Earlier this month the Guernsey Financial Services Commission (one of my very favourite regulators – yes, I do have favourite regulators, and favourite FIUs too) published a thematic report on financial crime training. In it are the results of a review the Commission conducted in 2015, asking 62 firms in Guernsey (together employing 2,238 people) about their financial crime training. As you can imagine, I grabbed it with indecent haste. I do a lot of training in Guernsey, and I need to know if I’m getting it right. And – selfishness aside – this is one of the very few reports I have ever seen into the provision and effectiveness of AML training.
You can read the full report yourself, of course – it’s well-written, neatly formatted and with handy boxes showing good and poor practice. (By the by, I am always surprised by how honest people are in these reviews. One example of poor practice around MLRO reports to the Board says that “the Commission noted that the Board had taken seven months to reply to the MLRO on the action points arising from the report”. Now, would you have owned up to that? Me neither.) From my perspective, the interesting observations (i.e. the ones that are likely to make me change my ways) are these:
- In one example of good practice, we are told that: “The firm provides new employees with introductory AML/CFT training on their first morning with the firm. A one-to-one session is held with the MLRO providing an overview of Guernsey’s AML/CFT regulatory regime, together with details of an employee’s personal obligations and the consequences for failing to comply with these obligations. A ‘Day 1’ pack is also provided, including an AML/CFT training document, a reporting suspicion summary and details of the MLRO and compliance team.” I like the sound of that (particularly if the regulator’s keen): I might put together a ‘Day 1’ pack template for “my” MLROs.
- When it comes to the training of non-exec directors, the report notes that “a number of firms placed reliance upon the training received by the NEDs from other employment/appointments. Additionally in some cases no formal confirmation had been requested or received in respect of this training and no evidence held to meet the relevant record keeping requirements.” It might be time for a reminder to MLROs to ensure that they have (documented) confidence in the AML training being given to their NEDs and don’t just believe the NED when he says he’s done it elsewhere.
- And then this: “A common theme to emerge from this thematic was a disconnect between the principal financial crime risks which firms identified and the subsequent focus on these areas within the training provided to staff.” In other words, firms would identify, say, fraud and market manipulation as their biggest risks, but then not cover these in their financial crime training. Now, I’m not keen to start training on all financial crimes – no-one could do justice to them all – but I will start to ask MLROs whether they are covering off their identified risks in other training, for their own protection.