Stephen Platt:

Welcome to the KYC360 AML Talk Show with me, Stephen Platt. Thank you very much for tuning in. Today, we’re going to be talking about the National Risk Assessment for Jersey, which was published on the 31st of September, just literally only a couple of weeks ago. You might ask yourself why are we examining the national risk assessment exercise for this particular jurisdiction and I think there are really three reasons for it. First, is that Jersey is a systemically important finance centre dealing with in excess of a trillion pounds worth of wealth. The second is that there is much to be learned by, I think both are the jurisdictions as well as businesses and AML professionals about the importance of national risk assessments and how they are conducted. The principles of an NRA are in many ways very similar to the principles of business risk assessment exercises. They require you to analyse threats, to consider vulnerabilities, to identify strengths, weaknesses and to consider how you could improve the way in which you engage as a jurisdiction in the fight against criminal money.

And thirdly, national risk assessment exercises clearly inform the future direction of travel for the jurisdictions to which they relate. So joining us from Jersey to discuss this really important topic are two guests. Now, George Pearmain, the Director of Financial Crime Strategy for the Government of Jersey and Louise Clayson, Detective Inspector and Head of Jersey’s Financial Intelligence Unit. I’m going to say a few words by way of introduction of them both.

George is a lawyer, a barrister as well as a Jersey advocate. He returned to Jersey to take up his current role in March 2020 after a period at The Secretariat to the financial action taskforce, obviously the global AML standard setting body.

George had previously advised the Government of Jersey on financial crime and financial services policy more generally leading the government’s work on the 2015 MONEYVAL report on Jersey and it’s probably important to note that Jersey did obtain one of the highest compliance levels globally at that time. He also appeared in front of the PANA committee of the European Parliament, which was set up to examine the Panama Papers. And he worked on a range of projects concerning financial service policy and anti-corruption. In his current role, George is also Head of Delegation to MONEYVAL for Jersey.

Louise Clayson has 19 years of law enforcement experience with a career spanning all areas from community policing to serious and complex crime on a domestic national and indeed international level. And in 2017, she was appointed as Head of the Financial Intelligence Unit for Jersey based within the Joint Financial Crime Unit, where she manages a team of intelligence, financial investigators and analysts who obviously receive, analyse and develop SAR intelligence. Jersey’s National Risk Assessment commenced in 2018 and Louise was the chairperson of the threat assessment working group. And finally, she attends Annual Egmont Group plenaries and is part of the information exchange working groups. So in George and Louise, we clearly have seasoned anti-financial crime experts and operatives at a state level. George, Louise, welcome. Thank you very much for taking the time to talk to us today.

George Pearmain:

Thanks, Stephen. Great to be here.

Stephen Platt:

Thank you. Now, what I’d like to do is I’d really just like  to kick off because I’m conscious that many of our listeners whilst being completely seized of the criticality of and detail of business risk assessment exercises and as it were operational risk management within their own organisations, they might not be as familiar with National Risk Assessment exercises at a jurisdictional level. So I want to start off if I may, by really analysing and discussing with you why national risk assessments matter. I mean, it’s a strange question, but what’s the point of these exercises?

George Pearmain:

Thanks very much Stephen for the question and thanks for inviting us on today. It’s great to be here. So NRAs are generally very strange beasts but they have now been in existence for a significant period of time. They arise from a FATF Recommendation, in fact, FATF Recommendation one, which requires countries at a national level to identify, assess and understand money laundering and terrorist financing risk and taking action to mitigate against those risks. And this is really the base of everything that the FATF does in terms of applying a risk-based approach to a standard setting. So the NRA or a good way to think about is, it’s the space level view at national level of risks that exist in the jurisdiction. And it can be viewed as that top layer on which everything below should fall under. And the reason it’s important is because in Jersey, our NRA will provide I suppose, the bedrock of further work that will be required in more detail done at both authority and industry level.

Particularly in Jersey, we have embedded into law that when conducting things such as business risk assessments, the entities who are subject to regulation in Jersey will have to consider the conclusions of the National Risk Assessment and then the subsequent assessments of other similar nature in revising and conducting those risk assessments. So it’s a very all encompassing document. Now, they’re not easy things to put together and hence that may be one of the reasons behind the period of time that it took for us to produce ours. But it really should be thought that kind of space level view as the starting point to understanding the risks that the jurisdiction faces.

Stephen Platt:

George, you describe it as a bedrock. I mean, essentially what you’re saying is that this is a national risk assessment exercise, if you like a foundation stone, for everything else that a jurisdiction does to combat money laundering. So if you haven’t got a solid NRA, if you haven’t got a really good understanding of what your vulnerabilities are, then clearly you’re not going to get the law right, you’re not going to get the policy response right, you’re not going to get the regulatory framework right. Is that essentially the point of the NRA?

