sue munns - jerseyfunds.org sept 2018 cpd - comsure.pdf · provide comsure (jfa) delegates with a...
TRANSCRIPT
1
Risk warning:
The information contained in this briefing is intended to
provide Comsure (JFA) delegates with a brief update in
relation to the topics covered. The information and
opinions expressed in this briefing do not purport to be
definitive or comprehensive and are not intended to
provide professional advice.
Comsure (and their associates and subsidiaries) are not
responsible for, and do not accept any responsibility or
liability in connection with, the content discussed during
this briefing.
Sue Munns
joins the Comsure team
1. Sue Munns has joined the Comsure team to support Comsure advisory
and training services.
2. Sue was the Head of Risk and Compliance for Mourant Ozannes, a
leading offshore law firm with a renowned International Trusts & Private
Client legal practice.
3. Prior to joining Mourant in 2006, Sue was the Head of Compliance for
Barclays in the Channel Islands between 2001 and 2006 and prior to this
was the Senior European Risk Manager for Chase Manhattan Bank from
1985 to 2000.
4. Sue was an advisor to the International Compliance Association and a co-
author to the Compliance Diploma study manual. Sue was also a member
of the committee of the Jersey branch of STEP and the Jersey AML
Steering Group.
2
Mathew Beale, will
provide a whistle-stop
1-hour
UPDATE and REMINDER
on all things
compliance!!
What has been happening outside of
Jersey?
3
WHAT WAS SAID
1. ING was fined 775 million euros, or $900 million FINE and
€100 million for disgorgement.
2. ING Group admitted to “serious shortcomings” in its anti-
money laundering (AML) programs that allowed criminals to
launder money “for years,” according to bank statements
and government documents.
3. The fine was for widespread failures in its financial crime
compliance controls that allowed illicit groups to launder an
estimated hundreds of millions of dollars for years.
WHAT WAS SAID
• The criminal investigation brought to light the fact that one of the main
reasons for the shortcomings was the insufficient attention paid by ING
NL to compliance risk management (business over compliance).
• The responsibility for compliance with the AML/CTF Act rests with three
different divisions of the bank. None of these divisions oversaw the
whole picture.
• This in part explains why senior management was not fully aware of the
seriousness of the shortcomings, and their persistence.
• The Netherlands Public Prosecution Service [NPPS] has therefore
attributed the offences to the organisation as a whole.
• Many individual persons are responsible for part of the culpable
behaviour.
4
https://www.finma.ch/en/news/2018/09/20180917-mm-gwg-cs/
FINMA identified1. Deficiencies in the AML process, as well as shortcomings in
the bank’s control mechanisms and risk management
2. Instead of disciplining a star private banker who breached
compliance regulations for years, FINMA said Credit Suisse
boosted his pay.
3. The bank had failed to adequately record, contain and monitor
the risks arising from 1] PEP business relationships and 2]
the responsible (and since criminally convicted) client
relationship manager,”
4. Fell short of its obligations to fight corruption while managing
significant business relationships relating to FIFA, Petrobras
and PDVSA
First person convicted under that law.
5
First person convicted under FATCA
1. Adrian Baron, a former chief executive of Loyal Bank Ltd. based in
Hungary, pleaded guilty last week in federal court to failing to comply
with the FATCA,
2. Mr. Baron was extradited from Hungary in July. He faces up to five
years in prison.
3. Baron’s conviction ultimately rested on a failure to file a required
disclosure form
4. This case sends a message to foreign financial institutions, as well as
their employees and decision-makers, who are subject to FATCA
5. BEWARE - Anyone considering avoidance of information disclosure will
pay dearly, not just through financial penalties but also, potentially,
through criminal proceedings and reputational damage
Francis v JFSC
How does this affect you and
what should you do ?
The public statement details the relevant conduct
leading to the conclusion that Mr Francis lacked integrity and competence, including in particular
regarding:-
1. Management of conflicts of interest and
2. Duties of transparency to clients.
6
ALL Regulated persons should
carefully review
• The judgement
• The public statement and
• The JFSC's new Guidance Note on Integrity and
Competence
to ensure the issues identified in it are not present in their
business.
1
9
Recklessness vs. Negligence
The DIFFERENCE BETWEEN the two is that
With RECKLESSNESS,
• the actor must be aware of the risk involved with
their actions.
Whereas, for NEGLIGENCE,
• the actor is not aware of the risks but should have known what those risks were.
What are the four penalty bands,
NEGLIGENT TESTS
10
Criminal Offences (Jersey) Law 2009
Statutory offences by bodies corporate and limited liability
partnerships
In Jersey, Art 2 of the Criminal Offences (Jersey) Law 2009, in force 31
July 2009, applies to the case of statutory offences by bodies corporate
and limited liability partnerships.
https://www.jerseylaw.je/laws/revised/Pages/08.415.aspx
Criminal Offences (Jersey) Law 2009
1. Art 2(1) states that if a statutory offence committed by a body
corporate or by a limited liability partnership is proved to have
been committed with the consent or connivance of, or is
attributable to neglect on the part of a person who is a
director, manager, secretary or other similar officer of the
body corporate, or a partner of the partnership, or any person
purporting to act in any such capacity,
2. Art 2(2), THAT PERSON is also guilty of the offence and is
liable in the same manner as the body corporate or the
partnership to the penalty provided for the offence.
3. Art 2(3) applies the same rule to cases where the affairs of a
company are managed by its members AS IF THE member or
members concerned were directors of the corporate body.
2
12
July 2016
Standards Board for Alternative Investments
(SBAI),
• The SBAI is an
INTERNATIONAL
STANDARD-SETTING BODY
for the alternative investment
industry and sets the
voluntary standard of best
practices and practices
endorsed by its members.
