Regulation Services

Regulation & Compliance

Local and international regulation is constantly changing and evolving. Businesses need to adapt on a timely basis, changing procedures and processes and often remediating client files to ensure the documentation held continues to meet the various regulatory requirements. It is also prudent to test whether the procedures or processes of a business remain compliant with existing regulation and that the compliance monitoring programme remains robust.

We are able to quickly and efficiently help with standard Guernsey regulations such as:

  • CRS
  • BEPS
  • MiFID II & MiFIR
  • GFAS
  • GDPR, and
  • AML / CFT Handbook.

Whatever sector the change relates to we can assist by:

  • Identifying the requirements of the regulation
  • Implementing appropriate changes to business processes
  • Mapping your compliance with the regulations
  • Enhancing your monitoring programme
  • Ascertaining the need for remediation
  • Undertaking the remediation required
  • Providing a final report detailing all work undertaken

Different levels of service are available from consultation/advice to full programme management with a team of analysts & administrators to assist with remediation. Correcting or completing the documentation held on client files is one of the easy, but often overlooked, ways to ensure you remain in line with current regulatory requirements.

Midshore can provide a Compliance Officer and/or Money Laundering Reporting Officer for your business. Data Protection Officer services can also be provided.

Regular Training – More than just a Regulatory Burden!

Business regulated by or registered with the Alderney Gambling Control Commission (AGCC), the Guernsey Financial Services Commission (GFSC) and the Jersey Financial Services Commission (JFSC) have requirements under the relevant AML/CFT (Anti Money Laundering and Combating the Financing of Terrorism) handbooks or guidelines to ensure regular ongoing training for their staff in this area.

The requirement to train staff in this area is not new, however often training is carried out in these areas alone, and is directed if not carried out by the Money Laundering Reporting Officer (MLRO). How many times have experienced practitioners been forced to take time out from their working day to sit through an hour-long in-house seminar and are able to repeat “placement – layering – integration” or “maximum of 14 years in prison and an unlimited fine” verbatim at their course leader simply from hearing it so many times. Also, how many people have been forced to watch an AML DVD with dodgy acting from Z-list actors portraying farcical characters?

Running in-house training sessions during lunch breaks inevitably leads to:

  • Running multiple training sessions, taking up the valuable time of the MLRO
  • Running additional training sessions for those who are unexpected unable to attend at the last minute (sickness or business)
  • New staff members joining the company who need to have the training provided as part of their induction, which will often be at a time when regular staff training is not scheduled
  • Knowing that someone has been physically present without being able to prove that they were mentally present
  • Lack of quantitative proof of the effectiveness of the training

Clearly, this is not the best solution to a regulatory training need.

Convenience and Scalability

In the modern era we often talk about flexibility, and this is now something that can be offered in the ongoing training space. Let’s take an example.

Company A decides that its employees need to complete their regular AML/CFT training in line with regulatory requirements. The company has engaged with an online training provider (who happen to be called Midshore) to use their online training solution. Taking the experiences of various executives of the company:

  • The Managing Director decides to login from his tablet at home one evening to complete the training – leading by example is important
  • The Sales Director has a rare few days in the office so decides he will complete it one lunchtime whilst eating a sandwich at his desk
  • The Operations Manager doesn’t have enough time during the working day so takes her mobile phone to the gym, logs into their Wi-Fi and burns calories on the cross-trainer at the same time
  • The MLRO and the Human Resources Manager receive regular reports on who has completed the training, together with the score that each employee has received for their end of course test

Midshore Online Training (MOT)

Midshore Online Training (MOT) is the online training solution brought to you by Midshore Consulting. Regularly updated, the Midshore AML/CFT training includes sections on Proliferation Financing, Sanctions and Anti-Bribery and Corruption (ABC) alongside the standard AML/CFT subject matter.

The training module consists of:

  • Online training video
  • Printable course notes
  • 15-question end of module test (75% pass mark)
  • Printable certificate of completion

Using MOT also means that staff located in other jurisdictions (including those in outsourced or offshored operations) can receive identical training to local staff.

MOT – more than AML/CFT

Regulation and legal requirements are changing all the time, additionally local businesses are not just impacted by local law and regulation. Staff in regulated businesses should receive more than just AML/CFT training on a regular basis to ensure that they remain aware of their responsibilities in a number of key areas. This is why the MOT suite of modules will also include:

At this point, it almost seemed appropriate to include a pun about booking staff in for a MOT! However, should you be interested in a scalable and cost-effective solution to ensuring your staff have up to date regulatory knowledge please contact us.