George Pearmain:

Yeah, I think that is. It’s the base understanding of where the risks exist. And the important thing when doing that is to look at it using as reliable information as you can, so that you carry out that risk assessment accurately and with the most information you have. Then those risks that you face, you can adequately address.

Stephen Platt:

Okay. So, I mean, you alluded to the length of time that this exercise has taken and in my intro of Louise, I referenced that this kicked off as an exercise in 2018. How did you marshal and conduct the NRA exercise? Could you give our listeners a sense of just what’s involved in completing an exercise of this type successfully?

George Pearmain:

Sure. So I’ll start by talking about the kind of coordination exercise across the piece and then may pass over to Louise, just to talk about some of the work that they did in the FIU side on data gathering. So in respect of the marshalling together, in Jersey, we used a methodology that’s been designed by the World Bank. And that was done very deliberately because it was being commonly used by jurisdictions around the world and it would be a base measure on which to conduct a reasonable NRA exercise. Now that calls for significant engagement between all the authorities and the industry in working together to reach conclusions on risk. And that means the coordination exercise is significant. So in 2017, we first appointed a coordinator for that here in Jersey. And in 2018 and ’19, we started bringing together working groups that discussed at authority level national threat, which Louise lead, and then national vulnerability, which we’ll come on to talk about in due course. And then we put together 12 working groups that focus on the sectors.

And the critical thing with that is that in Jersey, our finance industry is very varied in terms of what it does. But the sectors particularly do a large number of things inside them. So if we talk about the variance in for example, the TCSP sector or the fund sector, it’s significant and therefore getting representatives on those groups in order to feed in a reasonable view to supplement, I suppose, quantitative data that we already had was really important. And those groups worked through about a year to a year and a half worth of analysis, which we use the World Bank experts as well to stress test against, and they really reached the conclusions that are called for by the World Bank tool and are written up in the report. Now, Louise may wish to come in to say a bit more about what was done from the authority side, particularly around data collection so that we could have reliable data for the threat module amongst other things, Louise.

Louise Clayson:

Yes. Thank you, George and good afternoon, Stephen. Thank you for your invite. So as a Chairperson of the Threat Group, one of the biggest tasks that we had in this area was the collection of data. Each of the authorities here in Jersey collect data in their own way. So for example, the Jersey Police would collect data based on home office counting rules, for crime recording in relation to the FIU, we collect data in relation to SAR activity from the industry, and so on and so forth. So it became very apparent early on that we had different sets of data that were recorded in different ways. So one of the biggest challenges was to collate that data into something that was meaningful and representative of the questions and the methodology that the World Bank were asking us to look upon within the risk assessment, in order to deliver the outcomes which the methodology was designed to do.

So that initially was quite a significant challenge. So that’s aside from then having collated the data, that was then as I said, fed into the World Bank methodology. And it gave us certain outcomes and in particular to, as George referred, to the sectors. And you mentioned that TCSP. We would look at the data that we have collected at an authority level, and based up on other data that was coming in, in relation to total assets under management for example, beneficial owners and controllers and under the data sources. And that allowed us then to make that assessment of threat based on the data available. We then produced charts in relation to this and had meetings with the chair people of those sector groups to discuss the outcomes that we had found.

So it was a very much a collaborative approach. We kept the sector groups up to date with our ratings and it was discussed. And this is how we were able to pull the data together. But like you said, where we had gaps, we had to look at more source data in relation to our own domestic SAR reporting. We looked at information that we’re receiving on an international level about threats that were being identified on a cross border nature. So being the first National Risk Assessment that we’ve done, which certainly upon reflection, it’s made us look at how we record our data. And certainly, one of the actions going forward is to perhaps be more collective about that and have it recorded in the same way. So when we repeat this exercise on a more regular basis, that data is more easily to hand.

Stephen Platt:

Okay. Now, George, you said that there were 12 working or sector groups. What data did you require from license holders in Jersey as part of the data collection for this exercise and how, if at all, did you go about validating that?

George Pearmain:

So the sector groups. The predominant industry data that we collected was over two years and we did that through a specific data collection through the supervisor. And that was enhancing data that we may already have about the underlying activities of those industries, but this was more specifically focused on money laundering risk. So the data that we were looking at would for example, contain information on the types of structures that were administered, the jurisdictions with which there were links, assets and the management and so forth in order to give us more of a flavour of the type of activity that was occurring in the industry. Now, that was then combined with data that we already had at the authority level, particularly for example, data that was held on Jersey companies, which for example, are held in our long standing beneficial ownership database and for example, information that the supervisor had on entities in relation to their supervision that had occurred.

