1

Risk warning:

The information contained in this briefing is intended to

provide Comsure (JFA) delegates with a brief update in

relation to the topics covered. The information and

opinions expressed in this briefing do not purport to be

definitive or comprehensive and are not intended to

provide professional advice.

Comsure (and their associates and subsidiaries) are not

responsible for, and do not accept any responsibility or

liability in connection with, the content discussed during

this briefing.

Sue Munns

joins the Comsure team

1. Sue Munns has joined the Comsure team to support Comsure advisory

and training services.

2. Sue was the Head of Risk and Compliance for Mourant Ozannes, a

leading offshore law firm with a renowned International Trusts & Private

Client legal practice.

3. Prior to joining Mourant in 2006, Sue was the Head of Compliance for

Barclays in the Channel Islands between 2001 and 2006 and prior to this

was the Senior European Risk Manager for Chase Manhattan Bank from

1985 to 2000.

4. Sue was an advisor to the International Compliance Association and a co-

author to the Compliance Diploma study manual. Sue was also a member

of the committee of the Jersey branch of STEP and the Jersey AML

Steering Group.

2

Mathew Beale, will

provide a whistle-stop

1-hour

UPDATE and REMINDER

on all things

compliance!!

What has been happening outside of

Jersey?

3

WHAT WAS SAID

1. ING was fined 775 million euros, or $900 million FINE and

€100 million for disgorgement.

2. ING Group admitted to “serious shortcomings” in its anti-

money laundering (AML) programs that allowed criminals to

launder money “for years,” according to bank statements

and government documents.

3. The fine was for widespread failures in its financial crime

compliance controls that allowed illicit groups to launder an

estimated hundreds of millions of dollars for years.

WHAT WAS SAID

• The criminal investigation brought to light the fact that one of the main

reasons for the shortcomings was the insufficient attention paid by ING

NL to compliance risk management (business over compliance).

• The responsibility for compliance with the AML/CTF Act rests with three

different divisions of the bank. None of these divisions oversaw the

whole picture.

• This in part explains why senior management was not fully aware of the

seriousness of the shortcomings, and their persistence.

• The Netherlands Public Prosecution Service [NPPS] has therefore

attributed the offences to the organisation as a whole.

• Many individual persons are responsible for part of the culpable

behaviour.

4

https://www.finma.ch/en/news/2018/09/20180917-mm-gwg-cs/

FINMA identified1. Deficiencies in the AML process, as well as shortcomings in

the bank’s control mechanisms and risk management

2. Instead of disciplining a star private banker who breached

compliance regulations for years, FINMA said Credit Suisse

boosted his pay.

3. The bank had failed to adequately record, contain and monitor

the risks arising from 1] PEP business relationships and 2]

the responsible (and since criminally convicted) client

relationship manager,”

4. Fell short of its obligations to fight corruption while managing

significant business relationships relating to FIFA, Petrobras

and PDVSA

First person convicted under that law.

5

First person convicted under FATCA

1. Adrian Baron, a former chief executive of Loyal Bank Ltd. based in

Hungary, pleaded guilty last week in federal court to failing to comply

with the FATCA,

2. Mr. Baron was extradited from Hungary in July. He faces up to five

years in prison.

3. Baron’s conviction ultimately rested on a failure to file a required

disclosure form

4. This case sends a message to foreign financial institutions, as well as

their employees and decision-makers, who are subject to FATCA

5. BEWARE - Anyone considering avoidance of information disclosure will

pay dearly, not just through financial penalties but also, potentially,

through criminal proceedings and reputational damage

Francis v JFSC

How does this affect you and

what should you do ?

The public statement details the relevant conduct

leading to the conclusion that Mr Francis lacked integrity and competence, including in particular

regarding:-

1. Management of conflicts of interest and

2. Duties of transparency to clients.

6

ALL Regulated persons should

carefully review

• The judgement

• The public statement and

• The JFSC's new Guidance Note on Integrity and

Competence

to ensure the issues identified in it are not present in their

business.

1

7

Civil Penalties

8

9

Recklessness vs. Negligence

The DIFFERENCE BETWEEN the two is that

With RECKLESSNESS,

• the actor must be aware of the risk involved with

their actions.

Whereas, for NEGLIGENCE,

• the actor is not aware of the risks but should have known what those risks were.

What are the four penalty bands,

NEGLIGENT TESTS

10

Criminal Offences (Jersey) Law 2009

Statutory offences by bodies corporate and limited liability

partnerships

In Jersey, Art 2 of the Criminal Offences (Jersey) Law 2009, in force 31

July 2009, applies to the case of statutory offences by bodies corporate

and limited liability partnerships.

https://www.jerseylaw.je/laws/revised/Pages/08.415.aspx

Criminal Offences (Jersey) Law 2009

1. Art 2(1) states that if a statutory offence committed by a body

corporate or by a limited liability partnership is proved to have

been committed with the consent or connivance of, or is

attributable to neglect on the part of a person who is a

director, manager, secretary or other similar officer of the

body corporate, or a partner of the partnership, or any person

purporting to act in any such capacity,

2. Art 2(2), THAT PERSON is also guilty of the offence and is

liable in the same manner as the body corporate or the

partnership to the penalty provided for the offence.

3. Art 2(3) applies the same rule to cases where the affairs of a

company are managed by its members AS IF THE member or

members concerned were directors of the corporate body.

2

11

Board Assessment

Board Assessment

12

July 2016

Standards Board for Alternative Investments

(SBAI),

• The SBAI is an

INTERNATIONAL

STANDARD-SETTING BODY

for the alternative investment

industry and sets the

voluntary standard of best

practices and practices

endorsed by its members.

