Award Winning Consultants 2018

It has been a busy few months for Midshore Consulting, and we would like to take the opportunity to share with you some of our achievements and appointments.


FinTech Awards & GFSC’s Soundbox Sprint

Firstly, in the FinTech Awards given by Wealth & Finance International, Midshore have won “Best Fintech Consultancy 2018 – Channel Islands”. These awards showcase the talents of those who have played a vital role in shaping the Fintech industry, in our case moving to integrate reg-tech into our consultancy work – an area that has historically been purely people-driven.

Secondly, and more importantly in the local environment, we competed in the Guernsey Financial Services Commission’s Soundbox Sprint on Friday 22nd June. Against some serious competition from some much bigger firms we took home the Silver Bailiwick Innovation Award following our pitch to the judges for our solution to using technology to improve innovation. Our solution involved optical character recognition, artificial intelligence and application programming interfaces in a new application that would be an overlay to legacy systems.

Bill Green Award for Entrepreneurial Spirit

Following nomination by the Past President of the Young Business Group, we were shortlisted and invited to give a short presentation to the Bill Green Award judging panel. The winner was announced at the YBG Ball on 30th June, and whilst we didn’t win (congratulations to the School of Popular Music) it was an honour to be a finalist for this award.

New Committee Positions for Christopher

In May 2018, following his re-election as Vice-Chairman of the Guernsey Investment Fund Association (GIFA) the previous month, Christopher was selected to be one of the GIFA representatives on the Council of the Guernsey International Business Association (GIBA). Furthermore, last week Christopher became the Vice-President of the Guernsey Branch of the Chartered Institute for Securities and Investment.

Midshore Moving Forward

Remaining in key positions within the financial services sector is key to Midshore’s positioning as a leading innovative consultancy. We have access to the right people, and can marry this level of access to our unique team composition to bring a technological approach to compliance and anti-money laundering. One of our key goals is to use technology to reduce the cost of compliance and assist Guernsey financial services businesses with being more competitive in today’s international market.

A Time for (Regulatory) Change

Summer…. A time for holidays, beaches, ice cream and regulation!

It might be the time of year when many people think about slowing down, but those responsible for the regulatory programme in any Guernsey-based financial services business have much to keep them busy. Ignoring minor changes to the Prospectus Rules & Registered Funds Rules there are some major changes in the pipeline. In this article, we will examine five key changes and their implications before looking at what more is to come.

Pension Rules

What is it?The Pension Licensees (Conduct of Business) & Domestic and International Pension Scheme and Gratuity Scheme Rules 2017Stage:The Rules are finalisedImplementation:30th September 2018Impact:Licensees undertaking Pension Scheme & Gratuity Scheme formation, management and/or administration

The Rules cover the formation, management or administration of Pension Schemes or Gratuity Schemes under the Fiduciaries Law. The Rules bear some striking similarities to the Conduct of Business Rules for Investment Licensees, which makes sense given that many pension schemes operate in a manner analogous to collective investment schemes.Key Deliverables:By 30 September 2017 Licensees must have conducted an assessment of the internal controls in order to identify and plan for any amendments required to ensure compliance with the Rules by 30 September 2018.


What is it?The Markets in Financial Instruments Directive II
The Markets in Financial Instruments RegulationStage:The Directive & Regulation are finalisedImplementation:3rd January 2018Impact:Licensees providing a range of activities* on various instruments to clients in the European Union (including the UK)

* Reception/transmission of orders; execution of client orders; dealing on own account; portfolio management; investment advice; underwriting of financial instruments; placing of financial instruments; operation of a MTF or OTF.

The Directive and Regulation cover the provision of various investment services to people and institutions in the European Union. Both the Directive and the Regulation include requirements for the provision of services from third countries (non-EU). At this point the Guernsey Financial Services Commission is not considering wholescale adoption of MiFID II & MiFIR.Key Deliverables:Consider what activities are provided to EU-based clients, including potential marketing to attract new clients. Please be aware that not only Investment Licensees will be captured as the Directive and Regulation work on the basis of the activities and instruments rather than a category of licensee.

