Financial Services Authority publishes Phase Two findings of Trust And Corporate Service Providers (TCSP)

Phase Two of The Financial Services Authority’s (FSA) thematic review relating to Trust and Corporate Services Providers (TCSP) has now been published.

During 2023, at a total of 70 licence holders, desk-based inspections were conducted to test the effectiveness of the Business Risk Assessment (BRA).  As stated in the handbook the purpose of a BRA is to assist relevant persons to understand where, how and to what extent they are exposed to ML/FT risk and which areas of their business they should prioritise in combatting ML/FT.  The BRA should form the basis of a relevant person’s risk-based approach and its risk appetite making clear the types of risk and the risk level the relevant person is prepared to accept. It is the necessary foundation for determining the nature and extent of AML/CFT resources and should be used to inform the policies, procedures and controls to mitigate ML/FT risk, including decisions on the appropriate level and type of CDD to be applied in specific situations to particular types of customers, products, service[1] and delivery channels.

Anti-Money Laundering Countering the Financing of Terrorism (AML/CFT) Code 2019  and The Business Risk Assessment Obligations

(1) A relevant person must carry out an assessment that estimates the risk of ML/FT posed by the relevant person’s business and customers.

(2) The business risk assessment must be —

  1. undertaken as soon as reasonably practicable after the relevant person commences business
  2. recorded in order to demonstrate its basis; and
  3. regularly reviewed (details of any review must be recorded) and, if appropriate, amended so as to keep the assessment up-to-date.

(3) The business risk assessment must have regard to all relevant risk factors, including —

  1. the nature, scale and complexity of the relevant person’s activities;
  2. any relevant findings of the most recent National Risk Assessment relating to the Island;
  3. the products and services provided by the relevant person;
  4. the manner in which the products and services are provided, including whether the relevant person meets its customers;
  5. the involvement of any third parties for elements of the customer due diligence process, including where reliance is placed on a third party;
  6. customer risk assessments carried out under paragraph 6; and
  7. any technology risk assessment carried out under paragraph 7.

Good practice in relation to conducting a BRA includes: –

  • Clearly sets out the risks the firm faces in relation to customers and their activities and explains the
    basis of the assessment.
  • Is tailored to the business and the specific risks of that particular firm.
  • Is informed by other risk assessments required by the Code, including the Island’s NRA.
  • Provides detail on the customer base highlighting where key risks lie.
  • Has input from subject or product experts from across the business.
  • Is evidenced as reviewed and signed off by senior management at regular intervals.
  • Is shared with staff across the organisation so they can understand the ML/FT risks faced.
  • Has good version controls (and dated versions); • Clearly articulates how much, and what level of,
    risk the firm is prepared to take and
  • Details what risk the firm is not prepared to take. Good practice in relation to conducting a BRA
    includes ensuring the document: 3 Phase 2 – BRA Inspection

Read the full report Here

At Rowany Solutions Limited we are committed to helping and supporting our clients achieve their legal and regulatory compliance obligations in a robust and effective manner and can help you review your policies and procedures in respect of global sanction regimes and to prepare you for the ongoing FSA thematic project.

Contact us on 729000 or at to arrange an initial chat over coffee for more information on how we can assist you or to arrange a free no obligation initial consultation.