Midshore can also run in-house training, including practical workshops tailored to the needs of your business.

Key Changes to Up-Coming Regulation

We would like to highlight to you two key changes in the local regulatory environment, which have an immediate impact and where we could assist you.

Beneficial Ownership Law

This came into effect on 15 August 2017, and requires that the resident agent of any Guernsey company, foundation of limited liability partnership must register beneficial of that entity with the Guernsey Registry either by 31 October 2017 (foundations & limited liability partnerships) or 28 February 2018 (companies).

Clearly there is an immediate requirement to start pulling together the information for reporting, which may be complex where one of these entity types is held within a trust arrangement. If you need help with any stage of this please contact us to discuss your requirements.

Pension Regulatory Regime

The new Pension Regime is live, and places requirements both on the licensee and the pension or gratuity scheme.

Under the transitional provisions full compliance is not required until 30 September 2018, however by 30 September 2017 a licensee carrying on pension or gratuity scheme business must conduct an assessment of their internal controls to identify and plan for any amendments required.

To assist licensees in complying with this we are offering a gap analysis at a fixed price of £1,750. We are also happy to discuss any further services you may require.

Compliance – A Pragmatic Approach to Regulation

Too many times we hear financial services professionals complaining that they are at odds with their confrontational compliance department, more often than that business generation units refer to their anti-money laundering team referred to as a business prevention unit.

Whilst there are many pieces of financial services law, regulation, rules, guidance & codes in existence (even in a small jurisdiction such as Guernsey) they have at their heart a few key goals:

  • Protecting the financial services consumer
  • Protecting the financial services system
  • Preventing use of financial services for crime

So, how do we fix the often-confrontational approach that seems to prevail within the compliance / anti-money laundering space? Here are a few suggestions:

Not all business is high risk

Many Money Laundering Reporting Officers (MLROs) are very risk-averse, after all they run the risk of prosecution if they do not fulfil their duties properly. However, it is important that a business has appropriate risk-rating for clients.

A MLRO may want to investigate each client to the nth degree, however that flies in the face of the purpose of risk-rating – ensuring that client relationships that really are high risk have more time spent on them then lower risk client relationships. How can a business spend more time when it has to perform enhanced due diligence (EDD) across all clients?

Ensure that when the board reviews the organisation’s in-house Anti-Money Laundering (AML) Handbook that risk-rating is covered with clear detail as to what could constitute a higher risk relationship. The board has the decision to control the risk of the business, and the MLRO cannot override the board is setting this policy as they are the instrument ensuring compliance with the policies.

Regular review by senior management will help to ensure that an overly zealous MLRO is not jeopardising the profitable functioning of the business.

Not all countries are the same

This is an important mantra for two very different reasons:

  • Lists of low risk countries and sensitive jurisdictions issued by the regulator can assist with risk-rating clients in those countries; as can sanctions lists issued by governments
  • Not all clients in all countries can easily provide the required documentation

The former is important – firstly the Guernsey Financial Services Commission (GFSC) has published a list of jurisdictions that it considers to have equivalent AML frameworks (Appendix C) in its’ AML Handbook. The AML requirements are already quite complex, and whilst clearly the board should determine whether it wants to adopt the entire list of Appendix C countries as low risk the MLRO should provide the board with reasons why any of the list should be discounted. Furthermore, ignoring the GFSC list of sensitive jurisdictions, or countries which appear prominently on the sanctions lists, could potentially imperil a business.

I once had reason to question a Deputy MLRO as to why a certain country was on their list of high risk jurisdictions. The answer was “because I want to know if any business is done from that country”. When asked what they would do with that information the answer “I just want to know” indicated that there would be no special process for dealing with a client from that country, however arbitrarily including that country on the high risk list means that any potential client would face providing EDD without good reason.

The second bullet point is an important one, and often vexes MLROs. What do you do when a client can’t provide proof of their address in the form of one of the documents listed in the GFSC’s AML Handbook? The answer is to think outside the box, and to suggest alternatives at an early stage. Maybe two independent statements of the client living there could be provided in place of a utility bill? There are some countries where standard proof of address is near impossible to provide and the GFSC would simply want you to be comfortable that you have sufficient proof even in a non-proscribed form.

