Scope of coverage — Coverage is computed against the in-scope obligation library. Out-of-scope handbook sections are not represented. See what's in scope.
Coverage
272 in-scope obligations
Green = full chain defensible · Amber = any link incomplete (missing approved policy, stale test, unverified evidence, open issue, unratified waiver) · Red = no primary control, overdue issue, or failed test.
Green
0
Amber
155
Red
117
146 of 272 obligations carry a verified regulator source (direct URL + integrity hash of the ingested document). The remainder reference the regulator citation only.
ChainPPolicyCControlTTestEEvidenceFFindingsDDecision
Filter
| RAG | Obligation | Domain | Chain | Last test |
|---|---|---|---|---|
| Red | Retain CDD records, SAR records, supporting evidence and internal escalation notes for at least five years. | AML_REPORTING | PCTEFD | never |
| Red | Deliver AML/CFT training to all relevant employees on appointment and at regular intervals thereafter, with attendance recorded. | AML_CFTmoderate | PCTEFD | never |
| Red | Maintain anti-bribery and corruption policies, including gift and hospitality registers and third-party due diligence. | FINANCIAL_CRIME_OTHERelevated | PCTEFD | never |
| Red | Maintain reasonable prevention procedures against the facilitation of UK and foreign tax evasion (CFA 2017 extraterritorial reach). | FINANCIAL_CRIME_OTHERelevated | PCTEFD | never |
| Red | Operate a confidential whistleblowing channel and protect employees who raise concerns in good faith. | FINANCIAL_CRIME_OTHERelevated | PCTEFD | never |
| Red | Maintain a documented, board-approved AML/CFT business risk assessment, reviewed at least annually. | AML_CFTmoderate | PCTEFD | never |
| Red | Identify and verify the beneficial owner of every customer, including natural persons exercising ultimate effective control. | AML_CDD | PCTEFD | never |
| Red | Apply enhanced due diligence to higher-risk customers, products, jurisdictions and delivery channels. | AML_CDD | PCTEFD | never |
| Red | Conduct ongoing monitoring of business relationships, including transaction scrutiny and periodic refresh of CDD information. | AML_CDD | PCTEFD | never |
| Red | Screen all customers and beneficial owners against PEP and sanctions lists at onboarding and on an ongoing basis. | AML_PEP | PCTEFD | never |
| Red | Obtain senior management approval before establishing or continuing a PEP relationship and establish source of wealth and funds. | AML_PEP | PCTEFD | never |
| Red | Do not structure arrangements or refrain from action to evade Banking Code responsibilities or their consequences. | GOVERNANCEelevated | PCTEFD | never |
| Red | Avoid conflicts of interest, or manage them through disclosure, information barriers, or declining to act. | CONDUCTmoderate | PCTEFD | never |
| Red | Execute lawful customer instructions promptly and accurately on a best-endeavours basis. | CONDUCTmoderate | PCTEFD | never |
| Red | Operate a whistleblowing channel allowing employees to raise concerns confidentially to the board or senior management, bypassing line management. | GOVERNANCEelevated | PCTEFD | never |
| Red | Jersey-incorporated banks must maintain at least two Jersey-resident directors, an appropriate number of NEDs, and documented director-selection procedures. | GOVERNANCEelevated | PCTEFD | never |
| Red | Jersey branches must appoint a resourced local management function and a designated appointed senior officer outside Jersey. | GOVERNANCEelevated | PCTEFD | never |
| Red | Maintain a board-approved, documented and implemented risk management strategy covering identification, assessment, monitoring and control of all significant risks. | GOVERNANCEelevated | PCTEFD | never |
| Red | Produce timely management information sufficient to monitor business performance and risk exposures. | GOVERNANCEelevated | PCTEFD | never |
| Red | Disclose JFSC regulated status to customers. | CONDUCTmoderate | PCTEFD | never |
| Red | Communicate with customers in a way that is adequate, fair and not misleading, and confirm transactions in legible form. | CONDUCTmoderate | PCTEFD | never |
| Red | Jersey-incorporated banks must hold a minimum of £5 million Tier 1 capital at all times. | BANK_CAPITAL | PCTEFD | never |
| Red | Obtain prior JFSC approval (LE25) for any exposure to a counterparty or group of connected counterparties exceeding 25% of agreed capital resources. | BANK_LARGE_EXPOSURES | PCTEFD | never |
| Red | Hold capital commensurate with the nature, scale and full risk profile of the business (beyond the absolute minimum). | BANK_CAPITAL | PCTEFD | never |
| Red | Report every counterparty (or connected-counterparty group) exposure above 10% of ACR in the quarterly prudential return. | BANK_LARGE_EXPOSURES | PCTEFD | never |
| Red | Keep the aggregate of Large Exposures (excluding CL and Guaranteed Large Exposures) at or below 800% of ACR. | BANK_LARGE_EXPOSURES | PCTEFD | never |
| Red | Manage liquidity proportionate to the nature, scale and risk profile of the business. | BANK_LIQUIDITY | PCTEFD | never |
| Red | Continuously monitor the Liquidity Coverage Ratio (or the LMR if the JFSC has agreed a variation). | BANK_LIQUIDITY | PCTEFD | never |
| Red | Maintain an ICAAP document covering capital and liquidity adequacy; notify the JFSC within five business days of any board-approved amendments. | BANK_CAPITAL | PCTEFD | never |
| Red | Notify the JFSC in writing as soon as aware of any matter affecting registration or in the customers' interest to disclose, including mitigation steps. | GOVERNANCEelevated | PCTEFD | never |
| Red | Notify the JFSC in writing within a reasonable time of any auditor decision to qualify the audit report or raise an emphasis of matter. | GOVERNANCEelevated | PCTEFD | never |
| Red | Pre-notify the JFSC at least 10 business days before changing the registered office address. | GOVERNANCEelevated | PCTEFD | never |
| Red | Pre-notify the JFSC before commencing any new activity likely to have a material effect on the business or profitability. | GOVERNANCEelevated | PCTEFD | never |
