meaning of Part II of this Schedule. PART I BUSINESSES
2. Lending (including, without limitation, the provision of consumer credit or mortgage credit, factoring with or without recourse, financing of commercial transactions (including forfeiting) and advancing loans against cheques).
3. Financial leasing.
4. Operating a money service business (including, without limitation, a

3 business providing money or value transmission services, currency exchange (bureau de change) and cheque cashing). 5. Buying, selling or arranging the buying or selling of, or otherwise dealing in, bullion or buying or selling postage stamps, except where – (a) in the case of bullion, the business consists only of buying, selling or arranging the buying or selling of, or otherwise dealing in, bullion, where the value of each purchase, sale or deal does not exceed £10,000 in total, whether the transaction is executed in a single operation or in two or more operations which appear to be linked, (b) in the case of buying postage stamps, the business consists only of buying postage stamps where the value of each purchase does not exceed £10,000 in total, whether the transaction is executed in a single operation or in two or more operations which appear to be linked, and (c) in the case of selling postage stamps, the business consists only of selling postage stamps – (i) where the value of each sale does not exceed £10,000 in total, whether the transaction is executed in a single operation or in two or more operations which appear to be linked, or (ii) in the course of –

4 (A) a postal services business carried on under the authority of a licence granted under the Post Office (Bailiwick of Guernsey) Law, 2001, or (B) a business authorised to sell postage stamps by the holder of a licence under that Law. 6. Facilitating or transmitting money or value through an informal money or value transfer system or network. 7. Issuing, redeeming, managing or administering means of payment; and "means of payment" includes, without limitation, credit, charge and debit cards, cheques, travellers' cheques, money orders, bankers' drafts and electronic money. 8. Providing financial guarantees or commitments. 9. Trading (by way of spot, forward, swaps, futures, options, etc.) in – (a) money market instruments (including, without limitation, cheques, bills and certificates of deposit), (b) foreign exchange, exchange, interest rate or index instruments, and (c) commodity futures, transferable securities or other negotiable instruments or financial assets.

5 10. Participating in securities issues and the provision of financial services related to such issues, including, without limitation, underwriting or placement as agent (whether publicly or privately). 11. Providing settlement or clearing services for financial assets including, without limitation, securities, derivative products or other negotiable instruments. 12. Providing advice to undertakings on capital structure, industrial strategy or related questions, on mergers or the purchase of undertakings, except where the advice is provided in the course of carrying on the business of a lawyer or accountant. 13. Money broking. 14. Money changing. 15. Providing individual or collective portfolio management services or advice. 16. Providing safe custody services. 17. Providing services for the safekeeping or administration of cash or liquid securities on behalf of clients. 18. Carrying on the business of a credit union. 19. Accepting repayable funds other than deposits.

6 20. Otherwise investing, administering or managing funds or money on behalf of other persons. 21. The acceptance of deposits in the course of carrying on deposit-taking business within the meaning of the Banking Supervision (Bailiwick of Guernsey) Law, 2020. 22. The carrying on of controlled investment business within the meaning of the Protection of Investors (Bailiwick of Guernsey) Law, 2020. 23. The carrying on of long term business within the meaning of the Insurance Business (Bailiwick of Guernsey) Law, 2002. 24. The carrying on of business as an insurance intermediary in respect of long term business within the meaning of the Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law, 2002. 25. Acting as an insurance manager within the meaning of the Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law, 2002 under the authority of a licence under that Law. 26. The carrying on – (a) of regulated activities within the meaning of the Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2020 in circumstances where the activities are prohibited except under the authority of and in accordance with the conditions of a fiduciary licence under that Law,

7 (b) by way of business, of the activities described in section 3(1)(g) or (ab) of that Law. 27. (1) The carrying on of – (a) credit business (other than credit business comprising the provision of services ancillary to the provision of credit), (b) financial firm business, or (c) platform and intermediation business, within the meaning of the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022. (2) The provision or carrying on, by way of business, of any of the services or activities in relation to virtual assets specified in section 17(1) of the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022 (prohibition of business of unlicensed virtual asset service providers ("VASPS")). PART II INCIDENTAL AND OTHER ACTIVITIES 28. (1) Any business falling within paragraphs 2 to 20 of Part I of this Schedule carried out in the course of carrying on the profession of an actuary, where such business is incidental to the provision of actuarial advice or services.