Don’t reject a document – seek additional confirmation

What do I do when the lawyer certifying the document hasn’t used the correct wording and hasn’t said that the photograph is a true likeness of the person they have met? Don’t just reject the certified passport out of hand – it nearly meets the requirements. How about emailing the lawyer asking them to confirm that it is a true likeness of the person they have met?

Not all business is high risk – Take 2

It is tempting for a MLRO to give any structure where a PEP is involved a high-risk rating even if there is no risk of the PEP illicitly obtaining funds based on the structure used and the financial services product they are using.

Let’s take the example of a UK-registered quasi-governmental entity that is regulated for financial services business and can be found on the FCA’s financial services register. There is a PEP on the board, however the entity is investing into a fund and will only receive monies from an account in the name of the entity and will only pay out to an account in the name of the entity. How can the PEP use the investment to illicitly obtain funds? They can’t. Therefore, what is the risk? It’s a regulated financial services business in a low-risk jurisdiction – the risk is low.

Codes are Codes and Guidance is Guidance

Sometimes the GFSC issues codes and guidance.

Codes can often be seen as best practice, however not all codes will precisely fit all business. Be willing to document where you don’t comply with a code and why. Table this before a board meeting and have the board approve the reason for non-compliance.

Guidance is just that, never take is a proscriptive. Guidance will often provide one route towards achieving a regulatory objective, don’t feel obliged to apply the guidance rigidly. Be willing to employ a pragmatic solution that meets the requirements of your own business, and again get the board to approve this. So long as the controls effectively ensure the law, rule or regulation is complied with the guidance does not need to be strictly observed.

If all else fails…

Sit down and discuss what you have and where the deficiencies lie. A Compliance Officer MLRO should never simply dictate to the business. Maybe remedial action can take place. Maybe a small number of additional documents need to be obtained. Maybe a policy or procedure in place is no longer appropriate for all of the business being carried out and needs to be reviewed and updated. Be willing to be flexible and pragmatic.

The Midshore Solution

We can offer a pragmatic compliance/AML solution for our clients. We can review your compliance monitoring programme along with any of your procedures and policies, offering advice on where to improve them. We can also act as compliance officer or provide a MLRO for your business, ensuring that these functions are carried out in a way that ensures your business continues to comply with regulation without compromising business flows.

We can also provide regulatory refresher training to your team, including all Guernsey laws, rules & regulations; MiFID II & MiFIR; GDPR; CRS/FATCA; BEPS; AIFMD; and AML. We also offer training for the following CISI level 3 regulatory modules:

  • Combating Financial Crime
  • Managing Cyber Security
  • Global Financial Compliance
  • Risk in Financial Services

Combating Financial Crime – more than just AML

Money Laundering (ML) and know your customer (KYC)

Back when we all first started performing KYC (know your customer) checks on our customers the focus was on two main objectives:

1. Ensuring sufficient documentation was held on the registered holder – know your customer (KYC)
2. Trying to stop Money Laundering (ML) – hence the term Anti Money Laundering (AML)

Essentially, we were all trying to make sure that our financial products weren’t being used for ML, which, by definition, has to have a predicate offence (the money must be the proceeds of crime and therefore there must have been an initial criminal act). Of primary interest was the proceeds of drug trafficking, however the predicate offence could be anything from simple theft through tax evasion to major fraud.

AML was just the beginning; however the concept of financial crime has evolved to encompass many more aspects. The Money Laundering Reporting Officer (MLRO) and their deputies have evolved to include:

Terrorist Financing (TF)

In 1999 the United Nations had already passed their International Convention for the Suppression of the Financing of Terrorism and in 2000 the UK had passed their Terrorist Act (TACT) before the horrific terrorist activities of 9/11 in 2001 brought the full attention of the world to bear on counter-terrorist financing (CTF), also known as combating the financing of terrorist (CFT).

The biggest difference between TF and ML is that the money involved in TF is usually “clean” to start with. There is no predicate offence and the money is not the proceeds of crime. The criminal element is what the money is being used to fund. TF can therefore be looked at as the reverse of ML – TF takes clean money and uses this to fund criminal (terrorist) activity whereas ML is seeking to take criminal money and separate it from the crime to create “clean” money.

The other significant difference is that relatively small amounts of money can be used to finance terrorist activities, whereas ML normally involves “laundering” larger sums of money.