| Red | Give due regard to customer interests across the lifecycle of the banking relationship. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain and evidence adequate financial resources to support the scale and risk of the business. | BANK_CAPITAL | PCTEFD | never |
| Red | Engage with the JFSC in an open and co-operative manner across notifications, inspections and ongoing supervision. | GOVERNANCEelevated | PCTEFD | never |
| Red | Conduct all trust company business with integrity in dealings with customers, counterparties, employees and the JFSC. | CONDUCTmoderate | PCTEFD | never |
| Red | Identify, record and manage conflicts of interest; disclose any that cannot be managed by other means. | CONDUCTmoderate | PCTEFD | never |
| Red | Operate a gifts, entertainment and hospitality policy with a maintained register above any defined threshold. | CONDUCTmoderate | PCTEFD | never |
| Red | Ensure all staff carrying out trust company business are competent and remain so through ongoing training. | CONDUCTmoderate | PCTEFD | never |
| Red | Administer trusts, companies and structures with due skill, care and diligence; document decisions and their rationale. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain documented governance arrangements with clear allocation of responsibilities and effective board oversight. | GOVERNANCEelevated | PCTEFD | never |
| Red | Operate a documented risk management framework proportionate to the nature, scale and complexity of the business. | GOVERNANCEelevated | PCTEFD | never |
| Red | Maintain an independent, adequately resourced compliance function reporting directly to the board. | GOVERNANCEelevated | PCTEFD | never |
| Red | Have due regard to customer interests and act in the best interests of trust beneficiaries. | CONDUCTmoderate | PCTEFD | never |
| Red | Document terms of business in writing before accepting any engagement, including scope, fees and termination. | CONDUCTmoderate | PCTEFD | never |
| Red | Ensure all customer and marketing communications are clear, fair and not misleading. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain and monitor financial resources adequate in amount and quality to meet liabilities as they fall due. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Maintain professional indemnity insurance appropriate to the business; review cover regularly. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Notify the JFSC promptly of any breach or expected breach of financial resource adequacy requirements. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Deal with the JFSC and other regulators openly and cooperatively; respond promptly and conceal nothing. | GOVERNANCEelevated | PCTEFD | never |
| Red | Notify the JFSC promptly of any material matter, including changes to business model, ownership or senior personnel. | GOVERNANCEelevated | PCTEFD | never |
| Red | Outsource material activities only with board approval, a written agreement and documented ongoing oversight. | OUTSOURCINGlow | PCTEFD | never |
| Red | Do not structure arrangements or refrain from action to evade TCB Code responsibilities or their legal consequences. | CONDUCTmoderate | PCTEFD | never |
| Red | Discharge undertaken responsibilities with due skill, care and diligence. | CONDUCTmoderate | PCTEFD | never |
| Red | Exercise powers and discretions only for a proper purpose and evidence every decision in writing. | CONDUCTmoderate | PCTEFD | never |
| Red | Avoid conflicts of interest where possible; where they arise, record and address them by disclosure, information barriers, declining to act, or otherwise. | CONDUCTmoderate | PCTEFD | never |
| Red | Delegate duties or powers only to appropriate persons and only for a proper purpose, with monitoring and due diligence. | CONDUCTmoderate | PCTEFD | never |
| Red | Implement procedures for detailed, periodic reviews of all trust and company services provided to customers. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain a regulatory span of control of at least three appropriately skilled and experienced individuals where the firm controls TCB assets. | GOVERNANCEelevated | PCTEFD | never |
| Red | Subject corporate governance arrangements to regular review, including periodic self- or external assessment of board effectiveness. | GOVERNANCEelevated | PCTEFD | never |
| Red | Operate robust arrangements covering documented policies, a Compliance Officer, complaints handling, supervision of employees, authorisation controls on assets, and decision authorisation by appropriately experienced persons. | GOVERNANCEelevated | PCTEFD | never |
| Red | Maintain and periodically test business resumption, disaster recovery and contingency arrangements. | GOVERNANCEelevated | PCTEFD | never |
| Red | Comply with all relevant AML/CFT/CPF legislation, guidance and the JFSC AML/CFT/CPF Handbook. | FINANCIAL_CRIME_OTHERelevated | PCTEFD | never |
| Red | Comply with the current JFSC outsourcing policy, including notification requirements. | OUTSOURCINGlow | PCTEFD | never |
| Red | Where customer money is held, perform an annual independent review of controls preventing loss, misuse or misappropriation of customer money. | GOVERNANCEelevated | PCTEFD | never |
| Red | Ensure all directors, partners, senior managers and employees are fit and proper for their roles on appointment and on an ongoing basis. | GOVERNANCEelevated | PCTEFD | never |
| Red | Maintain at all times the JFSC competency thresholds: 75% of Category A TCB employees suitably qualified, and 75% of Category A and B combined suitably qualified. | GOVERNANCEelevated | PCTEFD | never |
| Red | Ensure Category A/B TCB employees complete at least 25 hours CPD per year and Category C employees at least 15 hours, of which no more than five may be relevant reading. | TRAININGelevated | PCTEFD | never |
| Red | Senior management must approve a compliance policy, establish a permanent compliance function, assess compliance-risk management at least annually, and appoint a skilled Compliance Officer. | GOVERNANCEelevated | PCTEFD | never |