8 (2) For the purposes of this paragraph business is incidental to the provision of actuarial advice or services if – (a) separate remuneration is not being given for the business as well as for such advice or services, (b) such advice or services are not themselves a business falling within paragraphs 2 to 20 of Part I of this Schedule, and (c) the business being carried out is incidental to the main purpose for which such advice or services are provided. 29. The carrying on of any business falling within Part I of this Schedule – (a) by way of the provision of in-house legal, accountancy or actuarial advice or services to any business falling within Part I of this Schedule, or (b) in the course of carrying on the profession (respectively) of a lawyer, accountant or actuary for any client carrying on such a business. 30. Activities constituting the restricted activities of dealing, advising and promotion for the purposes of Schedule 2 to the Protection of Investors (Bailiwick of Guernsey) Law, 2020 provided that – (a) such activities are carried on by a person who is not incorporated or registered in the Bailiwick,

9 (b) such activities are carried on by a person who does not maintain a physical presence in the Bailiwick, (c) such activities are carried on from a country or territory listed in Appendix C to the Handbook, (d) the conduct of such activities is subject to requirements to forestall, prevent and detect money laundering and terrorist financing that are consistent with those in the Financial Action Task Force Recommendations on Money Laundering in respect of such activities, and (e) the conduct of such activities is supervised for compliance with the requirements referred to in item (d) by a relevant supervisory authority within the meaning of section 59(1) of the Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2020. 31. Any business falling within paragraph 23, 24 or 25 of Part I of this Schedule which is – (a) carried on by a person who holds a licence under the Insurance Business (Bailiwick of Guernsey) Law, 2002 solely to carry on general business within the meaning of that Law, (b) carried on by a person who is not incorporated or

10 registered in the Bailiwick, (c) carried on by a person who does not maintain a physical presence in the Bailiwick, (d) not managed in or from within the Bailiwick, and (e) subject to authorisation and supervision by the United Kingdom Financial Conduct Authority. 32. Any business falling within paragraphs 2 to 20 of Part I of this Schedule provided that – (a) the total turnover of that business, plus that of any other business falling within Part I of this Schedule carried on by the same person, does not exceed £50,000 per annum, (b) no occasional transaction is carried out in the course of that business, that is to say, any transaction involving more than £10,000 where no business relationship has been proposed or established, including any such transaction carried out in a single operation or two or more operations that appear to be linked, (c) the turnover of that business does not exceed 5% of the total turnover of the person carrying on the business, (d) that business is ancillary, and directly related, to the main activity of the person carrying on the business,

11 (e) in the course of that business, money or value is not transmitted or such transmission is not facilitated by any means, (f) the main activity of the person carrying on that business is not that of a business falling within Part I of this Schedule, (g) that business is provided only to customers of the main activity of the person carrying on the business and is not offered to the public, and (h) that business is not carried on by a person who also carries on a business falling within paragraphs 21 to 27 of Part I of this Schedule.". 4. In Schedule 3 ("specified businesses") – (a) in paragraph 10(2)(b)(iii) for "an overseas regulatory authority" substitute "a relevant supervisory authority", (b) after paragraph 15 insert the following Part – "PART IIIA SPECIFIC PROVISIONS ABOUT VIRTUAL ASSETS Purpose of this Part. 15A. This Part of this Schedule makes provision in respect of the transfer of virtual assets.

12 Expressions used in this Part. 15B. In this Part of this Schedule – "appropriate authorities" means the Commission, His Majesty's Procureur, the salaried police force of the Island of Guernsey, the Guernsey Border Agency, the Economic Crime Division, the Economic and Financial Crime Bureau, the Financial Intelligence Service, the Director of the Revenue Service, the Policy and Resources Committee (when acting under any enactment in respect of international sanctions measures) or any other Bailiwick of Guernsey person, authority, body or agency specified for the purposes of this Part of this Schedule in the Handbook, "batch transfer" means a transfer comprised of a number of individual virtual asset transfers that are being sent to the same VASP, but may or may not be ultimately intended for different persons, "beneficiary" means the person or legal arrangement who is identified by the originator as the receiver of the requested transfer of the virtual asset, "beneficiary information" means information, or information of a class or description, specified for the purposes of this Part of this Schedule in requirements set out in the Handbook, "beneficiary VASP" means the VASP which receives the