And that information was put into data packs and discussed by the working groups. It was the working groups who went through the conclusions and effectively validated them to take the view at the end. That seemed to be a reasonable representation of what they were seeing on the ground. That validation was important because if we come right back to the purpose of the National Risk Assessment, and again, the FATF standard, it’s about reaching an understanding of what that risk is. The understanding can’t be in the authorities alone, it has to be a cumulative understanding between the authorities and the industry. And that’s something in Jersey that we certainly believe in many of our sectors has been that cumulative effort for many years. But this allowed us to further that, to develop it and then more over to really pinpoint ways in which we can even further develop that understanding in the future.

Stephen Platt:

I see. That’s very interesting. Now, you mentioned in a previous answer that you had decided as an Island to go with the World Bank NRA methodology. I’m aware of, obviously, there is an alternative methodology, which is the IMS, which are, I believe, the close Island of Guernsey when it followed its NRA exercise, it adopted the IMF model. I think probably a lot of listeners will be puzzled as to why Jersey went with the World Bank methodology and Guernsey went with the IMF methodology. Why did you make that choice?

George Pearmain:

So I think where we are with the methodologies is that we very much felt that the World Bank methodology presented us with a series of tools that you can use to better understand your risk understanding. And that was more akin to what the FATF requirement needed. And we very much wanted to develop that risk understanding on that cumulative basis. So using the tools for that in the Island with our domestic authorities and the industry with the World Bank staff being there to really stress test and to provide us with guidance was the route we wanted to take. Because we see these tools as, whilst it’s described as the methodology and tools, it really just provides a series of control variables at a series of spreadsheets, which use algorithms, which you can then adapt to your own interests in the jurisdiction and that should be clear.

We did adapt it significantly because the structure of an International Finance Centre is not the same as for example, a large onshore jurisdiction such as the UK or France or Germany or the United States. We had to use specific areas in which to stress test that. Now the other reason for doing this was really around ensuring that we had a methodology that had been used by other jurisdictions and that we could go out to the international community to say we’ve used something that’s been well adopted by others and I believe the World Bank methodology is now been rolled out by well over 100 countries around the world, including a number of IFCs. And that would be something we could rely back on in order to ensure the methodology was strong and that we started from a good and reliable starting point.

I think the other point to mention here is about integrity, and it’s often assumed wrongly internationally that the finance centres are not interested in identifying the criminality that occurs here. In Jersey, the truth couldn’t be further from that. Well, actually we’ve spent many years trying to look at understanding how finance centres could be exposed and ensuring that we were able to look at these with world-leading expertise in this area, particularly also noting that the World Bank had done specific work in their publications around the Puppet Masters on complex structures. We knew that we were able to rely upon that expertise and that independent stress testing to ensure the integrity of the work.

Stephen Platt:

I mean, I’m pleased you raised the, I think, understandable scepticism that continues to be expressed in certain quarters about the motivation of IFCs to combat money laundering. I mean, critics might say that NRA exercises are just self-serving exercises that help jurisdictions like Jersey to market themselves or to at the very least to sway the criticism that’s continually levelled at them. And as they are essentially exercises in which jurisdictions are, they are marking their own homework, how do you maintain their integrity? I mean, how do you answer that scepticism?

George Pearmain:

So I’ve touched on the use of the experts from the World Bank, but I think I should also touch on some other things that we’ve done. I mean, it’s evident from looking at the report that you can see that there are a number of areas where our scores were not exemplary. And that’s because we approached this in a way in which we knew that there were things that we were doing well, but other areas where there were improvements needed. And we knew that it was only by approaching it with that route that we would get an action plan that would deliver significant change in the jurisdiction. And that I think would be the route where we would achieve the most in order to protect the Island from an asset finance.

We also used some further stress testing across the way. I mean, we engaged in academic experts as well, Professor Bill Gilmore, who is at the University of Edinburgh and is a world leading expert on illicit finance and the sanctions evasion. And Bill was available to work with the groups and provided that independent view, including typologies, which exist from academic research, so things that go well beyond our shores to ensure that we were truly thinking in a wide range.

The other point that’s worth mentioning is we were fortunate and we have a number of people involved with this here because of Jersey’s commitment to MONEYVAL now for many, many years. We’ve been involved in the assessments of other jurisdictions. We have about four trained MONEYVAL assessors, including myself here who have looked after other jurisdictions and we regularly review reports of the jurisdictions. And in that, we’re able to understand how the international community look at risk. And it’s important I think to ensure that that international perspective is brought back locally and we’re comparing ourselves to what’s done elsewhere. And so I think that was a good baseline for understanding the integrity of the exercise.

Stephen Platt:

I mean, it’s an interesting answer and it’s compelling I think. But you play an aid of the integrity of the process, the involvement of external experts, what was the nature of the role that they played? Were they there as if they were guiding you in the manner in which you should then follow the NRA exercise or were they actually engaged in a form of evaluation if you like of the data?

George Pearmain:

So I think it’s important to say they never reached a conclusion for us. Those were all reached together with the groups. Louise, would you like to focus slightly on what went on in terms of reaching conclusions? I think your group particularly when it was reaching conclusions, it was done in a specific way.

