Sarah Valerkou
Client Director | Consulting
Jersey
Client Director
Jersey
No Content Set
Exception:
Website.Models.ViewModels.Components.General.Banners.BannerComponentVm
We often hear of the importance of being open and cooperative when engaging with the regulator, but what does this mean if you are supervised by the Jersey Financial Services Commission (JFSC)?
Working from home during the pandemic, we were probably all guilty, on at least one occasion, of being immaculately presented from the waist up during a zoom call whilst being bedecked in our comfy loungewear below the desk.
In this age of technology and social media, a tension exists between aligning our digital and real-world self. Our digital self is a filtered, polished version of our real-world self. It is of course natural to want to present the best version of ourselves to an external audience and we do so in all manner of engagements in business and social settings. However, polish will only take us so far in relationships, as trust is built on authenticity and open dialogue.
The same is true of the regulatory relationship. Any engagement or interaction with the JFSC presents an opportunity to create an impression, and build trust and credibility. For the regulator, each interaction provides a window into the culture of your firm.
It is therefore critical to have a well thought out strategy for all regulatory engagement and to use it as an opportunity to present the best version of your organisation. The time invested in good quality engagement will help build trust, establish credibility and potentially pay dividends during periods of more intense scrutiny.
The JFSC's expectation about engagement is clear. Underpinning all interaction with the regulator is Principle 6 of the Codes of Practice (COP) – the requirement to deal with the JFSC in an open (transparent) and cooperative manner.
transparent /tranˈsparənt,trɑːnˈsparənt/ adjective: quality of acting in an open way so that people can trust you are fair, honest and open to scrutiny |
cooperative /kəʊˈɒp(ə)rətɪv/ adjective : acting or working together for a particular purpose, to be helpful by doing what someone asks you to do |
So how do you achieve transparent and cooperative engagement in practice?
All supervised persons are required to interact with and provide information to the JFSC on a periodic or ad hoc basis. These regulatory touchpoints include the following three broad categories:
1. Provision of information
Information requested prior to supervisor led periodic assessments– for example AML/CFT/CPF or Enterprise Wide Risk Assessments, and Compliance Monitoring Plans
AML/CFT/CPF and supervisory data collection
Submission of financial statements
Ad hoc requests, for example sanctions information
Following notification of examination
2. Mandatory notifications
3. 'Material' notifications
Notification requirements under AML/CFT/CPF COP 2.3(18) and Principle 6 of each relevant COP to notify the JFSC, in writing of material issues.
It is a matter of judgement for a supervised person to assess whether the duty to notify the regulator has been engaged.
Engagement in respect of the first two categories is potentially easier than the third. Planning and preparation are key in all scenarios; the aim is to get it right the first time. Effective engagement will result in both parties being satisfied. Whilst the regulator may have some follow up questions, you do not want to be in the position where you are being asked the same thing twice.
To achieve this, you need to make sure your information is:
Complete
Understand what is being asked of you and respond directly to the brief. If you are unclear, engage with your supervisor for clarification.
Provide all information, in the format requested. Let the JFSC know if you are missing some information and explain the reason.
Keep an active eye on the JFSC website and maintain a calendar of key regulatory dates.
Accurate
Review, verify and perform quality assurance on the data and information
Ensure that you have a robust governance process around all regulatory engagement. As most interaction is in written form, ensure a thorough review process, from both a technical and editorial perspective
Obtain approval - as responsibility for the provision of information ultimately falls on the board/senior management, obtain agreement and approval in accordance with your internal governance process
Timely
Engage early with your supervisor if any of the prescribed dates are unachievable, providing a clear rationale and request an extension. The expectation is that information should be accessible, however it is understood, that in rare circumstances more time may be required
Allocate and schedule the time required to extract data, analyse information and formulate the response
Assign responsibility to a member of the board/senior management who will oversee the exercise and monitor progress through to conclusion
Engage early with other stakeholders on whom you are reliant to deliver data
Learn lessons and improve the process for the next submission
Where you follow the tips listed above and provide all required information and notifications in the first two scenarios, you should expect routine interactions with the JFSC to be positive.
Any issue requiring notification under the third category is likely to be a deficiency identified in relation to systems and controls, that constitutes a breach of a regulatory requirement.
This engagement is the litmus test of cooperation and transparency. Failure to comply with these notification obligations or being selective in the information that is provided, can carry the worst case scenario risk of regulatory action.