ML gave us the opportunity to focus on where money was coming from/how it was obtained and the preference for focusing on larger sums. Adding TF into the mix means a different focus to where money is going/what it will be used for and focusing on larger transactions becomes less relevant.

Proliferation Financing (PF)

Proliferation relates to making available, or aiding in the development of, nuclear, chemical or biological weapons. This is different to TF in that PF relates to the financing of activities of sovereign nations.

Under United Nations Security Council (UNSC) Resolution 1803 there is the requirement for Counter Proliferation Financing (CPF) Reporting. This would be done on a Suspicious Activity Report (SAR) the same as reporting for both ML and TF.

Whilst TF is not the same as PF there are similarities in that normally the money used for PF will not itself be the proceeds of crime, but rather the money will be used for a criminal activity.

Anti-Bribery & Corruption (ABC)

Bribery and Corruption are two separate, yet linked, concepts – it is very difficult to bribe an official who is not corrupt.

  • Bribery is the offering, promising, giving, accepting, or soliciting of money, gifts or other advantage as an inducement to do something that is illegal or a breach of trust in the course of carrying out an organisation’s activities
  • Corruption is the offering, giving, receiving or soliciting, directly or indirectly, of anything of value to influence improperly the actions of another party

A financial institution’s AML, CTF & CPF procedures, which are largely about ensuring that internal processes stop clients from performing illegal acts and the institution becoming complicit. ABC policies should ensure that not only are clients not falling foul of legislation, but nor is the institution itself in its own activities.


Sanctions are measures adopted against a country, regime or individual (collectively “entities”) believed to be violating international law. They are political trade restrictions put in place with the aim of maintaining or restoring international peace and security.

Sanctions can be targeted at entities that are known to engage in terrorist activity or weapons proliferation, however sanctions may also be implemented as result of human rights violations or because of military action (one nation invades or annexes all or part of another nation).

Sanctions tend to be restrictive, coercive measures, that may involve:

  • Freezing of funds
  • Withdrawal of financial services
  • Bans or restrictions on trade or travel
  • Suspension from membership of international organisations

A review of possibly sanctioned individuals should include not only prospective customers, but also those existing customers who become the subject of sanctions. Whilst a sanctioned individual may not be guilty of a financial crime the identification of sanctioned entities (and subsequent reporting if necessary) is normally made a function of the MLRO and their team.

Politically Exposed Persons (PEPs)

Whilst a client being identified as a PEP is not necessarily a financial crime indicator it is most definitely a risk “flag” due to there being a higher chance of the individual being involved in ABC, PF or being sanctioned. These also lead to a higher risk of ML as the likelihood of a predicate offence is greater.

It should be noted, however, that involvement of a PEP in a legal structure is not necessarily a high risk indicator as the existence of the structure combined with policies and procedures may make it impossible for the PEP to illegally access the funds of the legal structure.

Consider a U.S. State Pension Fund where (maybe) the Governor (a PEP) is on the board of the fund structure. The State Pension Fund makes an investment into a Guernsey-based open-ended fund that will only receive monies from the registered investor and will only pay back to the registered investor. There is no possibility of embezzlement in this structure and with these policies/procedures in place.

Evolution of the MLRO

We can now see that the MLRO has multiple roles:

  • Ensuring that the financial system is not being used for ML, TF or PF
  • Ensuring that ABC policies are adhered to
  • Ensuring that Sanctions are not breached
  • Ensuring that high-risk individuals (such as PEPs) are identified

Whilst the tone from the top (i.e. the board and senior management) is important in ensuring corporate culture induces compliance with all relevant policies and procedures, it is the MLRO who ensures compliance on a day-to-day basis.

Whilst the stakes are high the MLRO needs to ensure that decisions are pragmatic and that their role does not become that of the Business Prevention Unit. Properly risk-rated business can be taken on and administered with minimal disruption.

It is also important to note that Customer Due Diligence (CDD) processes designed for KYC should be enhanced to ensure that requirements for FATCA and CRS are integrated into one seamless process. Whilst the MLRO may not be the Responsible Person for FATCA they should ensure that all take on requirements form one process, particularly as tax evasion itself is a predicate offence that we all want to avoid.

The role of the MLRO is only going to get more complicated in future and a good MLRO needs to be prepared. Qualifications such as the Award in Combating Financial Crime offered by the CISI give a good grounding in all of the relevant skill sets required for this position.