Louise Clayson:

So in terms of, if I could touch briefly on the integrity, it was very important that we sought feedback from international partners as well. So part of the exercise, which is very similar to before a country goes to their mutual evaluation, is that often jurisdictions have sent surveys for feedback. And that was one area where we felt would be most useful to us as well to reach out to jurisdictions to obtain that critical feedback. So despite how well we thought we were doing, it’s always important to get the perspective from somebody that you deal with on an international level and take that into consideration.

So that was one element that was very useful in this exercise. And we did have some cooperation from our international partners with that feedback. In terms of having the experts present during some of the working group meetings, it helped to introduce topics or areas where perhaps we hadn’t first identified, that were areas that we needed to focus on, and having sort of that independent support through that process certainly helped us to focus on areas where we perhaps needed to do more in depth analysis in certain areas. So yes, extremely helpful and certainly help with putting together the conclusions and the outcomes that we were satisfied for the submission of the report.

Stephen Platt:

I mean, I’m really interested in the point that you make there, which is that you synthesised into this assessment, the feedback, the information that you were able to obtain from international partners. Just picking up on that, I mean, there is as we would all appreciate, there’s a world of difference between perceptions of risk and the hard data. I mean, look at what’s going on in the world at the moment in relation to COVID and what is driving certain policy decisions in relation to it. Are they perceptions of the risk? Is it hard data? And how is it that you were able to, as it were, satisfy yourself that you were basing this assessment on the data as opposed to perceptions which might have been as it were well off being?

Louise Clayson:

So, yes, that’s a good question, Stephen. And that was the importance of having a variation of people from, particularly my group across the authorities level because the data that we had and the data that we were using could tell a story either way. And it was important to have the right people there present to interpret the data to make sure that we were using it in the right way. And when we talk about feedback from other jurisdictions, what their perception of risk that Jersey may post or likewise our view of what risk or threats they may post. It’s important to rely on what we know.

But as we went through the exercise, there were areas where we still have gaps to an element that we had to use professional judgment from experts within their field to say, does this look right? Does the data tell us the story here or is there further in depth analysis and certain areas that we need? We all agree that, yes, it was representative of the data, but yes, being our first risk assessment, it’s certainly, for future, for risk, it’s definitely an area where we know that there should be deeper analysis in some of the areas and that’s born out by the action plan from the risk assessment.

Stephen Platt:

Okay. Got it. Okay, now, so that’s, I think, some really interesting background for our listeners on what an NRA is and what the methodology involved in completing the exercise successfully was. Before you can assess the risks, obviously you’ve got to start by really understanding the threats which are obviously evolving all the time. I mean, just as for businesses so it’s the same for jurisdictions in the sense that this challenge of combating financial crime is an infinite challenge for which we’ve only ever got finite resources. And that’s true at an organisational level, it’s also true at a jurisdictional level, particularly so perhaps for smaller IFCs that don’t have necessarily the where with all the resources to combat it in quite the same way as larger, more powerful onshore economies. So just, I want to get into the detail about how you go about the threat assessment. I mean, how did you analyse the nature of the threats that the Island faces?

Louise Clayson:

So in relation to the threat analysis, we looked at a couple of areas. So in relation to cross border activity. So where is the threats in relation to cross board activity? Where in relation to threats are we in terms of identifying specific countries which could pose a threat? So that was the starting point really. The World Bank methodology lent itself for using the data that we had available in order to formulate that risk assessment based on the threats that we identified. So we used a lot of SAR intelligence data during this period, which was collected over a five year period from 2013 to 2017, which really helps us with this.

It looked at where the threat was coming from specifically, what products or services maybe at risk at being used in relation to that criminality, who were their staff subjects? Where did they live? Were there any PEPs involved? So, looking back at the data that we have it was very useful to add in that additional intelligence element to it, to paint that picture because we did have a lack of other data which could be used to show for example, the number of prosecutions we may have had in this area. So it was important for us going forward when they were looking at threats to make sure that we had a good basis for making and suggesting what the outcomes were.

Stephen Platt:

One of my big issues with the whole war on criminal money and financial crime is this, that there is way too much emphasis on the vulnerability of jurisdictions and organisations to laundering money, and not enough emphasis on their vulnerability to exploitation in the facilitation of predicate crimes. Jurisdictions like Jersey in common with many other IFCs around the world has been used in numerous examples, for example of, the facilitation of corruption with bribe payments having been made through vehicles administered and banked within the jurisdiction, to what extent in your threat analysis were you concerned to understand the vulnerability of the Island not just to the laundering of the proceeds of those crimes, but also to the facilitation of those predicate crimes themselves?