13 transfer of the virtual asset from the originating VASP directly or through an intermediary VASP and makes the virtual asset available to the beneficiary, "intermediary VASP" means a VASP which it is not acting on behalf of the originator or beneficiary but receives or transmits a virtual asset on behalf of the originating VASP, the beneficiary VASP or another intermediary VASP, "originating VASP" means the VASP which initiates the transfer of the virtual asset and transfers the virtual asset upon receiving the order for a transfer of the virtual asset from or on behalf of the originator, "originator" means the customer who allows the transfer of the virtual asset from the customer's account or, where there is no account, the person who places the order with the originating VASP to perform the transfer, "originator information" means information, or information of a class or description, specified for the purposes of this Part of this Schedule in requirements set out in the Handbook, "transfer" of a virtual asset means a transaction carried out on behalf of an originator through an originating VASP by electronic means with a view to making a virtual asset available to a beneficiary at a beneficiary VASP, irrespective of whether the originator and the beneficiary are the same person,

14 "unique transaction identifier" means a combination of letters, numbers or symbols determined by the VASP which permits the traceability of the transaction from the originator to the beneficiary, "VASPs" and "virtual assets" have the meanings respectively given in section 90(1) of the Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022. Originator and beneficiary information – duties of VASPs. 15C. (1) An originating VASP must, in respect of any virtual asset transfer – (a) obtain and hold required and accurate originator information and required beneficiary information, (b) ensure that the information specified in (a) accompanies the transfer of the virtual asset to the beneficiary VASP immediately and securely, (c) make the information specified in (a) available on request to the Commission and other appropriate authorities as soon as is reasonably practicable,

15 (d) not execute any virtual asset transfer in respect of which (b) is not complied with, and (e) in the case of a transaction which would be an occasional transaction but for the sum involved being £1,000 or less, obtain and hold such information, or information of such class or description, as may be specified for the purposes of this Part of this Schedule in requirements set out in the Handbook. (2) A beneficiary VASP must, in respect of any virtual asset transfer – (a) obtain and hold required and accurate beneficiary information and required originator information, (b) make the information specified in (a) available on request to the Commission and other appropriate authorities as soon as is reasonably practicable,

16 (c) in the case of a transaction which would be an occasional transaction but for the sum involved being £1,000 or less, obtain and hold such information, or information of such class or description, as may be specified for the purposes of this Part of this Schedule in requirements set out in the Handbook. (3) An intermediary VASP must. in respect of any virtual asset transfer – (a) take reasonable measures which are consistent with straight-through processing to identify transfers received by it that are not accompanied by the originator and beneficiary information specified in (1)(a), (b) without prejudice to the obligations to make disclosure imposed on specified businesses by paragraph 4(5), report to the Commission repeated failures by an originating VASP, beneficiary VASP or intermediary VASP to comply with

17 the requirements of this Schedule as to the obtaining, holding, verification, retention, provision and use of information in respect of virtual asset transfers, (c) ensure that any beneficiary information and originator information accompanying the transfer is retained with it, (d) subject to (e), ensure that the information specified in (c) accompanies the onward transfer that the intermediary VASP will be making, (e) where technical limitations prevent the information specified in (c) from accompanying an onward transfer, keep a comprehensive record of all information received from the originating VASP or another intermediary VASP for a period of not less than five years starting from the date of receipt of the virtual asset by the intermediary VASP,

18 (f) have risk-based policies for - (i) determining when to reject, suspend or otherwise refuse to execute virtual asset transfers because of information deficiencies, and (ii) the taking of appropriate follow-up action. Further obligations on beneficiary VASPs. 15D. Beneficiary VASPs must, without prejudice to the provisions of paragraph 15C – (a) before making a virtual asset available to a beneficiary – (i) monitor the completeness of the originator information, and (ii) take remedial action where the information specified in (i) is incomplete, (b) have risk-based policies for -

