Authority publishes initial findings of TCSP thematic review

The Isle of Man Financial Services Authority has published the findings of phase one of a thematic review relating to Trust and Corporate Service Providers (“TCSPs”).


A Business Risk Assessment (“BRA”) questionnaire was sent to a cohort of Island firms to assess how they are meeting their obligations in respect of the Anti-Money Laundering and Countering the Financing of Terrorism (“AML/CFT”) Code 2019.


The phase one report, which is available to view online, sets out the responses submitted by 106 licenceholders, as well as the Authority’s observations on the data and some examples of best practice.


Phase two of the project, consisting of desk-based inspections focusing on a firm’s BRA, is currently in progress, with the results expected to be published in 2024.


The outcomes will help to inform the Authority’s overall picture of risk and support its work to protect consumers, reduce financial crime, and maintain confidence in the financial services industry through effective regulation.


The TCSP sector is identified in the Isle of Man National Risk Assessment as one of the highest risk business sectors in the Island. The Authority is conducting the thematic review to test the strength of measures and controls put in place by firms to mitigate ML/FT-related risks and protect their businesses from potential abuse by criminals.


It also provides an opportunity for the Authority to enhance its engagement with firms and to share the findings and feedback with industry.


Ian Spence, Head of the AML/CFT Supervision Division, said: ‘A Business Risk Assessment is a key part of a firm’s compliance and risk management framework to help detect and prevent money laundering and terrorist financing. The BRA needs to be checked regularly to ensure it is still fit for purpose, and it should be continuously reviewed and updated when circumstances change or new risks or threats emerge.’


All firms are encouraged to read the phase one report and take any action necessary to ensure their own risk-based compliance regimes in relation to BRAs are effective, up-to-date, and properly documented.