The Jersey Financial Services Commission has recognised the challenges faced by organisations it supervises in regard to resourcing control functions.

Some businesses in Jersey already flexibly manage resourcing challenges through outsourcing some of the operational elements of the compliance function, such as compliance monitoring, or other financial crime prevention activities including onboarding and periodic reviews. This is something that we have supported our own clients with over the last year or so.

However, at its Business Plan event, the Jersey Financial Services Commission (JFSC) referred to considering whether the location or employment of staff in control functions could also be flexed. This is as a result of the challenges faced in the local labour market, and my understanding is that there may soon be a consultation in respect of what this might look like.

How does it work in the jurisdictions in which Ogier Regulatory Consulting operate?

Guernsey

In Guernsey it is possible to appoint a third party as a Compliance Officer (CO), Money Laundering Compliance Officer (MLCO) or Money Laundering Reporting Officer (MLRO) and there are a number of firms offering this as a service. The Guernsey Financial Services Commission (GFSC) Handbook is very clear that the board remains ultimately responsible for the activities undertaken on its behalf, for compliance with the requirements of the local regulatory framework. Firms can't contract out of statutory and regulatory responsibilities.

Section 2.5 of the GFSC Handbook provides guidance on what should be considered when outsourcing control functions including:

  • reviewing the GFSC's guidance notes on outsourcing
  • considering the implementation of terms of reference or agreements describing the provisions of the arrangement ensuring that the roles, responsibilities and respective duties of the firm and the outsourced service provider are clearly defined and documented
  • ensuring the board, MLRO, Nominated Officer and MLCO understand their roles, responsibilities and respective duties along with ensuring appropriate oversight of the work undertaken by the outsourced service provider

As expected, the risk of outsourcing must be assessed, recorded and feature in the Business Risk Assessment and must be monitored on a regular basis. The GFSC Handbook also draws out that oversight of any outsourced activity is key, as when organisations have relied on an outsourced service provider, or the report of an outsourced service provider, this will not be considered a mitigating factor where the organisation has failed to comply with a requirement of the regulatory framework. The board must therefore ensure the veracity of any reports provided, perhaps by spot-checking aspects of the reports.

Cayman Islands

In Section 2 of Part II of Cayman Islands Monetary Authority (CIMA) Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing & Proliferation Financing in the Cayman Islands (its version of the JFSC Handbook), it describes how a financial services provider must appoint an Anti-Money Laundering Compliance Officer and an MLRO. However, it may choose to delegate the performance of the compliance function. In CIMA's Guidance Notes it is clear in that the financial services provider is ultimately responsible for compliance with the applicable requirements under the AML regulations, it also provides guidance on the things to consider if delegation takes places.

United Arab Emirates

In the United Arab Emirates (UAE) compliance can be outsourced to external third parties or internally back to the head office. Firms who are regulated by the Dubai Financial Services Regulatory Authority or the Financial Services Regulatory Authority in the Abu Dhabi Global Market are required to register a CO & MLRO with the respective regulator. Depending on the scale and complexity of the business the regulator allows for these roles to be outsourced.

How effective could this option be?

There are benefits to outsourcing which can include:

  • not having to recruit a skilled individual and having a choice of suitable consultants to choose from, who may have a depth of experience of the role and the local regulatory environments
  • costs can also be saved in terms of other employee benefits which feature as part of a remuneration package
  • the resource is always available as another consultant can provide cover during periods of absence
  • the individual will also be focused on delivering against a mandate, not be drawn in to other organisational issues, and have the ability to provide an independent expert opinion on matters
  • a solution to recruitment challenges in a competitive market with a finite pool of skilled individuals

In terms of providing a balanced view however there are potential drawbacks including:

  • the lack of understanding of the corporate culture and the nuances of the business
  • the number of mandates the individual may be fulfilling
  • the quality of the service provided may not necessarily be what's required to manage compliance risk effectively
  • inadequate oversight of the outsourced compliance arrangements – particularly if there is not a compliance subject matter expert in the business

So it will be interesting to see how things develop here in Jersey, it's really clear that something needs to change and it's encouraging to hear that the regulator is alive to this fact and wants to support Industry in identifying solutions. It appears there's simply not enough individuals with the relevant skills, knowledge, or in some instances desire, to carry out Key Person roles.

One thing we can be absolutely certain about however is that the responsibility to meet statutory obligations and regulatory requirements will remain the responsibility of the governing body of an organisation, there is simply no getting away from this fact, no matter what changes occur.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.