Summary of Fourth Directive Changes in the Crown Dependencies

Jersey, Guernsey and the Isle of Man are not members of the European Union and are not obligated to adopt the EU’s Fourth Anti-Money Laundering Directive as the UK has done with the Money Laundering Regulations 2017.

However, with close to 100 licensed banks, tens of thousands of regulated professionals and hundreds of billions of pounds in deposits and funds across the Crown Dependencies, complying with Financial Action Task Force (FATF) guidelines and implementing a international AML/CFT standards is a priority for the Bailiwick’s of Jersey, Guernsey, and the Isle of Man.

Jersey and Guernsey, in their 2017 answers to the European Parliament committee investigating the Panama Papers, have committed to reviewing the Fourth EU Money Laundering Directive “after it has been approved at all EU levels”. The Crown Dependencies are likely to implement such measures as other third countries.

Current AML legislation in each Crown Dependency

Isle of Man

  • Isle of Man Proceeds of Crime Act 2008
  • Anti-Money Laundering and Countering The Financing of Terrorism Code 2015
  • Beneficial Ownership Act 2017

Jersey

  • Money Laundering (Jersey) Order 2008
  • Criminal Justice (International Co-Operation) (Jersey) Law 2001
  • Proceeds of Crime (Jersey) Law 1999
  • Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008
  • Terrorism (Jersey) Law 2002
  • Terrorist Asset-Freezing (Jersey) Law 2011

Guernsey

  • Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law 1999
  • Disclosure (Bailiwick of Guernsey) Law 2007
  • Criminal Justice (Proceeds of Crime) (Legal Professionals, Accountants and Estate Agents) (Bailiwick of Guernsey) Regulations 2008
  • Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations, 2007
  • Terrorism and Crime (Bailiwick of Guernsey) Law 2002

The States of Guernsey published a consultation in June 2017 on Revisions to the Bailiwick’s AML/CFT Framework. Some of the proposals include a greater emphasis on risk, a new duty for specified businesses to understand, assess and mitigate money laundering risks, and a more comprehensive approach for occasional transactions.

The consultation seeks to expand the concept of additional customer due diligence (ACDD) separate to that of enhanced customer due diligence. ACDD would be automatically required for a number of high risk relationships including non-resident customers, private banking, or use of nominee shareholders.

The consultation also stipulates that businesses must have regard to the money laundering and terrorist financing National Risk Assessment, which is expected to be published at the same time that this draft legislation will be issued.

Key areas of difference with the Fourth Directive

The Crown Dependencies have often been far ahead of the rest of the world in terms of AML/CFT regulation, pioneering concepts such as the registers of beneficial ownership and a risk based approach to money laundering. As most EU member states have completed the transposition of the Fourth Money Laundering Directive (4MLD) into their national law, there are some key differences to be aware of.

Risk based approach

The AML/CTF rules of the Crown Dependencies have mandated a risk based approach to due diligence for a number of years. The Chief Minister of Jersey has taken the stance that Jersey already complies with the spirit of 4MLD due to this risk based approach. In general terms, 4MLD essentially mandates a risk based approach across the board, removing automatic exemptions for due diligence, third country white lists, instead requiring that all business relationships are subject to a risk assessment, with those judged to be high risk requiring further measures to mitigate the risk, such as enhanced due diligence.

Beneficial owners

Under 4MLD, corporates and other legal entities are required to maintain accurate and current information on their beneficial ownership which must be provided to the government. This data is then held by each member state in a central register of beneficial ownership that is accessible to banks, law firms and “any person or organisation that can demonstrate a legitimate interest”.

Jersey has long required beneficial ownership information to be obtained and held by its regulated trust and company service providers and by its company registrar in a central registry, the JFSC Companies Registry within the Financial Services Commission, which can be accessed by law enforcement and tax authorities.

Guernsey also has a long-standing beneficial ownership register along the lines of Jersey. Guernsey’s current consultation on revisions to its AML regime is considering extending the definition of beneficial owner to focus on ultimate beneficial ownership of the natural persons who exercise control over the entity.

The Isle of Man passed the Beneficial Ownership Act 2017, legislation which was developed in line with the Manx government’s commitment to the UK to enhance the sharing of information about beneficial ownership.

The Act defines a beneficial owner as a natural person who owns or controls more than 25% of a legal entity and requires their details to be submitted onto the Isle of Man Database of Beneficial Ownership, which went live on 1 July 2017.

The Act also requires every entity to which it applies to appoint a nominated officer who is resident on the Isle of Man and who is responsible for managing beneficial ownership information.

Politically Exposed Persons

A key feature of 4MLD is to consider domestic citizens, their families and close associates, as politically exposed persons, not just foreign citizens. However, the UK legislation recognises domestic PEP’s will likely present a lower risk.

Since the FATF recommended treating domestic PEP’s with the same scrutiny as foreign ones, a number of small jurisdictions such as the Crown Dependencies pointed out that to include family members and close associates of anyone in a position of public influence could end up including a sizeable chunk of the population.

To counter this, the Crown Dependencies have not adopted automatic enhanced due diligence to domestic PEP’s. Instead, the PEP status of a domestic client forms part of a risk assessment of such individuals.

However, the law in Jersey does not specifically define someone entrusted with a relevant domestic position as a politically exposed person. The Isle of Man does include domestic PEP’s and Guernsey’s draft 2017 money laundering law also extends PEP provisions to domestic PEP’s.

In Guernsey, PEP’s, once entrusted with a public function, maintain their status indefinitely. This extends to family members and close associates of a PEP even after they no longer hold a public function, or even after they have passed away. In the UK, a person loses their PEP status 12 months after ceasing to hold the position which made them a PEP in the first place.

Transaction limits

The Fourth Directive reduced the transaction limits where CDD is required from €15,000 to €10,000, and for casinos to €2,000 for a stake of collecting winnings. The Crown Dependencies have as yet not changed these limits.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.