| Red | Appoint a Jersey-based Compliance Officer employed by the firm (or a group company) with appropriate qualifications, status and authority. | GOVERNANCEelevated | PCTEFD | never |
| Red | Operate an effective complaints-handling system: central register, transparent customer information, fair handling, written acknowledgement within five business days. | CONDUCTmoderate | PCTEFD | never |
| Red | Notify the JFSC promptly in writing when a complaint is unresolved after three months, a complaint pattern emerges, or a complaint triggers a PII claim. | GOVERNANCEelevated | PCTEFD | never |
| Red | Retain business records for the longer of any statutory period, the AML/CFT/CPF Handbook period, or ten years for governance and Code-related records. | RECORDKEEPINGhigh | PCTEFD | never |
| Red | Disclose JFSC regulated status on all stationery and advertising material. | CONDUCTmoderate | PCTEFD | never |
| Red | Communicate with customers in a way that is adequate, fair and not misleading. | CONDUCTmoderate | PCTEFD | never |
| Red | Agree and document the basis for fees and charges before taking an appointment, and disclose all fees, commissions and third-party payments openly. | CONDUCTmoderate | PCTEFD | never |
| Red | Provide each customer with a written services confirmation and a contract or agreement setting out the general and specific terms of the services. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain at least £25,000 paid-up share capital (or evidenced net assets), a £25,000 minimum net-assets position, and an ANLA surplus of at least 110% of the Expenditure Requirement. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Perform the ANLA calculation at least quarterly, increasing to monthly (or as the JFSC determines) if ANLA falls below 130% of the Expenditure Requirement or a material adverse event occurs. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Immediately notify the JFSC in writing if ANLA falls below 130% or 110% of the Expenditure Requirement, or where the Second Schedule may misrepresent the firm's resources. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Maintain adequate PII cover (extended to fidelity guarantee and D&O) at all times, commensurate with business activities. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Maintain PII indemnity (per claim and aggregate) of at least the greater of 3× relevant fees and commissions, 30× the largest customer's fees, or £5 million. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Notify the JFSC in writing as soon as aware of any matter affecting registration or in the customers' interest to disclose, including mitigation steps. | GOVERNANCEelevated | PCTEFD | never |
| Red | Pre-notify the JFSC in writing at least 10 business days before changing the registered name, business name, principal office or registered office. | GOVERNANCEelevated | PCTEFD | never |
| Red | Notify the JFSC of any decision likely to have a material effect on the business or its profitability, including new activities, closures, and subsidiary/branch changes. | GOVERNANCEelevated | PCTEFD | never |
| Red | Notify the JFSC in writing of any auditor decision to qualify the audit report or raise an emphasis of matter. | GOVERNANCEelevated | PCTEFD | never |
| Red | Take reasonable steps to ensure all financial-service advertisements are not misleading, false or deceptive, treating absolute terms ("guarantee", "assured", "confidential", "secret") with caution. | CONDUCTmoderate | PCTEFD | never |
| Red | Conduct trust company business with integrity in all dealings with customers, counterparties, employees and the JFSC. | GOVERNANCEelevated | PCTEFD | never |
| Red | Place the highest regard for customer interests at the centre of all trust and company services provided. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain effective organisation, controls and demonstrable risk-management systems proportionate to the business. | GOVERNANCEelevated | PCTEFD | never |
| Red | Be transparent in business arrangements, communications, fees and service terms. | CONDUCTmoderate | PCTEFD | never |
| Red | Maintain and evidence adequate financial resources and insurance commensurate with the business. | PRUDENTIALmoderate | PCTEFD | never |
| Red | Deal with the JFSC openly and co-operatively across notifications, inspections and ongoing supervision. | GOVERNANCEelevated | PCTEFD | never |
| Red | Do not make misleading, false or deceptive statements, including in financial-service advertisements. | CONDUCTmoderate | PCTEFD | never |
| Red | Appoint an MLRO and MLCO of appropriate seniority and independence, with unrestricted access to information. | AML_CFTmoderate | PCTEFD | never |
| Red | Apply CDD measures before establishing a business relationship or carrying out an occasional transaction, and on suspicion or doubt thereafter. | AML_CDD | PCTEFD | never |
| Red | Notify the JFSC in advance of any proposed material outsourcing arrangement with sufficient supporting detail. | OUTSOURCINGlow | PCTEFD | never |
| Red | Submit a Suspicious Activity Report to the JFCU as soon as practicable when knowledge or suspicion of money laundering arises. | AML_REPORTING | PCTEFD | never |
| Red | Do not disclose to the customer or any third party that a SAR has been or may be made (no tipping-off). | AML_REPORTING | PCTEFD | never |
| Red | Freeze assets and refrain from making funds available to designated persons without delay, and report to the Minister. | AML_PEP | PCTEFD | never |
| Red | Comply with the Depositors' Compensation Scheme — including the Jersey Depositors' Compensation Scheme (JDCS) Disclosure Standard from 1 April 2026 — for eligible-deposit disclosures, levy payments and information requests under the BRRDCJL framework. | DEPOSITOR_PROTECTION | PCTEFD | never |