GDPR & New Guernsey Data Protection Law

What is it?General Data Protection Regulation
Guernsey Data Protection Law (new version to achieve equivalence)Stage:The EU Regulation is finalised; The Guernsey Law is in draftImplementation:25th May 2018Impact:All businesses holding personal data

The Regulation gives increased rights to data subjects, increased requirements for data controllers and data processors, increased fines and penalties to regulators, and increased responsibilities for data protection officers.Key Deliverable:Consider what data is being held, why it is held, whether it is held securely and how is it accessed/maintained. Review internal documentation as well as client consent collection. Ensure all stages of your project are documented as your “road to compliance”.

New Guernsey AML/CFT Framework

What is it?The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) Ordinance, 2017
Handbook on Countering Financial Crime and Terrorist FinancingStage:Consultation (until 31 July 2017)Implementation:TBCImpact:All regulated financial services businesses, registered financial services business & prescribed businesses

The updated Ordinance and Handbook seek to deal with “deficiencies” identified in the Moneyval review of the Guernsey AML/CFT framework. The changes will place additional requirements on impacted businesses and require new business risk assessments, policies, procedures & controls. There is also a requirement to review existing business relationships to ensure information held complies with the new standards.

Consider the resources that will be needed to complete the following:

  • 4 months after implementation – revised business risk assessment
  • 6 months after implementation – revised policies, procedures & controls
  • 1 year after implementation – review existing high-risk business relationships
  • 2 years after implementation – review all other existing business relationships

Lending, Credit & Finance Framework

What is it?Lending, Credit & Finance Consultation PaperStage:Consultation (until 15 September 2017)Implementation:TBCImpact:Registered financial services business, regulated financial services businesses & other affected businesses

The consultation proposes replacing the existing Non-Registered Financial Services Business (NRFSB) framework with a new Lending Credit & Finance Framework, splitting business into three supervision categories:

  1. Alternative Financial Products & Services
  2. AML/CFT only
  3. Consumer Lending & Credit

Existing regulated financial services businesses (such as banks) may also need to register under the new framework (for example under category 3 if the bank providers consumer lending services). Other businesses, which are currently not regulated, may require licensing under the proposals (e.g. an AML/CFT platform).

Consider the resources that will be needed to complete the following:

  • 30 business days before implementation – submit Notice of Intent
  • 3 months after implementation – deadline for applying for a Class 3 Licence
  • 6 months after implementation – deadline for applying for a Class 1 Licence
  • General – ensuring new policies, procedures and processes are in place, particularly those required for applications to the Commission

More to come…

Don’t forget that other changes are still expected over the coming year (or more), including:

  • New/Revised Financial Services legislation – beginning with the Enforcement Law
  • Investment & Fiduciary Division review of the Client Money & Client Asset rules
  • Clarification of the landscape post-Brexit
  • Expansion to countries reported under CRS
  • Measures introduced to ensure BEPS-compliance

What next?

For help with any new, existing or updated regulation impacting on your business please contact Midshore Consulting. We are here to help, and the first consultation is free.

Please contact us here.

Taking a look at Cyber Security threats in 2017

2016 was a busy year for cyber-security professionals. It goes without saying that 2017 is likely to be far worse as more and more cyber-security threats emerge and the number of internet enabled devices continues to grow. I briefly took a count of how many internet enabled devices I have in my home and it was near 25… which even included a coffee machine, heating and a desk lamp.

Throughout 2016 the rise of Ransomware, digital extortion schemes, targeted attacks, LinkedIn’s historic 2012 breach, Yahoo!’s breach, political attacks and many more made the headlines our news feeds, newspapers and even our TV screens at one point or another.

But that hasn’t changed how we use our devices right? That’s not “our fault”. Just a quick password change, write it down on a piece of paper and pop it in the back of your wallet/purse until you can remember it. Job done.


What’s this got to do with 2017’s cyber threats?

A lot. It’s our attitude to the way we download apps, install them, and just assume they are as good as they say they are.

