Jersey -- AML/CFT Compliance Regulatory Overview

**The Proceeds of Crime (Jersey) Law 1999 (as amended):** This is the principal law creating offences related to money laundering and the financing of terrorism. It defines criminal conduct and the various money laundering offences.

**The Money Laundering (Jersey) Law 2008 (as amended):** This law establishes the preventative measures that financial services businesses (including VASPs) must take to combat money laundering and terrorist financing. It mandates compliance with the requirements set out in the Money Laundering Order.

**The Money Laundering (Prevention and Detection of Money Laundering) (Jersey) Order 2008 (as amended) (the "ML Order"):** This is the core regulatory instrument that specifies the detailed AML/CFT requirements for financial services businesses, including customer due diligence, reporting, record-keeping, and internal controls.

**The Terrorism (Jersey) Law 2011 (as amended):** This law creates offences related to terrorist financing and provides for asset freezing and other measures to combat terrorism.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

**Identification and Verification of the Customer:**

Obtain reliable independent evidence of the customer's identity (e.g., government-issued photo ID, proof of address).

Verify the identity using reliable sources.

For legal entities, obtain details of the company's legal status, constitution, and powers.

**Identification and Verification of Beneficial Ownership:**

Identify the ultimate beneficial owner (UBO) of the customer, including natural persons who ultimately own or control the customer (typically holding 25% or more of shares or voting rights, or exercising control through other means).

Verify the UBO's identity using reliable sources.

**Understanding the Purpose and Nature of the Business Relationship:**

Obtain information about the customer's business activities, the source of funds and source of wealth (particularly for high-risk customers or high-value transactions), and the intended purpose and nature of the VASP relationship.

Continuously scrutinize transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

Keep customer information, including identity data, up-to-date and relevant.

Review existing customer relationships periodically, especially for high-risk clients.

**Politically Exposed Persons (PEPs):** Senior foreign and domestic public officials, their family members, and close associates. Enhanced scrutiny of transactions and source of wealth/funds is mandatory.

**High-Risk Jurisdictions:** Customers or transactions involving countries identified by FATF or the JFSC as having inadequate AML/CFT regimes.

**Complex or Opaque Structures:** Where the ownership and control structure of a legal entity or arrangement is unusually complex.

**Transactions without Face-to-Face Contact:** Where the customer has not been physically present for identification purposes (though the JFSC Handbook provides guidance on robust non-face-to-face verification).

**High-Value or Unusual Transactions:** Transactions that are large, complex, unusual, or inconsistent with the customer's known legitimate activities.

**Money Laundering Reporting Officer (MLRO):** Every VASP must appoint an MLRO who is responsible for receiving internal disclosures of suspected money laundering or terrorist financing, considering them, and making external reports where appropriate. An MLRO must be suitably qualified and of sufficient seniority.

**Internal Reporting:** Employees are required to report any knowledge or suspicion of money laundering or terrorist financing to the MLRO.

**External Reporting:** If the MLRO forms a suspicion, they must make a Suspicious Activity Report (SAR) to the **Joint Financial Crimes Unit (JFCU)** in Jersey.

**Consent Regime ("Defence Against Money Laundering - DAML"):** Where a VASP knows or suspects that property is criminal property (proceeds of crime) and wishes to proceed with a transaction that would otherwise be a money laundering offence, they must seek consent from the JFCU. Failure to seek consent or proceeding without it could result in criminal liability.

**Prohibition on Tipping-Off:** It is an offence to "tip-off" a person who is the subject of a SAR or a consent request, or to disclose that a report has been made or that an investigation is being conducted, as this could prejudice an investigation.

**Duration:** All records relating to customer identity, business relationships, and transactions must be kept for a minimum period of **five years** from the date the business relationship ends or the date of the transaction (for occasional transactions).

**Types of Records:** This includes:

Copies of documents and information obtained for CDD purposes.

Evidence of the customer's identity and beneficial ownership.

Records of transactions, including the amount, currency (fiat and virtual), date, and parties involved.

Records of internal and external suspicious activity reports, including the MLRO's decision-making process.

Records of communications with customers and relevant authorities.

Records demonstrating compliance with internal policies and procedures.

**Accessibility:** Records must be readily available to the JFSC upon request.

**Internal Controls and Policies:** VASPs must establish and maintain appropriate and risk-sensitive internal controls, policies, and procedures to prevent ML/TF. This includes a comprehensive AML/CFT Business Risk Assessment.

**Training:** Employees must receive regular and appropriate AML/CFT training relevant to their roles and responsibilities.

**Independent Audit:** Larger VASPs, or those deemed higher risk, may be required to undertake an independent audit of their AML/CFT systems and controls.

**Sanctions Compliance:** VASPs must comply with all applicable financial sanctions regimes (e.g., UN, UK, EU where applicable to Jersey).

**Trust Company Business (TCB) Registration:** The JFSC considers that holding virtual assets on behalf of others, particularly where the firm retains control over the private keys (or the means to access them), often constitutes "Trust Company Business" under the FSJL. This means firms must:

Apply to the JFSC for registration to conduct Trust Company Business.