| Amber | Process personal data lawfully, fairly and transparently in accordance with the data protection principles. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Process personal data only for specified, explicit and legitimate purposes. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Process personal data only to the extent necessary for the specified purpose. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain accuracy of personal data and ensure inaccurate data is corrected or erased. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Retain personal data for no longer than necessary for the specified purpose. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Process personal data securely with appropriate technical and organisational measures. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Demonstrate compliance with the data protection principles through documented records. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Establish a lawful basis for every processing activity and document that basis before processing commences. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Identify a condition for the processing of special category personal data and document that condition before processing commences. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Provide data subjects with privacy information at the point of data collection in clear and accessible form. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Provide data subjects with privacy information within a reasonable period where data is not collected directly. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Notify the JOIC of personal data breaches without undue delay and, where feasible, within 72 hours of becoming aware. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Notify affected data subjects of personal data breaches likely to result in a high risk to their rights and freedoms. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain a documented breach response plan covering identification, containment, notification and remediation. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain a documented log of all personal data breaches whether or not reportable. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Appoint a Data Protection Officer where required and register with the Jersey Office of the Information Commissioner. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain records of processing activities including purposes, categories of data, recipients, and retention periods. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain records of processing activities including international transfers and the safeguards relied upon. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Conduct data protection impact assessments for processing likely to result in a high risk to the rights and freedoms of data subjects. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Consult the JOIC before commencing high-risk processing where the risks cannot be mitigated. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Respond to subject access requests within the statutory period of one month. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Respond to rectification, erasure, restriction, objection and portability requests within the statutory period. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain a documented procedure for the identification, logging and response to data subject rights requests. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain a documented procedure for the verification of the identity of data subjects exercising their rights. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of children's personal data, including age verification where relevant. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the management of automated decision-making and profiling impacting data subjects. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain documented procedures for the management of data transfers to third countries. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Apply appropriate safeguards including standard contractual clauses where transferring personal data to third countries. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the management of joint controller and controller-processor relationships. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain written agreements with all data processors covering the processing requirements set out in the law. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the periodic assurance of processor compliance with contracted requirements. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the identification of new processors and the application of due diligence. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain documented procedures for the management of sub-processor authorisations and changes. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of data retention and disposal across all processing activities. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the management of pseudonymisation and encryption where used. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain documented procedures for the management of access controls over personal data. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the periodic review of access privileges over personal data. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the management of personal data in test and development environments. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain documented procedures for the management of personal data in backup and disaster recovery. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of personal data in cloud and outsourced environments. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the management of personal data in archived and historic records. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain documented procedures for the periodic refresh of privacy notices and data protection documentation. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of marketing consent and preferences. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the management of cookies and similar tracking technologies on customer-facing channels. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain a documented training programme on data protection delivered to all relevant employees at least annually. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the periodic independent assurance over the data protection framework. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the management of data protection risk on new initiatives and projects. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain documented procedures for the management of data protection risk arising from emerging technologies. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of CCTV and surveillance technologies. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the management of biometric data where used in customer or employee processes. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain documented procedures for the management of personal data in employee monitoring. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of personal data in third-party intelligence and screening sources. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the management of personal data in regulatory submissions and SARs. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain documented procedures for the management of personal data in litigation and dispute resolution. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of personal data in employee whistleblowing. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/9/2026 |
| Amber | Maintain documented procedures for the management of personal data in fraud investigation. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/22/2026 |
| Amber | Maintain documented procedures for the management of personal data in change-of-control and group restructuring. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain documented procedures for the management of board-level reporting on data protection performance. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/27/2026 |
| Amber | Maintain documented procedures for the periodic confirmation of compliance with data protection standards. | DATA_PROTECTIONelevated | PCTEFD | passed · 7/16/2026 |
| Amber | Maintain documented procedures for the periodic review of data protection roles and responsibilities. | DATA_PROTECTIONelevated | PCTEFD | never |
| Amber | Maintain policies and controls to detect and prevent insider dealing, unlawful disclosure, and market manipulation. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Maintain insider lists and personal-account dealing rules for employees with access to inside information. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Apply documented procedures for the identification of inside information and its controlled handling. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the timely disclosure of inside information where required. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the delayed disclosure of inside information where permitted, with notification to the regulator. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Apply documented procedures for the management of project insider lists and the addition and removal of names. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the management of permanent insider lists where used. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the pre-clearance of personal-account transactions by employees with inside information. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Apply documented procedures for the periodic confirmation of personal-account dealing compliance by employees. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the management of trading restrictions during closed periods. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the management of market soundings sent and received. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Apply documented procedures for the surveillance of trading activity for indicators of market abuse. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the escalation of suspected market abuse to the MLRO or designated officer. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the reporting of suspected market abuse to the JFSC where required. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Maintain a documented training programme on market abuse delivered to relevant employees at least annually. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the management of conflicts of interest creating market abuse risk. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the periodic independent review of the market abuse framework. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Apply documented procedures for the management of inside information shared with advisers and counterparties. | MARKET_ABUSElow | PCTEFD | never |
| Amber | Apply documented procedures for the recording of communications likely to relate to inside information where required. | MARKET_ABUSElow | PCTEFD | passed · 7/20/2026 |
| Amber | Apply documented procedures for the periodic confirmation of compliance with the market abuse framework. | MARKET_ABUSElow | PCTEFD | passed · 7/10/2026 |
| Amber | Maintain a documented risk assessment of money laundering, terrorist financing and proliferation financing risks for every NPO customer. | NPOlow | PCTEFD | never |
| Amber | Identify and verify the governing body, controllers and beneficial owners of every NPO customer. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Obtain and retain a copy of the constitutional documents of every NPO customer. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Document the charitable, religious, cultural, educational, social or fraternal purpose of every NPO customer. | NPOlow | PCTEFD | never |
| Amber | Document the geographic area of operation of every NPO customer. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Document the sources of funding of every NPO customer. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Document the methods used for the disbursement of NPO funds, including direct distributions and intermediary partners. | NPOlow | PCTEFD | never |