Louise Clayson:

So as part of the threat assessment, that’s something that we looked at, what was our information telling us? And as an IFC, we’re not always getting the full picture, we may not be getting the important information at the beginning of a transaction, nor what happens at the end, we will only be seeing a very small snapshot of what’s occurring in the middle. So it was important to look at what that information was telling us. And if there were any areas where we could identify where there’s been some facilitation of money laundering, then we needed to look into more details as to how has that happened, who was involved, et cetera et cetera . So it was taken into consideration with the information that we had available to us at the time.

Stephen Platt:

I see. I mean, George, have you got anything to add to the question about the assessment of the vulnerability of the Island to facilitation of underlying criminality itself, as well as, its vulnerability to the laundering of the proceeds of those crimes?

George Pearmain:

So yeah, I think Louise’s outlined that very clearly what we did, but there is in the report in the threat section, a very clear outline of a number of cases dealing with predicate crimes ranging from corruption, to fraud, to insider dealing, to bribery, to tax orientated matters with a variety of jurisdictions around the world. And it did indicate that there were funds that had found their way to Jersey. Now, that clearly indicates that the threat is very present. Now, the difficulty that arises there, is whether or not the mechanisms that we have in place are suitable to identify that and to take action. And I think it’s fair to say that when we’re talking about vulnerabilities at a national level, we found that there were vulnerabilities there.

And those are things that we’ve now prioritised to address. So that’s in the area of both identification of cases, and then investigating them through to achieving a prosecution, and that’s very difficult. So that’s an area that we’re looking at both from a policy standpoint, and through the use of new resources, be that through human resources or technology, to enhance the ability to identify where the Island may be useful facilitation. And if it is being used the facilitation, to bring those cases to court, and to look to tighten up regulatory controls, so that those loopholes can’t be exploited in the future. I think we’ve been fairly honest in the risk, in the threat assessment where that’s well been identified.

Stephen Platt:

I see and pick picking up on the point that you make there George about technology, one of the really interesting points that I noted when I read the NRA report, was that it appears to, as it would relate to the position from 2013 to 2018, which I think effectively means that it’s an assessment of the position the Island was in, as it were two years ago. And it’s therefore a little bit out of date. Now, why is that? Does that speak to the absence of no real time data analytical capability and a need for new forms of technology? Is that is the reason for that?

George Pearmain:

So I think you touched on a good point there which is a point that is completely not unique to Jersey, it’s being faced by jurisdictions around the world. And maybe as a smaller jurisdiction, we actually find ourselves in a better place to deal with this. This is an area where if you can get in data on a more reactive basis, the chances of you both being able to react to it and both to analyse it and to react to it quickly is more likely. We’ve been seeing that in a number of areas. So I think it’s fair to say that over the last three years, we’ve been significantly updating the ability to understand what’s going on in relation to the companies that are administered here in Jersey, the Jersey companies, by introducing direct API’s into our company registry.

But that I think, is only the start, the supervisor is doing a series of work in order to develop its own risk-based approach to supervision, which will also include data in order to deal with reactive supervision areas. But then there’s the bigger piece about using the technology that’s available now to link that all together. Really, when we think about how these data sources would come together to bring a case together, you’re likely to have information coming in through law enforcement through requests for assistance or alternatively, going into law enforcement via SARS. You will also have it through legal channels, through MLA requests. And then you’ll also have information on the ground from the supervisor or from the company’s registry. Bringing that all together, it is really the aim of creating that kind of golden thread that can indicate red flag indicators, where they exist.

And that’s something that we definitely identified needs to be worked on. So first, it’s about having the ability to get that real-time data, and then how to use it. In terms of data collection, because I think it’s important that I address it, because it’s been a long term concern for the industry, we are trying to get to a stage where we stabilise data collection. We’re working off a principle here where we only take in data that we need and that we will use. Now that’s going to involve particularly here because it led to a major conclusion of the NRA, that we needed to review that again, and really in 2021, to come to a stable approach of how we get the data in, and then to make sure that data can be used effectively. So it is a major factor and I think we’re at a stage now where technology can really help us in that area.

Stephen Platt:

I see. Now, one of the things that puzzles me slightly about national risk assessment exercises for IFCs in particular, is that many of the entities that are administered by license holders within them are in fact, incorporated in other jurisdictions or owned by entities in other jurisdictions, or have subsidiaries in other jurisdictions, many of which have no transparency. So it’s not for nothing, right, that there are over a million companies on the BVI registry in contrast, for example, to the Jersey registry where there are many, many less, fewer than that. Now, we can debate why that is, it’s probably because the BBI, historically has offered much lower levels of transparency, which is why it’s been able to attract more business. Now, how is it you’re able to assess the vulnerability of a jurisdiction like Jersey, when so many of the entities that are being administered here or managed and controlled here, are connected to jurisdictions that have lower standards or levels of transparency?