19 (i) determining when to reject, suspend or otherwise refuse to execute virtual asset transfers because of information deficiencies, and (ii) the taking of appropriate follow-up action, and (c) without prejudice to the obligations to make disclosure imposed on specified businesses by paragraph 4(5), report to the Commission repeated failures by an originating VASP, beneficiary VASP or intermediary VASP to comply with the requirements of this Schedule as to the obtaining, holding, verification, retention, provision and use of information in respect of virtual asset transfers. Batch transfers. 15E. In the case of a batch transfer, and without prejudice to the provisions of paragraph 15C, an originating VASP must – (a) ensure that the batch file contains

20 required and accurate originator information and required beneficiary information, (b) ensure that the information specified in (a) is such as to permit the traceability within the beneficiary jurisdiction of each transaction comprised in the batch from the originator to the beneficiary, and (c) include the originator's account number or unique transaction identifier and/or such other information, or information of such class or description, as may be specified for the purposes of this Part of this Schedule in requirements set out in the Handbook. No cross-border requirement for transfers, etc. 15F. For the avoidance of doubt, the provisions of this Schedule apply in respect of a transfer of virtual assets irrespective of whether the transfer or other service or activity – (a) is a cross-border transaction, or

21 (b) is completed within the same jurisdiction (that is, the originating VASP, the beneficiary VASP and any relevant intermediary VASP are located in the Bailiwick). Application of other provisions of this Schedule. 15G. For the avoidance of doubt, the provisions of this Part of this Schedule – (a) are in addition to and not in derogation from the application of the other provisions of this Schedule in respect of virtual assets (and transfers thereof) and VASPs, and (b) apply to any specified business when acting in respect of a virtual asset transfer on behalf of a customer as they apply to originating VASPs, beneficiary VASPs or intermediary VASPs, as the case may be.". (c) paragraph 16(3)(b) is repealed, (d) in paragraph 17 after "money or value transmission services" insert "within the meaning of paragraph 4 of Part I of Schedule 1

22 or by virtue of falling within paragraph 27(2) of Part I of Schedule 1 (VASPs)", (e) in paragraph 21(1) – (i) in item (C) of the definition of "Appendix C business" for "an overseas regulatory authority" substitute "a relevant supervisory authority", (ii) in the definition of "funds" after "of all types," insert "including, for the avoidance of doubt, virtual assets,", (iii) in the definition of "occasional transaction" after "£10,000" insert "(or £1,000 in the case of a specified business described in paragraph 27(2) of Schedule 1 ("VASPs"))", (iv) in the definition of "relevant enactments" paragraph (q) is repealed, (v) after the definition of "relevant legal person" insert the following definition – ""relevant supervisory authority" has the meaning given in section 59(1) of the Regulation of Fiduciaries, Administration Businesses and Company Directors, etc (Bailiwick of Guernsey) Law, 2020,", (vi) after the definition of "transaction document" delete the word "and" and insert the following definition –

23 ""VASPs" and "virtual asset" : see paragraph 15B,". 5. In Schedule 4 ("registration of financial services businesses") – (a) in paragraph 1 – (i) for "paragraphs 20 to 23" substitute "paragraphs 21 to 27(1)", (ii) for "paragraphs 4 or 5 ("money or value transfer services") or 12 or 13 ("money or currency changing services")" substitute – "paragraph 4 or 6 (money service business or money or value transfer services) or 13 or 14 (money broking or money changing services)", (iii) after "of the said Part I" insert "; and this Schedule also applies to persons who are financial services businesses by virtue of falling within paragraph 27(2) of the said Part I (VASPs), whether or not they are also financial services businesses by virtue of falling within the said paragraphs 4, 6, 13 or 14". (b) for paragraph 3(c) substitute – "(c) details of the type of money service business or money or value transfer services, money broking or money changing

24 services or VASP services or activities provided or undertaken.", (c) in paragraph 5(2)(a)(iii) for "paragraph 4 or 5 ("money or value transfer services") or 12 or 13 ("money or currency changing services")" substitute – "paragraph 4 or 6 (money service business or money or value transfer services), 13 or 14 (money broking or money changing services) or 27(2) (VASPs) of Part I of Schedule 1". Extent. 6. This Ordinance has effect throughout the Bailiwick of Guernsey. Citation. 7. This Ordinance may be cited as the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Ordinance, 2023. Commencement. 8. This Ordinance shall come into force on the 5th July, 2023.