Whilst the nirvana of any supervised person is to implement systems and controls that are zero failure, this is not realistic. Despite best endeavours a situation will arise where a breach of material significance is detected. There may be an understandable reticence and anxiety concerning how this will be viewed through a regulatory lens. However, self-identifying issues, notifying and remediating will always be viewed more favourably than the opposite course of action.
Even in relation to significant and material deficiencies, cooperation and transparency will work in the favour of a supervised person. The methodology for determining a civil financial penalty outlines that where a contravention is voluntarily reported, in a prompt and comprehensive manner, this will be considered a mitigating factor, potentially resulting in a reduction in the penalty levied. In addition, cooperation is referenced in a number of public statements as a factor taken into account during the process.
Conversely, if there a failure to voluntarily report, this could be deemed an aggravating factor. A recent public statement identified failure to notify the JFSC of a breach as an aggravating factor in the determination of the quantum of the penalty.
Not being meticulous in the provision of the full facts or being selective in the information that is provided will undermine regulatory trust at the very least. Any urge to minimise or provide a gloss on relevant information, in an effort to maintain reputation should be resisted.
Considering the following can help you manage notifications in a way that is a cooperative and transparent.
Have a procedure for evaluating and determining whether a breach that has occurred is considered sufficiently material to warrant notification under the COP. To be effective ensure that it incorporates the following:
A process for identifying promptly any breaches that are sufficiently material that must always be reported
Clear escalation for referral to the board/senior management for decisions within the governance arrangements
Document the rationale for the decision – this is particularly important when a decision is taken that the breach is not notifiable
Ensure that the JFSC is proactively updated at an appropriate frequency until the issue is resolved – do not be in a position where your supervisor is chasing for an update
Reporting arrangements should ensure that regulatory notifications:
- Are proactive and timely
Determine whether the breach is notifiable and document board/senior management discussions around this consideration
Do not delay, even if the full facts have not yet been established. The AML COP requires notification 'immediately' and the sector specific COPs 'as soon as it (registered person) becomes aware'
There may be occasions where a report is made verbally, to give an initial 'heads up'. Follow up promptly in writing
- Contain clear and factually accurate information relating to the breach, including:
The regulatory requirement that has been breached – make sure this is accurate. An understanding of and familiarity with the regulatory framework is a given, where references are inaccurate, this creates a poor first impression
A description of the breach and relevant dates, including how and when the breach was identified – confirm the date it was first detected, the manner in which it was identified (e.g. internal notification to compliance, compliance monitoring or internal audit report) and the date on which it was entered onto the Breaches Register
Confirmation of the cause of the breach
Confirmation whether the breach is considered isolated or systemic in nature – include the number and risk rating of customers affected, where appropriate
Confirmation of the reason the breach is thought to be of material significance to the regulator, considering its cause, effect, the reaction to it, and its wider implications
Mitigating factors – however, do not overstate
- Detail the steps being taken to investigate and/or remedy the identified issue
If the issue leading to the breach has already been remedied, include the actions taken and confirm the date the breach was considered closed
Where further actions are required or remediation is ongoing, confirm the target timeframes for completion
Where appropriate, submit the remediation plan along with the notification
Advise the frequency of ongoing updates of progress to the JFSC, through to closure and make good on this commitment
- Demonstrate appropriate board/senior management oversight
As the responsibility for adequacy and effectiveness of systems and controls belongs to the board/senior management, it is essential that they engage in the notification process, to demonstrate that issues are receiving the right level of attention.
Engagement with the regulator in this third scenario can leave us feeling exposed; akin to standing up in that Zoom call to reveal we are in fact wearing tracksuit bottoms. As a result, it may be felt that the reputation we have worked hard to build is compromised.
To paraphrase a Greek philosopher, it is not what happens to us, but how we react to it that matters. We naturally may have concerns about the negative connotations a 'material' notification may convey to the regulator. However, we can use this engagement as an opportunity to show the best of our organisation: our ability to communicate clearly, succinctly and transparently; that we take compliance seriously and that we mobilise quickly to remediate issues in an effective and sustainable way.
The regulator will appreciate the commitment to transparency and cooperation and doing the right thing.
Ogier Regulatory Consulting provides expert regulatory advice on how to approach engagement with the regulator, including mandatory and material notifications. For more information, feel free to get in touch, or learn more about Ogier Regulatory Consulting in our At a Glance guide.
Sarah Valerkou
Client Director | Consulting
Jersey
Client Director
Jersey
Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.
This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.
Regulatory information can be found under Legal Notice
Sign up to receive updates and newsletters from us.
Sign up
No Content Set
Exception:
Website.Models.ViewModels.Blocks.SiteBlocks.CookiePolicySiteBlockVm