George Pearmain:

So I think it’s a good point to raise, Stephen and the reason it’s good is because there is a third of forthcoming piece of work, which is required by the FATF recommendations on a risk assessment for legal persons. And that’s something that we are going to be doing over the course of the next six to 12 months and we’ve already started on it. In terms of the interrelation with other countries, Louise mentioned the cross-border threat assessment, and I think it’s important to come back to that. The cross-border assessment, we didn’t just use the normal World Bank model, we also looked at the fact that Jersey as an International Finance Centre, may be receiving funds from entrepreneur countries which almost threw fairs for structuring. And so we looked at those in terms of the risks that we face from other finance centres as well, and that included using data in relation to transparency from those jurisdictions.

So it definitely was factored in. I think the other thing that’s important to note is that a positive from the NRA was that actually in the sector that administers most of these and TCSP the knowledge of the CDD requirements is actually very high, and the CDD application tends to be good in these areas. What we have built over the years, a very strong and an agile compliance sector in the TCSP sector when administering those complex Wealth Management Structures. So that’s definitely being factored in.

Stephen Platt:

Okay, really, really, really interesting. Now, what I’d like to move on to now, is residual risks. The three highest risk areas that were identified in Jersey were banking funds and trust and corporate service provider businesses. Now, what was that expected? And how has that conclusion or finding being received by each of those sectors?

George Pearmain:

Yes, thanks, Stephen. I think you’re right to start with that point, I should say that as authorities, we were unsurprised at the conclusion that was reached in relation to those sectors and it broadly matched our understanding and also matched the understanding that has existed in other NRAs published in the finance sectors. So to take those one by one. Banking is very clear in the NRA, and the risks exists due to common concerns. So the current concerns that there were related there was in relation to areas such as tax evasion and perhaps, but the data that we use was able to indicate that that in terms of those areas, it was more managed now and that’s probably unsurprising given that when you look at the sectoral analysis of vulnerabilities, the scores in the banking sector are very good. And that’s probably because the banking sector has been subject to regulation for a significant greater period of time, and has as generally achieved far more in terms of those areas than other sectors.

The big split which is not differentiated in the conclusions paragraph, but clearly is differentiation in the text is that the risk of corporate banking is significantly higher due to the ability to obscure the UBS controllers, and retail was significantly lower. That is, I suppose, an unsurprising conclusion. TCSPs is very difficult, I think we always concluded that TCSP was likely to conclude with the highest residual risk sector, however, that the real difficulty we found that was the variance of activity that’s conducted by TCSPs is here in Jersey. That can vary hugely from normal Wealth Management arrangements through to trust structures, through to company administration across the range of different activities. And depending on what the activities were, the threats and the vulnerabilities changed, which meant forming a residual risk profile for the entire TCSP sector was challenging. However, it was definitely felt in terms of the threat. Considering the things that are predominantly present in the TCSP sector, namely the number of PEPS, the number of complex structures, this was a rating that was understandable. Also, considering the value and size of the sector in Jersey, it was unsurprising to have the conclusion.

And on the final sector that you mentioned, as well, that the funds sector, this has probably been the most complex one to analyse, and maybe also the area where more work needs to be done globally. The security sector, particularly the security sector outside of a more common institutional sifts or pension funds is generally deemed by the likes of the FATF and others in terms of their risk indicators, to have higher risk indicators because of the complexity of structures, high net worth individual exposure, international transactions, and these are areas that in the Jersey regime are clearly present. It’s also an area where I think the understanding generally worldwide of how criminals can use those structures to lure their ill gotten gains, needs more understanding. So that’s something we’re entirely committed to.

It’s been more challenging in those areas, I think to reach agreement on where the risks lie, but the really good thing in the area is that there is a willingness to want to understand why the risks are deemed as higher to mitigate them. In doing that, we’ve been looking as well as other partners such as the conclusions and reports of Luxembourg or Hong Kong or the Cayman Islands, and it’s clear that the risk ratings are similar. Indeed, across in Guernsey, the risk rating was similar, although in their area maybe slightly lower due to the more institutional nature of facts. So generally, it’s gone well in terms of an initial outline and the conclusions are understood by industry, which is exactly what the recommendation calls for. But I think, like with any risk assessment, the inevitable outcome is more risk assessment. And that will further develop those understandings in more detail.

Stephen Platt:

That’s very interesting, I mean, my own experience of working with different sectors in industry is that perhaps the understanding or appreciation of the funds industry have its own vulnerability to criminal exploitation is not quite as well honed, if I can put it that way as it is in the banking sector, or in the trust and corporate services sector. I mean, many, many times people within the finance sector have responded to me by saying, Well, it’s frankly, it’s just not a threat for us here, people don’t launder money through collective investment vehicles. And in fairness to that sector, not a lot of emphasis, or indeed educational material, has historically been put out on the way in which criminals to exploit those types of structure. But, you and I both know that they are vulnerable and I was very interested to see that Jersey recognise that. And hence, the reason I asked the question about how that’s been received, not just by that sector, but by all of the sectors that were regarded as being of higher risk.