Comply with the **Code of Practice for Trust Company Business**.

Meet minimum capital requirements, governance standards, and fit and proper person tests for directors and key personnel.

**Regulatory Reference:** **Financial Services (Jersey) Law 1998, Article 2** (definition of Trust Company Business) and **Article 9** (requirement for registration).

Financial Services (Jersey) Law 1998

Codes of Practice (including TCB)

**Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) Registration:** All Virtual Asset Service Providers (VASPs), which explicitly include firms providing "custody or administration of virtual assets on behalf of other natural or legal persons," are designated as a "financial service business" under Jersey's AML/CFT framework. This requires them to:

Register with the JFSC for AML/CFT supervision.

Comply with the **Money Laundering (Jersey) Order 2008** and the **Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for Financial Services Businesses**.

Implement robust AML/CFT policies, procedures, and controls, including Know Your Customer (KYC), suspicious activity reporting, and record-keeping.

**Regulatory Reference:** **Money Laundering (Jersey) Order 2008, Schedule 2, Part A, Article 15A** (identifies VASPs as financial service businesses).

Money Laundering (Jersey) Order 2008

Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism

**JFSC Guidance for Virtual Asset Service Providers (VASPs):** The JFSC has issued specific guidance clarifying how existing laws apply to VASPs, including custodians. This guidance reiterates the need for TCB registration and AML/CFT compliance.

**Regulatory Reference:** **Guidance for Virtual Asset Service Providers (VASPs)**

JFSC Guidance for VASPs (September 2022)

**TCB Code of Practice:** The Code mandates strict rules for handling client money and client assets. These principles are applied to virtual assets. Key requirements include:

**No Commingling:** Client assets (virtual assets) must be held separately from the firm's own assets.

**Clear Identification:** Client assets must be clearly identifiable as belonging to clients.

**Accurate Record-Keeping:** Detailed and accurate records must be maintained, showing each client's beneficial interest in the assets held.

**Client Money Rules:** If the custodian also holds client fiat currency for the purpose of purchasing or selling virtual assets, separate client money rules (e.g., holding in designated client bank accounts) would also apply.

**Regulatory Reference:** **Code of Practice for Trust Company Business, Principle 4** (Client Assets) and related sections on client money.

**Professional Indemnity Insurance (PII):** Firms licensed under the FSJL (including TCBs) are generally required to hold adequate Professional Indemnity Insurance. The JFSC will expect this PII to cover the specific risks associated with holding virtual assets, including potential losses due to cyber-attacks, operational errors, or employee misconduct. The adequacy of coverage will be assessed during the licensing process and ongoing supervision.

**Risk Management:** The JFSC's VASP Guidance and the TCB Code of Practice emphasize robust risk management. This implicitly requires firms to consider and mitigate risks such as theft, loss, and cyber-security breaches, which would typically involve appropriate insurance as part of a comprehensive risk mitigation strategy.

**Risk-Based Approach:** The JFSC expects custodians to implement security measures proportionate to the risks involved, considering factors like the value of assets, the type of virtual asset, and the nature of the business.

**Robust Security Controls:** The VASP Guidance and TCB Code of Practice require firms to have robust systems and controls to protect client assets from loss, theft, and unauthorized access. This implies that a well-managed custodian would likely employ a mix of hot, warm, and cold storage solutions, with a significant portion of high-value assets secured in cold storage.

**Operational Resilience:** Custodians must demonstrate operational resilience, including plans for disaster recovery and business continuity, which would encompass the security and accessibility of stored private keys.

**Regulatory Reference:** **JFSC Guidance for Virtual Asset Service Providers (VASPs)** and **Code of Practice for Trust Company Business, Principle 3** (Management and Control) and **Principle 4** (Client Assets) which address the need for adequate controls and protection of assets.

**Regulation by a Competent Authority:** JFSC oversight.

**Financial Soundness:** Capital requirements and regular financial reporting.

**Robust Governance:** Fit and proper persons, independent oversight.

**Operational Integrity:** Compliance with Codes of Practice, risk management, internal controls.

**Client Asset Protection:** Segregation rules, record-keeping.

**AML/CFT Compliance:** Strict adherence to anti-financial crime obligations.

**Adaptation of existing laws:** Leveraging the robust Financial Services (Jersey) Law 1998 (specifically TCB) and AML/CFT frameworks.

**Risk-based regulation:** Emphasizing comprehensive risk management, security, and governance.

**Clarity through guidance:** The JFSC's VASP Guidance provides practical application of the laws.

**Focus on client protection:** Strong emphasis on asset segregation and operational integrity.

**Sanctions and Asset-Freezing (Jersey) Law 2019 (SAFL):** This is the primary legislation enabling Jersey to implement UN and UK financial sanctions regimes. It provides the framework for identifying, freezing, and reporting designated persons' assets.

Sanctions and Asset-Freezing (Jersey) Law 2019

**Proceeds of Crime (Jersey) Law 1999 (POCA):** This establishes the general criminal offences related to money laundering and terrorist financing.

