There is significant change taking place within Guernsey’s existing risk and compliance environment, which arguably reached its current zenith with the GFSC’s release of the final version of the Handbook on Countering Financial Crime and Terrorist Financing in June of this year. This revised Handbook detailed a more prescribed approach to the trials and challenges of anti-money laundering compliance, in place of the recommendations and suggestions of yesteryear. Furthermore, all the signals currently suggest that this ‘Handbook’ style approach will be rolled out across sector specific legislation and advice in future, meaning it very much appears to be here to stay. This change of direction was undertaken in itself to better demonstrate to the wider world how seriously our jurisdiction takes the vexing issue of financial crime.
There are always pros and cons to the re-engineering of a significant element of compliance legislation, the largest negative aspect usually being the overhead required to implement the changes. And this is most certainly the case with the new AML Handbook, as it has commonly become known. However, those with a more ‘glass half full’ approach are taking the view that, with more clearly defined expectations for what compliance with the legislation actually looks like, and clearer guidance around the practical steps businesses are being expected to take in order to ensure that compliance, there is less chance of falling foul of the powers that be. Of course this is as long as the necessary work streams are developed and maintained to ensure effective compliance measures are implemented, tested, monitored and subsequently evolved.
So why is it that many local businesses are still holding off updating their compliance frameworks, monitoring programmes and manuals? Part of the problem could be an element of ‘rabbits in the headlights’ – there is potentially a huge volume of work to be done and it can be hard to agree on where to start. But another significant issue is that a number of the underlying principles of the AML Handbook are actually dependent upon the latest iteration of Guernsey’s National Risk Assessment (NRA), which was due for release shortly after the final version of the AML Handbook. In fact, the AML Handbook directly references the NRA release date for certain compliance implementation timeframes. So it’s not ideal then that the NRA is, as yet, nowhere to be seen. ‘Early summer’ became ‘summer’, which has now become ‘late summer’… September is the latest ‘best guess’.
Perhaps even less ideal is the fact that the majority of local finance businesses have been holding back from undertaking regular reviews of their BRAs until the release of this NRA, for obvious reasons. So the likelihood is that we currently have a finance industry that’s behind the curve with regards to its current identification and assessment of macro risks. Despite rumours that the changes in the latest NRA are minimal when compared with the previous version, its release will without doubt be the trigger for finance businesses to finally undertake full reviews of their BRAs, incorporating into them a new understanding of the wider macro risks affecting the industry, and specifically our jurisdiction. The release of the NRA will also finally set the clock ticking within the compliance elements of these same businesses, with deadlines now suddenly set in stone, and this again will drive significant activity to ensure the necessary compliance activities are taking place.
There’s no question therefore that the next few months are going to be a busy time within the finance industry’s risk and compliance functions. And this is where we may be able to help.
Since the start of 2019 East Harbour has been assisting numerous businesses across a broad spectrum of specialisations with a Governance, Risk & Compliance (GRC) solution designed specifically to tackle these kinds of demands. Developed to work with any standard or bespoke risk methodology, and to facilitate compliance with international or internal standards, such as ISO 27001 Information Security Management, the solution has been built (and priced) to incorporate the needs of SMEs in addition to the more traditional Enterprise offerings. In addition, we have ensured an even better fit for the needs of local businesses by incorporating the AML Handbook and ISO 27001 as part of the standard installation. With a cloud based technical architecture, highly intuitive user interface and broad risk and compliance functionality it has received glowing feedback from fiduciaries, fund administrators, compliance consultants, IT service providers and legal teams alike.
So if your business is facing significant overhead from the ongoing changes within the local risk and compliance environment, please feel free to get in touch via email@example.com as we just might have the solution you need.