| Amber | Apply enhanced due diligence to NPO customers operating in or distributing funds to higher-risk jurisdictions. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Apply enhanced due diligence to NPO customers with complex governance structures or opaque ultimate control. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Apply enhanced due diligence to NPO customers with cash-intensive activities. | NPOlow | PCTEFD | never |
| Amber | Apply enhanced due diligence to NPO customers exposed to politically exposed persons. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Conduct ongoing monitoring of NPO customer activity against the documented purpose and expected pattern. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Escalate any divergence between NPO customer activity and documented purpose to the MLRO. | NPOlow | PCTEFD | never |
| Amber | Maintain documented procedures for the periodic refresh of NPO customer due diligence. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Maintain documented procedures for the screening of NPO customers and connected parties against sanctions and PEP lists. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Maintain documented procedures for the management of grants, donations and distributions made by NPO customers. | NPOlow | PCTEFD | never |
| Amber | Maintain documented procedures for the corroboration of distribution recipients claimed by NPO customers. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Apply documented procedures for the management of intermediary partners used by NPO customers in higher-risk jurisdictions. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Apply documented procedures for the management of NPO customer engagement with sanctioned territories or proscribed entities. | NPOlow | PCTEFD | never |
| Amber | Apply documented procedures for the management of NPO customer record-keeping and reporting. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Apply documented procedures for the management of trustee conflicts of interest within NPO customer structures. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Apply documented procedures for the periodic review of NPO customer governance arrangements. | NPOlow | PCTEFD | never |
| Amber | Maintain a documented training programme on NPO money laundering and terrorist financing typologies delivered annually to relevant employees. | NPOlow | PCTEFD | passed · 7/17/2026 |
| Amber | Maintain documented procedures for the periodic independent assurance over the NPO framework. | NPOlow | PCTEFD | passed · 6/27/2026 |
| Amber | Maintain documented procedures for the periodic confirmation of compliance with the NPO framework. | NPOlow | PCTEFD | never |
| Amber | Maintain a documented records retention schedule covering all records required by law, regulation or business need. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Retain CDD records for at least five years from the end of the business relationship. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Retain transaction records for at least five years from the date of the transaction. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Retain SAR records for at least five years from the date of submission. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Retain training records for at least five years from the date of delivery. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Retain board minutes and key governance records for at least ten years. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Retain financial records in accordance with statutory accounting requirements. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Retain personal data only for as long as necessary in accordance with the data protection retention principle. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the storage of records in a form that is readily retrievable. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the storage of records in a form that preserves their integrity over time. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the secure destruction of records at the end of the retention period. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the management of physical record storage and access controls. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the management of electronic record storage and access controls. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the management of legal holds where records must be preserved beyond standard retention. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the management of record migration during system changes. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the periodic confirmation that records are being retained in accordance with the schedule. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the management of record retrieval requests from internal and external parties. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the periodic review of the records retention schedule. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Apply documented procedures for the periodic training of employees on records management responsibilities. | RECORDKEEPINGhigh | PCTEFD | never |
| Amber | Apply documented procedures for the periodic confirmation of compliance with the records retention schedule. | RECORDKEEPINGhigh | PCTEFD | passed · 6/14/2026 |
| Amber | Identify and document the FATCA classification of the firm and every reporting financial institution within the group. | FATCA_CRShigh | PCTEFD | never |
| Red | Identify and document the CRS classification of the firm and every reporting financial institution within the group. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Identify reportable accounts under FATCA and document the basis for the classification. | FATCA_CRShigh | PCTEFD | never |