I think it’s something that speaks to the integrity of the process, which is what we discussed earlier in the conversation. Now, we’re focusing on … Now if we can, I’m just conscious of time, on the identified as it were vulnerabilities, the conclusions of the NRA exercise in many ways, there were two areas where the Island didn’t score particularly well. The first was on the quality of its AML policy and strategy, which scored 0.4. And I have to say, that surprised me a little bit, because just speaking for myself, I’ve worked in jurisdictions, all over the world, both on and offshore. And I’ve seen many, many jurisdictions frankly that have not got their act together, to anywhere near the extent that Jersey has from an AML policy perspective. So I’m intrigued to know why it is that the Islands scored only a 0.4 there.

George Pearmain:

So I’ll try and deal with it quite quickly stating if I can. So I think there are kind of three areas that we can identify. The first was it was in relation to whilst we had a commitment to the political commitment and a policy commitment to combating money laundering and financing of terrorism, we didn’t have a structure whereby we could adapt to just frankly very changing nature of international environment fast enough. We now do have that in place in terms of a clear political steering group, in relation to this area. And that’s linked as well with a number of policy groups, which looks to develop policy very quickly based on the changes and the prime example of that is the immediate change in the virtual asset space, which occurred in the last few years.

And as the FATF have brought those into regulation, were able to react far faster to that, and indeed, we’ll be conducting a risk assessment on virtual assets and bringing in place a new regime on that in 2021. The other area where we haven’t done is doing a risk assessment alone is the first stage to setting policy on a risk basis. So this exercise in itself will automatically increase the policy ability there. And thirdly, it really is in the area of I suppose policy development, having the resources to both develop and react to things that occur on the international stage, to bring them back to domestic legislation and domestic regime and continuing to develop things in a proactive basis.

I mean, the FATF meeting and the Egmont meetings are getting more and not less, and the threats from criminals around the world, most notably recently, in relation to COVID threats, we’re seeing papers now being put out on how criminals are taking advantage of the medical and social crisis that is existing out of COVID. I think committing financial crime means that the reaction is necessary and that just requires resources on the ground which we’ve done a lot to address since the time.

Stephen Platt:

I see, I see. That’s very interesting. I mean, I guess you would say that if you were conducting the assessment, as against the position in Jersey now, as opposed to as it was in 2018, the Island would score higher than 0.4.

George Pearmain:

Yeah, I think that’s fair. And I think that our aim will be to do a very quick update on this in 2021, moving to a process of dynamically updating risk assessment, and that will show that in terms of national vulnerabilities. The same is very much true in respect to the FIU, which I suspect will be your next question to Louise.

Stephen Platt:

Yeah, I am going to come on to that. You talk about dynamic risk assessment, we see license holders, we see businesses moving to embrace innovations, which enable them to conduct dynamic risk assessments of customer relationships or groups of customer relationships, or indeed, their entire customer base. It’s important, isn’t it that jurisdictions, and in particular sort of key state level stakeholders within those jurisdictions are able to demonstrate that they’re able to do the same thing. I think a lot of listeners will be intrigued disappointed to hear that, that real time as it were data analytical capability is not something that jurisdictions like Jersey have, and Jersey is clearly not alone in that regard. I think it’s the same everywhere.

But nevertheless, it doesn’t take anything away from the point that, if we’re going to be really serious about combating this threat, we’ve got to embrace, we’ve got to get to a position in which we’ve got much, much more rapid data analytical capabilities. Would you agree?

George Pearmain:

Yeah, I think that’s right. I would say that I think we’re only starting to see in my experience in the last kind of 12 to 18 months, jurisdictions having that high level data driven view of what real time risk is. And it’s a real opportunity to use technology to manage the risk here, particularly in an International Finance Centre environment, where the risks are varied and significant, if you can use technology to simplify that, and where risk can change by a daily if not even hourly basis on an institution that is really, really useful. And indeed, the successful reviews that you see coming out of the FATF, and FATF regional style bodies when they really applied a risk based approach. It’s noticeable difference if you can mitigate according with the risk. So this is why these exercises are so important.

Stephen Platt:

Yeah, so Louise, I guess this is a question for you. The second area, obviously, where the Island didn’t score terribly well, again, giving itself a 0.4 score was on the quality of FIU intelligence gathering and processing, which I have to say again, surprised me accepting, of course, that this relates back to the position in 2018, and it may well have changed since then. But even before 2018, Jersey had from the best of my recollection, some quite notable successes in pursuing financial crime and prosecuting it successfully. So why is it that the Island scored itself 0.4 on that heading?