Proceeds of Crime (Jersey) Law 1999

**Money Laundering (Jersey) Order 2008 (MLO):** This specifies the AML/CFT obligations for "financial services business," which explicitly includes VASPs since 2023. VASPs must be registered with the JFSC.

**JFSC Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism:** This Handbook provides detailed guidance to regulated entities on how to comply with their AML/CFT and sanctions obligations, including for VASPs.

**VASP Definition and Requirements:** Jersey defines VASPs consistent with FATF recommendations. VASPs engaging in activities such as exchange between virtual assets and fiat, exchange between one or more forms of virtual assets, transfer of virtual assets, safekeeping/administration of virtual assets, and participation in/provision of financial services related to an issuer's offer/sale of a virtual asset, must register with the JFSC. Registration mandates adherence to all AML/CFT and sanctions requirements.

Mandatory for all Jersey entities.

Implemented via the SAFL 2019, which requires immediate asset freezing and reporting obligations for designated persons/entities on the UN Security Council Consolidated List.

**Obligation:** Screen all customers, beneficial owners, and transactions against the UN Consolidated List.

Jersey generally mirrors UK sanctions policy post-Brexit. The SAFL 2019 empowers Jersey to make regulations to implement UK sanctions.

HM Treasury UK Sanctions Guidance

While Jersey is not part of the EU, many EU sanctions regimes are often aligned with UN mandates or influence UK sanctions. Jersey financial institutions, especially those dealing with EU counterparties or clients, are often expected to be aware of and consider EU sanctions.

**Obligation:** While not directly binding, practical compliance may necessitate screening against EU lists if there is an EU nexus to avoid business disruption or reputational risk.

**OFAC Sanctions (US Office of Foreign Assets Control):**

OFAC sanctions have significant extraterritorial reach. Any VASP that deals with US persons, US dollar transactions, US-origin technology, or has any connection to the US financial system (e.g., correspondent banking relationships) is subject to OFAC regulations.

**Obligation:** Jersey VASPs must have robust OFAC compliance programs to mitigate the risk of secondary sanctions, reputational damage, and loss of access to the US financial system. This involves screening against the Specially Designated Nationals (SDN) list and other OFAC lists.

OFAC Sanctions Programs and Country Information

**Screen Customers and Beneficial Owners:** All new and existing customers, as well as their beneficial owners, must be screened against all relevant sanctions lists (UN, UK, and practically, OFAC). This must be done at onboarding and on an ongoing basis.

**Screen Transactions:** Real-time or near real-time screening of virtual asset transactions to identify potential links to sanctioned entities, addresses, or jurisdictions. This requires sophisticated blockchain analytics tools.

**Identify Red Flags:** Develop systems to identify patterns or indicators of sanctions evasion, such as unusual transaction patterns, use of mixers/tumblers, or transactions to/from high-risk jurisdictions.

**Asset Freezing:** Immediately freeze any funds or economic resources (including virtual assets) identified as belonging to or controlled by a designated person/entity.

**Reporting:** Promptly report any asset freezes, or attempted transactions involving sanctioned entities, to the JFSC (under SAFL) and the Jersey Financial Intelligence Unit (FIU) via a Suspicious Activity Report (SAR) if it meets the criteria.

**Prohibited Jurisdictions:** VASPs must implement controls to prevent or flag transactions to/from countries subject to comprehensive sanctions (e.g., North Korea, Iran, specific regions of Ukraine, Syria).

**High-Risk Jurisdictions:** Even for non-sanctioned countries, transactions involving jurisdictions identified as high-risk for AML/CFT by FATF or the JFSC require enhanced due diligence.

**Source/Destination of Funds:** VASPs must ascertain the source and destination of virtual assets and fiat, using blockchain analytics and customer information to determine if any part of the transaction chain involves a sanctioned geography or entity.

Failure to comply with asset-freezing orders, reporting obligations, or engaging in prohibited activities can lead to:

**Imprisonment:** Up to 10 years.

**Proceeds of Crime (Jersey) Law 1999 (POCA) / Money Laundering (Jersey) Order 2008 (MLO):**

Breaches of AML/CFT obligations, including failures in sanctions screening, can result in:

**Imprisonment:** Up to 5 years (for specific offences under POCA).

**Regulatory Sanctions:** The JFSC can impose significant administrative penalties, revoke licences, issue public statements, and impose prohibitions on individuals.

JFSC Civil Financial Penalties Regime

**Reputational Damage:** Beyond legal penalties, violations can lead to severe reputational damage, loss of trust, and potential withdrawal of correspondent banking services.

**UN Sanctions:** Afghanistan, Central African Republic, Democratic Republic of Congo, Iran, Iraq, Lebanon, Libya, Mali, North Korea, Somalia, South Sudan, Sudan, Yemen, various counter-terrorism designations (e.g., Al-Qaida, ISIL/Da'esh).

**UK Sanctions (which Jersey mirrors):** These cover similar countries as the UN, plus additional regimes such as Russia (extensive sanctions due to the invasion of Ukraine), Belarus, Myanmar, Nicaragua, Venezuela, and others.