For board members and compliance officers of Designated Businesses in the Isle of Man, staying vigilant and proactive is part of the job description—especially with the potential of a regulatory inspection always on the horizon.
How does one ensure that their business isn’t just meeting the minimum requirements, but actually excelling in its AML/CFT obligations?
With a visit from MONEYVAL pending, the stakes are higher, and the margin for error is narrower than ever. This blog seeks to arm you with the knowledge, strategies, and tools to sail through the IOMFSA’s rigorous inspections unscathed.
Be Prepared
If you operate a “Designated Business” in the Isle of Man, you’ll be aware of your responsibilities in relation to the Designated Businesses (Registration and Oversight) Act 2015.
The Isle of Man Financial Services Authority (IOMFSA) defines a “Designated Business” as
any person who undertakes the business as defined in Schedule 1 of the Act. These activities include:
- Legal Professionals (when undertaking certain activities)
- External Accountants, including bookkeepers
- Tax Advisers
- Payroll Agents
- Money Lenders
- Businesses that provide financial leasing arrangements or provide financial guarantees in respect of certain products
- Estate Agents
- Businesses that deal in goods and services of any description which involves cash transactions (one-off or linked transactions) which are equivalent to at least €15,000
- Safe Custody facilities
- Convertible Virtual Currencies
- Specified Non-Profit Organisations
In order to maintain the positive reputation of the Isle of Man, the Authority continues to conduct random regulatory inspections and thematic reviews on IOM Designated Businesses.
As the Isle of Man’s visit from MONEYVAL looms ever closer, a visit form the Authority is something every company should be prepared for.
Being unprepared for Authority inspections can be costly in terms of:
- the financial penalties that may be imposed
- the damage to reputation
- the time it takes to prepare the requested deliverables
- the mental stress created for all involved if a company is not prepared
Therefore, it’s essential to be prepared.
What kind of visit can you expect to receive?
Currently we are seeing the IOMFSA carrying out more thematic reviews. Most recently we have seen businesses contacted around their processes and frameworks for:
- Sanctions
- Foreign PEPs
The IOMFSA will request a series of deliverables which may include:
- Business Risk Assessment
- Policies and procedures
- Registers
- Staff training records and material
- Assurance reports on the testing of monitoring of thematic topic
- Details of any Board/Senior Management reporting on the thematic topic.
Are you and your company ready for this?
The IOMFSA provide useful information on their Supervisory Methodology here.
What are the key things to be aware of around Sanctions and Foreign PEPs?
It is key as a designated business that you have comprehensive and robust policies and procedures covering both Sanctions and Foreign PEPs.
These policies and procedures should be regularly tested and monitored, so when the IOMFSA come knocking you are in a good place.
For Sanctions this would include maintaining documentary records of screening activities including the rationale and treatment of false positives.
In terms of PEPs it is a code requirement to ensure that your client risk assessment factors in Domestic and Foreign PEPs and whether deemed standard or high risk.
We support our clients by testing and monitoring to establish whether a companies’ screening process is fit for purpose.
We look for the gaps so that our clients don’t have to.
The Introduction of STRIX
STRIX AML is software which enables the Authority has recently introduced to receive, risk assess and analyse data from regulated and registered entities.
As a Regulated entity, or one which is registered for AML/CFT purposes, you will receive emails from the Authority advising you that a request for information is available for you to complete. This might be one of the following:
- Annual AML/CFT Return
- Thematic Review Data Requests
- Risk Assessment Data Requests.
You can read more about STRIX here.
What can you do to be prepared for a visit from the Authority?
Have a clear understanding of the applicable regulations and ensure that all compliance procedures are up to date.
Additionally, it’s important to have a plan in place for responding to regulatory inquiries. By taking these steps, companies can minimise the risk of facing serious consequences as a result of a regulatory visit.
Summary
In conclusion, readiness for regulatory visits is not an option but a necessity for Designated Businesses in the Isle of Man.
The approach of MONEYVAL’s visit is yet another checkpoint emphasising the weight of these obligations.
Establishing a robust AML/CFT framework, coupled with active monitoring and continuous improvements, is your best defence against regulatory repercussions.
Whatever your compliance needs, the team at Impact Professional Services are equipped to identify gaps and forge a path to compliance proficiency for you.
We exist for small businesses like yours, and our assistance comes without the Blue Chip price tag.
We can review and test your process, and create an actionable road map to get you to where you need to be when the Authority comes knocking.
Get in touch to book your free initial consultation today.