| Red | Identify reportable accounts under CRS and document the basis for the classification. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Collect a valid self-certification from every new account holder at onboarding under FATCA and CRS. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the validation of self-certifications received from account holders. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Apply documented procedures for the resolution of conflicting indicia identified during FATCA and CRS due diligence. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the periodic refresh of self-certifications on a change in circumstances. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Submit FATCA reports to the Comptroller of Revenue annually by the statutory deadline. | FATCA_CRShigh | PCTEFD | never |
| Red | Submit CRS reports to the Comptroller of Revenue annually by the statutory deadline. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Apply documented procedures for the validation of FATCA and CRS report content prior to submission. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the management of nil returns where no reportable accounts exist. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Apply documented procedures for the management of amendments and corrections to submitted FATCA and CRS reports. | FATCA_CRShigh | PCTEFD | never |
| Red | Maintain documented procedures for the retention of FATCA and CRS records for at least six years. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Maintain documented procedures for the periodic independent review of FATCA and CRS compliance. | FATCA_CRShigh | PCTEFD | never |
| Red | Maintain documented procedures for the training of relevant employees on FATCA and CRS classification and reporting. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Apply documented procedures for the management of pre-existing accounts under FATCA and CRS due diligence. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the management of trust and entity accounts under FATCA and CRS due diligence. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Apply documented procedures for the management of controlling persons of passive non-financial entities under CRS. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the management of US indicia testing for pre-existing individual accounts under FATCA. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Apply documented procedures for the management of the GIIN and TIN data quality across the account base. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the periodic confirmation of self-certification accuracy on trigger events. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Apply documented procedures for the management of intermediary classifications and reliance under FATCA and CRS. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the management of withholding obligations under FATCA where relevant. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Apply documented procedures for the management of jurisdiction-of-residence determinations under CRS. | FATCA_CRShigh | PCTEFD | never |
| Red | Apply documented procedures for the management of the relationship with the Comptroller of Revenue. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Apply documented procedures for the management of the relationship with the IRS where applicable. | FATCA_CRShigh | PCTEFD | never |
| Red | Maintain documented procedures for the periodic review of FATCA and CRS policies and procedures. | FATCA_CRShigh | PCTEFD | failed · 6/17/2026 |
| Amber | Maintain documented procedures for the periodic confirmation of compliance with FATCA and CRS standards. | FATCA_CRShigh | PCTEFD | never |
| Red | Maintain documented procedures for the periodic refresh of FATCA and CRS training for relevant employees. | FATCA_CRShigh | PCTEFD | failed · 6/5/2026 |
| Amber | Deliver AML/CFT training to all relevant employees on appointment and at least annually thereafter. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Tailor training content to the role, responsibilities and risk exposure of each employee group. | TRAININGelevated | PCTEFD | passed · 6/23/2026 |
| Amber | Maintain a documented training needs analysis covering all regulated activities. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Maintain a documented training plan covering AML/CFT, sanctions, data protection, conduct and market abuse. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Record attendance, completion and assessment results for all mandatory training. | TRAININGelevated | PCTEFD | passed · 6/23/2026 |
| Amber | Apply documented procedures for the management of training non-completion and follow-up. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the periodic refresh of training content against regulatory developments. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the delivery of bespoke training to the board, MLRO, MLCO and senior management. | TRAININGelevated | PCTEFD | passed · 6/23/2026 |
| Amber | Apply documented procedures for the delivery of induction training to all new employees before commencement of duties. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the assessment of training effectiveness through knowledge testing. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the periodic independent review of the training programme. | TRAININGelevated | PCTEFD | passed · 6/23/2026 |
| Amber | Apply documented procedures for the management of competence assessments for risk-relevant roles. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the management of continuing professional development for regulated employees. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |
| Amber | Apply documented procedures for the periodic board reporting on training completion and effectiveness. | TRAININGelevated | PCTEFD | passed · 6/23/2026 |
| Amber | Apply documented procedures for the periodic confirmation of compliance with training standards. | TRAININGelevated | PCTEFD | passed · 7/25/2026 |