• Its primary role is to create a
"FRAMEWORK OF
TRANSPARENCY,
INTEGRITY AND GOOD
GOVERNANCE" in the way
the hedge fund industry
operates
Enterprise Risk
13
Enterprise
Risk
Assessment
+4
+2
Risk Assessments (4+3)
1. ERM - A
2. AML BR - A*
3. AML CR - A*
4. OUTSOURCING - A
5. GDPR - A*
*Corporate Offence Protection
ANCILARY AML
BRA/CRA
1. TAX FACILITATION
2. BRIBERY AND
CORRUPTION
29 June 2016
14
Strategy
Business
model
1. Structure
2. People
3. Policies
4. Processes
5. Systems
1. COBS customers
2. COBS products and services
3. COBS BRP
4. COBS Info security
5. COBS Business Practices
Financial crime
CRA
BRA
CMP
ANLA
PII
Strategy
Business
model
1. Structure
2. People
3. Policies
4. Processes
5. Systems
1. COBS customers
2. COBS products and services
3. COBS BRP
4. COBS Info security
5. COBS Business Practices
Financial crime
CRA
BRA
CMP
ANLA
PII
Strategy
Business
model
1. Structure
2. People
3. Policies
4. Processes
5. Systems
1. COBS customers
2. COBS products and services
3. COBS BRP
4. COBS Info security
5. COBS Business Practices
Financial crime
CRA
BRA
CMP
ANLA
PII
15
Strategy
Business
model
1. Structure
2. People
3. Policies
4. Processes
5. Systems
1. COBS customers
2. COBS products and services
3. COBS BRP
4. COBS Info security
5. COBS Business Practices
Financial crime
CRA
BRA
CMP
ANLA
PII
Compliance Assessment
16
Risk Based approach
Baseline risk assessments
Issue-based risk assessments
Continuous risk assessments
1. Baseline risk assessments:
1. The baseline risk assessment is done to determine the risk for the first
time, i.e. to establish a broad-based risk profile.
2. Depending on the results of the baseline risk assessment specific aspects
or issues will be highlighted.
3. The baseline risk assessment must be reviewed on regular intervals to re-
establish the baseline profile as to minimize the risks in the organisation.
2. Issue-based risk assessments
1. This is when baseline risk assessments are assessed in far more detail
using the appropriate issue-based risk assessment techniques
2. An issue-based risk assessment will be performed due to highlighted
aspects or issues, new processes, new technology or the ongoing risk
assessments in an organisation.
3. Continuous risk assessments
1. These risk assessments are part of all forms formal and informal
inspections and observations that take place daily or on regular intervals.
17
Baseline risk assessments:
Compliance Risk Means
Crystallisation
of:
1. Legal or
regulatory
sanctions,
2. Material financial
loss, and/or
3. loss to reputation
As a result of
failing to comply with:
1. Laws,
2. Regulations,
3. Rules,
4. Related self-regulatory
organisation standards, and
5. Its Codes of conduct (policy
and procedures / systems
and controls)
18
Financial Services (Fund Services
Business (Accounts, Audits and
Reports)) (Jersey) Order 2007 (the
"FSB Accounts Order")
The Article 6 Declaration
6(1) Declaration
(1) A declaration shall state whether, during the relevant accounting
period, the registered person –
(a) has complied with the requirements of the Financial Services (Jersey)
Law 1998;
(b) has complied with the requirements of ANY ORDER, or of ANY CODE
OF PRACTICE made under Article 19 of the Law, that apply to the
registered person;
(c) has maintained proper accounting records and adequate systems to
enable the registered person to maintain proper accounting records;
AND
(d) has complied with the requirements, of all laws relating to money
laundering, with which the registered person is required to comply.
Who makes up Compliance and Risk
in your organisation?
22
6
You should be….This Guidance Note is relevant to all registered businesses
(except deposit-takers) AND you should be:
1. Checking that the language in your existing policy
documents is appropriate for Jersey
2. Requiring the Board (or there expert) to assess adequacy
of PII arrangements (which might result in additional cover
being required).
3. Ensuring that you have policies and procedures in place
for PII cover, in particular relating to notification of insurers.
23
What About Cyber?
1. There's an interesting paragraph about whether it's
appropriate to take out SEPARATE CYBER
INSURANCE, in addition to PII.
2. In the case of cyber insurance, it's likely to be even
more important to check policy wording carefully, and to
ensure that security procedures are followed so as to
NOT INVALIDATE CLAIMS.
24
Data protection and
security of processing
alongside the security
principle, the GDPR
contains further specific
provisions.
GDPRIt makes data protection by design a legal requirement (‘privacy
by design’) by using the ‘CIA triad’ of personal data
26
FINISH
ANY QUESTIONS…?
• Comsure was founded in 2005 with a view to
providing comprehensive business risk
advisory services & is able to offer your
organisation a wealth of skills and
experience.
Mathew Beale
Email:
Tel:
01534 626841
27
Risk warning:
The information contained in this briefing is intended to
provide Comsure delegates with a brief update in
relation to the topics covered. The information and
opinions expressed in this briefing do not purport to be
definitive or comprehensive and are not intended to
provide professional advice.
Comsure (and their associates and subsidiaries) are not
responsible for, and do not accept any responsibility or
liability in connection with, the content discussed during
this briefing.
All rights reserved.
No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form,
or by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior permission of the
copyright owner.
Any person who does any unauthorised act in relation to this publication may be liable to criminal prosecution and civil
claims for damages.
While every effort has been made to ensure its accuracy, Comsure Compliance Limited can accept no responsibility for loss occasioned to any person, acting or refraining from action
as a result of any material in this publication.