• Its primary role is to create a

"FRAMEWORK OF

TRANSPARENCY,

INTEGRITY AND GOOD

GOVERNANCE" in the way

the hedge fund industry

operates

Enterprise Risk

13

Enterprise

Risk

Assessment

+4

+2

Risk Assessments (4+3)

1. ERM - A

2. AML BR - A*

3. AML CR - A*

4. OUTSOURCING - A

5. GDPR - A*

*Corporate Offence Protection

ANCILARY AML

BRA/CRA

1. TAX FACILITATION

2. BRIBERY AND

CORRUPTION

29 June 2016

14

Strategy

Business

model

1. Structure

2. People

3. Policies

4. Processes

5. Systems

1. COBS customers

2. COBS products and services

3. COBS BRP

4. COBS Info security

5. COBS Business Practices

Financial crime

CRA

BRA

CMP

ANLA

PII

Strategy

Business

model

1. Structure

2. People

3. Policies

4. Processes

5. Systems

1. COBS customers

2. COBS products and services

3. COBS BRP

4. COBS Info security

5. COBS Business Practices

Financial crime

CRA

BRA

CMP

ANLA

PII

Strategy

Business

model

1. Structure

2. People

3. Policies

4. Processes

5. Systems

1. COBS customers

2. COBS products and services

3. COBS BRP

4. COBS Info security

5. COBS Business Practices

Financial crime

CRA

BRA

CMP

ANLA

PII

15

Strategy

Business

model

1. Structure

2. People

3. Policies

4. Processes

5. Systems

1. COBS customers

2. COBS products and services

3. COBS BRP

4. COBS Info security

5. COBS Business Practices

Financial crime

CRA

BRA

CMP

ANLA

PII

Compliance Assessment

16

Risk Based approach

Baseline risk assessments

Issue-based risk assessments

Continuous risk assessments

1. Baseline risk assessments:

1. The baseline risk assessment is done to determine the risk for the first

time, i.e. to establish a broad-based risk profile.

2. Depending on the results of the baseline risk assessment specific aspects

or issues will be highlighted.

3. The baseline risk assessment must be reviewed on regular intervals to re-

establish the baseline profile as to minimize the risks in the organisation.

2. Issue-based risk assessments

1. This is when baseline risk assessments are assessed in far more detail

using the appropriate issue-based risk assessment techniques

2. An issue-based risk assessment will be performed due to highlighted

aspects or issues, new processes, new technology or the ongoing risk

assessments in an organisation.

3. Continuous risk assessments

1. These risk assessments are part of all forms formal and informal

inspections and observations that take place daily or on regular intervals.

17

Baseline risk assessments:

Compliance Risk Means

Crystallisation

of:

1. Legal or

regulatory

sanctions,

2. Material financial

loss, and/or

3. loss to reputation

As a result of

failing to comply with:

1. Laws,

2. Regulations,

3. Rules,

4. Related self-regulatory

organisation standards, and

5. Its Codes of conduct (policy

and procedures / systems

and controls)

18

Financial Services (Fund Services

Business (Accounts, Audits and

Reports)) (Jersey) Order 2007 (the

"FSB Accounts Order")

The Article 6 Declaration

6(1) Declaration

(1) A declaration shall state whether, during the relevant accounting

period, the registered person –

(a) has complied with the requirements of the Financial Services (Jersey)

Law 1998;

(b) has complied with the requirements of ANY ORDER, or of ANY CODE

OF PRACTICE made under Article 19 of the Law, that apply to the

registered person;

(c) has maintained proper accounting records and adequate systems to

enable the registered person to maintain proper accounting records;

AND

(d) has complied with the requirements, of all laws relating to money

laundering, with which the registered person is required to comply.

Who makes up Compliance and Risk

in your organisation?

19

3

20

4

21

5

22

6

You should be….This Guidance Note is relevant to all registered businesses

(except deposit-takers) AND you should be:

1. Checking that the language in your existing policy

documents is appropriate for Jersey

2. Requiring the Board (or there expert) to assess adequacy

of PII arrangements (which might result in additional cover

being required).

3. Ensuring that you have policies and procedures in place

for PII cover, in particular relating to notification of insurers.

23

What About Cyber?

1. There's an interesting paragraph about whether it's

appropriate to take out SEPARATE CYBER

INSURANCE, in addition to PII.

2. In the case of cyber insurance, it's likely to be even

more important to check policy wording carefully, and to

ensure that security procedures are followed so as to

NOT INVALIDATE CLAIMS.

24

Data protection and

security of processing

alongside the security

principle, the GDPR

contains further specific

provisions.

GDPRIt makes data protection by design a legal requirement (‘privacy

by design’) by using the ‘CIA triad’ of personal data

25

Summary and

Close

26

FINISH

ANY QUESTIONS…?

• Comsure was founded in 2005 with a view to

providing comprehensive business risk

advisory services & is able to offer your

organisation a wealth of skills and

experience.

Mathew Beale

Email:

mathewbeale@comsuregroup.com

Tel:

01534 626841

27

Risk warning:

The information contained in this briefing is intended to

provide Comsure delegates with a brief update in

relation to the topics covered. The information and

opinions expressed in this briefing do not purport to be

definitive or comprehensive and are not intended to

provide professional advice.

Comsure (and their associates and subsidiaries) are not

responsible for, and do not accept any responsibility or

liability in connection with, the content discussed during

this briefing.

All rights reserved.

No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form,

or by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior permission of the

copyright owner.

Any person who does any unauthorised act in relation to this publication may be liable to criminal prosecution and civil

claims for damages.

While every effort has been made to ensure its accuracy, Comsure Compliance Limited can accept no responsibility for loss occasioned to any person, acting or refraining from action

as a result of any material in this publication.