Navigating the Guernsey Compliance landscape

Tempus fugit! It’s almost a year since the GFSC (Guernsey Financial Services Commission) updated its Handbook for specified businesses to establish and maintain an independent compliance audit function.  

But are you certain on what you need to do? 

Let’s revisit the key highlights of the requirement: 

1. Applicability. 

The requirement applies to all specified businesses (Financial Service and Prescribed Businesses) 

2. Purpose of the Independent Audit function. 

The primary purpose of the independent audit function is to assess the adequacy and effectiveness of the business’s Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT) and Combating Proliferation Financing (CPF) policies, procedures, and controls. This compliance audit layer ensures oversight and continuous monitoring, including assessing AML/CFT/CPF related policies, procedures, and controls, reporting findings to the Board and monitoring compliance with any recommendations provided.  

3. Considerations  

  • Each business should assess its own AML/CFT/CPF risks, as well as the size and nature of its operations, to determine the extent and frequency of compliance audits. The audit may occur annually or less frequently.  

  • The audit may cover all or part of the business’s policies, procedures, and controls.  

  • Frequency and scope may also depend on whether the firm’s compliance monitoring programme has identified significant recurring breaches for which it would be prudent for an independent function to examine.  

  • If a business does not have an independent internal audit function, the audit can be conducted by an employee not involved in the implementation of policies, procedures and controls or a skilled external person/service provider familiar with the Guernsey AML/CFT/CPF framework.  

Staying compliant is crucial for your business’s reputation and regulatory compliance standing. Here is what businesses should be doing: 

1. Assessment and Implementation 

  • Conduct a thorough review of your compliance programmes to ensure that they align with the updated requirements.  

  • Update your AML, CFT and CPF policies, procedures, and controls, as necessary.  

  • Assess the effectiveness of your independent compliance function, whether it’s an individual or a service provider. Ensure that they have successfully identified and addressed any shortcomings within your AML, CFT and CPF framework. 

2. Continuous Monitoring and Improvement  

  • Implement a continuous monitoring strategy to regularly assess the effectiveness of your compliance measures.  

  • Use the findings from the independent audit to make ongoing improvements to your compliance programme. 

3. Training and Awareness  

  • Provide regular training for your staff on the latest AML/CFT/CPF regulations and internal policies.  

  • Foster a culture of compliance and awareness within your organisation. 

4. Documentation and Reporting  

  • Maintain comprehensive documentation to demonstrate adherence to your compliance programme and the Handbook.  

  • Prepare procedures to help with reporting to the GFSC.  

5. Engagement with auditors 

  • Work closely with your auditors to understand their findings and recommendations.  

  • Ensure that any audit issues are addressed promptly and effectively. 

6. Stay Informed  

  • Keep abreast of any further updates or guidance from the GFSC. 

  • Monitor global best practices and standards in AML/CFT/CPF compliance to enhance your compliance programme.  

How can BDO assist? 

BDO can provide the expertise, tools and support necessary for businesses to navigate complex regulatory landscapes and maintain compliance effectively. This can be quite valuable to your business.  

Here is how BDO can assist: 

  1. Expertise in Compliance: Offer specialised knowledge of regulatory requirements, helping businesses implement necessary compliance measures.  

  1. Tailored Compliance Programmes: Design customized compliance programmes to cover regulatory requirements for each business.  

  1. Risk Assessments: Identify non-compliant areas and recommend strategies to mitigate risks.  

  1. Independent Audits: Our audits provide an objective and independent perspective on existing compliance frameworks.  

  1. Training and Education: Offer compliance-related training to foster a culture of compliance within your business.  

  1. Ongoing Support: Keep you updated with regulatory changes and provide guidance to maintain compliance.  

  1. Building Internal Capacity:  Partnering with us helps businesses learn effective compliance management strategies. 

  1. Monitor Service Providers: Provide an independent effectiveness review of third-party service providers to assist the Board with their responsibility in overseeing outsourced functions. 

    Please send your enquiry to advisory@bdo.gg or email your usual contact at BDO Guernsey.