Louise Clayson:

Well, it’s important, Stephen to be open and transparent throughout this process and that’s the approach that was taken, particularly in relation to the vulnerabilities around the FIU and it’s represented of a moment in time. So we’re talking from 2013 into 2017. It was looking back at what we actually did with the information that we have. The quality that we were receiving from industry, what we were doing with that information, and where we have effected as we could possibly be by identifying local money laundering cases, or predicate crime that was occurring locally and what we were doing with that information in order to allow investigation teams to investigate the crime effectively and for those crimes to be prosecuted. Looking back over that period of time, we recognise that we weren’t as effective as we could have been. Now bearing in mind when we have our next MONEYVAL assessment, effectiveness is one of the key areas that we are going to be sort of marked against.

So it was important in 2018, that we started to look at where we had been and what our position had been, and how we were able to improve that in preparation of our next MONEYVAL visit. So it is a reflection of a point in time where we felt that we perhaps didn’t exploit the opportunities that we could have done. But moving forward more positively, since 2018, we have had uplifting resources, which was provided by the government uplift, we have increased training, we’ve changed the dynamic of the FIU, so historically during that period, the FIU was predominantly ex-law enforcement investigators that made up the team. We now have a team which has almost doubled in size, since that period, where we have a cross section of intelligence investigators, both from the regulator, from the private industry, and we still have some law enforcement. So we have a much better model that we had previously. With that uplift we’re able to invest in training and that’s training of analysts, training of our investigators, and changes in processes and procedures.

We have much more sort of multi-agency join up here as a jurisdiction, we have several groups that meet on a regular basis, in order to look at the material that we have to look at the cases that we can progress more expeditiously to fulfil our obligations and to mitigate that threat that we see coming in. This is done on a daily basis. So we’ve recognised that we weren’t as good as we should have been during the period of time, but we’ve certainly made huge steps in those improvements and I’m confident that, we were to re-run the risk assessment that, yeah we would certainly be much higher than a 0.4.

Stephen Platt:

I see. Very interesting. Now, look, as all of our listeners will know, at an organisational level, they’re obliged to treat their business risk assessment really as a sort of living breathing organism. It’s something that you’ve got to continually consider analyse, keep up to date. In the same way, is Jersey in common with other jurisdictions that subject themselves to this? Is Jersey going to be obliged to keep this NRA up to date? And if so, how’s it going to do that?

George Pearmain:

So it’s a good question, Stephen and it’s something we’ve been thinking about significantly. So we’re putting in place a new structure before the end of the year, which will look to update with the industry and take forward the 200 or so granular actions from the first risk assessment in order to keep that process dynamic. And there’ll be a number of groups on there, that will be standing groups, and a number that will meet on a more ad hoc basis. The aim will be to be further developing that understanding of risk and putting out there further documents. So in terms of obvious deliverables that are going to come out of this for the AML industry, we are going to be producing, certainly at country risk assessments of the top cross border jurisdictions with which we found in a threat module presented the greatest threat. We’ll be producing further guidance in relation to PEPS and complex structures in the TCSP sector. And we’ll be looking in further detail into the understanding of funds, money laundering risk, which is something that we’ve acknowledged for some time and we’ve discussed today needs to be done.

So that will all be work that goes forward and feeds into that greater risk assessment area. The other thing that’s worth saying is that the risk assessment at the moment has not covered terrorist financing. That’s very deliberate. The reason is we’ve taken that separately and next year we’ll be publishing the terrorist financing part of the risk assessment. The reason we’ve done that is because terrorist financing risk indicators are very different from money laundering risk indicators, we wanted to do some more work to further develop that in an IFC context. Particularly where you have a large company registration community and the work you do as an IFC, the assessment of TF risk is not the same as many other jurisdictions.

We’re further developing that and working with partners in other smaller IFC jurisdictions to move that forward. So there’s an ongoing stream of work, which as I said at the beginning, the only sure answer of risk assessments is probably more risk assessments will become true, whether people maybe like it or not.

Stephen Platt:

I see very, very interesting. Well, look, we could carry on talking about this for considerably longer, but I’m very conscious that we’re up to our time limit. So I’m going to draw stumps at this stage and I want to thank you both Georgia, Louise on behalf of all of our listeners and KYC360 members for taking the time to share your NRA experience and indeed thoughts with us. I speaking only for myself, think that you display the level of technical knowledge and sophistication about the threat, the vulnerabilities that frankly gives the light to much of the criticism that is levelled at Jersey and places like it and its approach to financial crime. I found it to be very illuminating and really quite refreshing, so thank you.

Now if you’d like to learn more about the Jersey’s National Risk Assessment exercise, then you can download a copy of that document from the States of Jersey website. And it is a genuinely interesting read which I hope will inform not only businesses, but also other jurisdictions who are perhaps less mature in their approach to tackling financial crime. This recording will be available as a podcast on KYC360 and many other platforms from tomorrow, but for now stay well and thank you again for the privilege of your time.