We got angry when we heard Facebook was going to make all our posts public (which was a hoax – although great for privacy setting awareness and I hope it happens again), but none of us probably checked which apps were allowed access to our data, which we had already allowed. So when we changed a few posts and maybe added a phone number to our account for an extra layer of security, they can see our change and update their records too.

That even means, when we create ourselves a lovely new email address to stop receiving spam, those apps had access to it. So we will likely see those nasty emails again. Meaning it was probably our fault all along for not checking those settings, or approving “Super emoji app’s” request for our “basic personal data” which was then sold on the “Big Data” market.

So this brings me on to my first top threat:

Everybody is a cyber-security threat

Everybody can be their own worst enemy when it comes to cyber-security.

Posting personal data online, using the same password for every website, simple answers to secret questions (first dog… mother’s maiden name… etc), pin numbers including date of birth or ‘1234’ and that’s just to name a few.

It’s the way we are using our tech, and the way we wish to live our modern-day lives, that’s putting us at risk.

Yes, it should be our right to post what we like, where we like (within T&C / Law restrictions of course), but sadly in a world with “internet gangsters” we must be more considerate.

Which also brings me on to my second largest threat:

Targeted Attacks through social media

Targeted attacks are going to be a huge problem in 2017, as generally targeted attacks tend to pay off in a bigger way. If you manage to crack an individual’s security on “one platform”, you’ll probably have access to many more and our social media behaviour is making it as easy as ever for hackers.

But why not hack a huge website? Well this data could be more useful than just a list of email addresses and therefore more profitable. Also, we also might not notice and continue to provide them a source of income.

Other Cyber security threats in 2017

This doesn’t mean that every cyber-security breach is our fault… there are a whole list of other cyber security threats that could, and will, cause problems in 2017. I would expect it won’t be long before we are reading again about: ransomware, worms, identity theft, the Internet Of Things (internet enabled devices such as smart devices), and even our mobile phones being a source of a cyber-enabled crime or breach.

How to be prepared for cyber-enabled threats going forward?

It’s our habits that should be changed, but that can only come from education and hard-work. My recommendation would be that everybody took a moment to even consider looking through some recent (or old) posts on social media. If you think they might give a hacker an insight into your password, questions or just an edge on how to hack into your account, then review who can view it, or better yet delete it.

You could even look to seek further education into Cyber Security threats.. I’ve heard of a lovely company called Midshore Consulting that are offering “Managing Cyber Security” training via their brand new online platform… perfect. (

When it comes to websites we regularly (or rarely) use we are putting our data, and faith, into their hands. So, it’s worth thinking about sites we didn’t really need to register on, and perhaps even removing our data if necessary to stay safe. Hopefully the upcoming GDPR (General Data Protection Regulation) will help strengthen their cyber security loopholes.

But for my final words, it’s action rather than re-action which should be at the forefront of our minds when it comes to cyber security and keeping our much-loved data, safe.

To Brexit or not to Brexit?.. That is the question!

It seems that in the United Kingdom the government might want to observe the majority will to leave the European Union… however those plans might be scuppered by a few citizens from the minority that clearly lost the vote.

Why is this?

The United Kingdom has Parliamentary Sovereignty and therefore any vote of the people is purely “advisory”, the vote that took place on 23 June 2016 was an Advisory Referendum. This has no legal standing and is merely “advice” for the government and does not bind government. Technically, it could be seen that the High Court has made the correct ruling, however we should wait and see what the ruling of the Supreme Court is.

How did this happen?

That the case was brought by ordinary citizens, presumably “miffed” at voting for the losing side of the referendum, and not Members of Parliament who were on the losing side of the campaign speaks volumes. Would any self-respecting politician want to be seen to go against the will of the majority of the people and risk losing their seat at the next election?

What is more intriguing is that the case was led by a “businesswoman” (Gina Miller) who has clearly failed to see the unique situation that invoking Article 50 puts the United Kingdom in. The UK has been one of the largest financial centres in the world since well before the European Union was even a fledgling customs union with a handful of countries.

Final thoughts…

Leaving the EU is not going to end the UK’s leading position in financial markets. The freedom it will gain by no longer being constrained by the dictates of Brussels in dealing with the rest of the world will free it up to move into an even more dominant position globally.