How to deal with Guernsey’s intensifying regulatory spotlight
Getting compliance right the first time has always trumped the deeply damaging costs and disruption of remediation. And with the issuance of regulatory notices in Guernsey rising, a proactive and assured approach to regulatory management has never been more important.
It seems we are all feeling the heat.
Critical priorities for the GFSC and JFSC include the upcoming MONEYVAL inspection, which will check how effectively Jersey and Guernsey are countering money laundering and terrorist financing. The reputation of our islands and the investment that comes with it depend on a favourable result. Local regulators are therefore stepping up spot checks and enforcement action to make sure both islands are fit and ready for MONEYVAL’s visit.
Playing catch-up
For FS organisations in Guernsey, the risks of letting compliance slip are highlighted by the transition to the GFSC’s updated financial crime governance handbook. With deadlines looming, many businesses realise that their preparations began too late and are now scrambling to catch up. Some may also have underestimated the intricacies of the new demands. Examples include determining the source of wealth, which requires far more judgement and evidence to support this than many appreciated. A typical comment is that “we know this person, but do we have the evidence to back this up?”. Establishing the right audit trail can be especially difficult when dealing with historic data, much of which may be hard to locate or not appropriately certified.
If preparations miss the Handbook deadline, there is a real danger that some organisations will face both a penalty and remediation. Given the higher bar of evidence and inspection, putting things right after the event is always more gruelling than meeting the original demands. In addition to the costs, the calls on management time can be especially unwelcome as organisations seek to steer through the aftermath of the COVID-19 crisis.
And the Handbook is only one of several challenges to prepare for, with further thematic reviews also on the horizon. Beyond financial crime, further areas of regulatory focus include the risk from cyberattack.
Right first time
How then can your business get compliance right the first time? Our work with clients highlights five priorities for creating a compliance framework that is both proactive and assured:
1. Digitise
Technology can help you to get on the front foot and deliver more for less. For example, electronic verification can take a huge amount of the headaches and potential for error out of customer due diligence, while cutting costs and speeding up onboarding.
Freed from routine tasks, your people will have more time to focus on complex cases and on implementing new compliance demands. Faster and more efficient processes would also improve customer experience.
2. Build best practice foundations
As you look to prevention rather than cure, it’s important to make the most of the best practices being developed by your group globally and market-wide. Cyber is a clear case in point. With a baseline risk assessment and a number of basic safeguards in place, you can make your business much less vulnerable to cyberattack, without imposing stifling controls.
3. Seek out assurance
Independent review of such areas as the foundations, and how effectively these have been implemented, can help to identify any weaknesses and allow time to address them ahead of regulatory inspection. These reviews could be done either by Compliance, by Internal Audit or by a Third Party.
4. Engage
With demands becoming more intricate, it’s important to engage with regulators to find out what they expect in practice. Dialogue can also help to secure regulatory understanding and avoid immediate sanction if you identify issues or risk falling behind on implementation.
5. Look at the big picture
Compliance is just one of the interlocking risks facing your business and therefore can’t be managed in isolation. It’s important to assess the risks in light of your risk appetite and put appropriate mitigants in place. A key part of this is ensuring that compliance is consulted on strategic decisions from the outset rather than simply vetting at the end.
On the front foot
While your business can’t duck today’s ever more exacting regulatory demands, it can ease the strain by planning ahead. The benefits include the assurance your board needs to manage the business without fear of unwelcome surprises or the upheaval of remediation. As an island, these firm compliance foundations will also reinforce our reputation as a safe and efficient jurisdiction in which to do business.
