Guernsey AML/CFT/CPF Handbook

Requirement: Electronic identification and verification systems can be used, provided they are sufficiently robust to mitigate the risk of false positives and negatives. Chapter 5, Section 5.40

• How Tiller Satisfies This:

  • The Product employs a range of independent sources for identity verification, including government databases and official records.

  • The use of diverse data sources provides a robust system designed to minimise false positives and negatives.

Requirement: Systems must use multiple data sources to confirm identity and verify information independently. Chapter 5, Section 5.41

• How Tiller Satisfies This:

  • The Product sources data from a comprehensive network, including government and regulatory databases, to verify information independently, which aligns with the Handbook's requirements

Requirement: Firms must ensure electronic solutions are reliable and capable of verifying identification documents and details effectively. Chapter 5, Section 5.42

• How Tiller Satisfies This:

  • The Product uses a web-platform and user app which guides verification subjects through the provision of appropriate documentation, such as passports, national identity cards, driver’s licenses and proof of address documentation.

  • Where a verification subject provides documentation other than a passport with an NFC-enabled chip, the Product uses Optical Character Recognition to obtain the relevant data from the document.

  • Where a verification subject provides a passport with an NFC-enabled chip, the Product uses NFC-technology to import the passport details from the data held on the chip.

  • Address verification is performed using a series of data sources checked against public registers available from governments and related agencies, however, will have some limitations in certain countries. Manual intervention overcomes this limitation.

Requirement: The system must include measures for detecting fraud, document tampering, and impersonation attempts. Chapter 5, Section 5.43

• How Tiller Satisfies This:

  • The Product employs the use of a ‘liveness check’ which is designed to make use of the verification subject’s camera on their device when uploading their documentation and information to the associated app.

  • The ‘liveness’ check requires the subject to perform four movements which are captured on camera. The subject’s image is compared to their passport and other verification data and any anomalies are flagged to the user for investigation.

    • NB: This has now been replaced with an even more advanced 'Passive Liveness' test which is easier for the client and add enhanced reliability, security and is certified as meeting the ISO 30107-3 iBeta Accreditation Level 2 PAD:

      • ISO 30107-3: This international standard is the foundational framework for testing and evaluating how effectively a liveness detection solution can detect and defend against presentation attacks (spoofing attempts like photos, videos, or masks).

      • iBeta Accreditation: iBeta is an independent testing lab accredited to perform testing against the ISO 30107-3 standard.

        • Level 1 PAD: Confirms basic attack detection capabilities.

        • Level 2 PAD: A higher, more robust level of certification that involves more sophisticated attack scenarios and is considered the gold standard for enterprise-grade solutions.

  • Document tampering is largely mitigated by the use of independent source checks such as with address verification as described above.

Requirement: Firms using electronic identification must regularly review and monitor the solution’s effectiveness in line with the firm’s risk appetite. Chapter 5, Section 5.44

• How Tiller Satisfies This:

  • This is an obligation on the firm which wishes to make use of the Product and therefore is not relevant to the assessment of the suitability of the Product.

Requirement: Identification and verification of natural persons must include obtaining documentation which confirms the person’s full name, date of birth, nationality, residential address, and any former names. Chapter 5, Section 5.5

• How Tiller Satisfies This:

  • The Product collects all key identification data such as names, date of birth, nationality, and residential address based on:

    • (i) input from the verification subject and

    • (ii) verification against independent data sources.

  • The Product allows a firm to setup modular templates for different types of verification, based on the assumed risk profile of an individual.

Requirement: Verification must be based on reliable, independent source documents, data, or information. This includes official documents like passports, national identity cards, or driver’s licenses. Chapter 5, Section 5.6

• How Tiller Satisfies This:

  • The Product uses a web-platform and user app which guides verification subjects through the provision of appropriate documentation, such as passports, national identity cards, driver’s licenses and proof of address documentation.

  • Address verification is performed using a series of data sources checked against public registers available from governments and related agencies, however, will have some limitations in certain countries. Manual intervention overcomes this limitation.

  • The Product sources data from a comprehensive network, including government and regulatory databases, to verify information independently

Requirement: In cases where electronic solutions are used, verification must involve data obtained from multiple independent and reliable sources. Chapter 5, Section 5.41

• How Tiller Satisfies This:

  • The Product sources data from a comprehensive network, including government and regulatory databases, to verify information independently, which aligns with the Handbook's requirements.

Requirement: For higher-risk individuals, firms must take additional steps to verify identity, including obtaining certified copies of documents or conducting enhanced due diligence. Chapter 8, Section 8.4

• How Tiller Satisfies This:

  • The Product allows a firm to setup modular templates for different types of verification, based on the assumed risk profile of an individual. Certification of documents is replaced through the independent verification of the documentation employed by the Product.

Requirement: Verification records must be kept for the required retention period, typically five years, to facilitate future due diligence and transaction monitoring. Chapter 16, Section 16.2

• How Tiller Satisfies This:

  • The Product will automatically delete reports on verification subjects after a minimum period (e.g. 8 weeks) and it is incumbent on firms to ensure that the reports are downloaded and stored to their own systems, and retained for the required period.

Requirement: Firms must obtain information on the source of wealth and source of funds as part of the customer due diligence process, particularly for high-risk clients. Chapter 4, Section 4.9

• How Tiller Satisfies This:

  • The Product allows users to request source of wealth and source of funds information from verification subjects.

  • Verification subjects are required to articulate their source of wealth and source of funds, and upload corresponding proof or evidence which is reviewed by the user.

Requirement: Information on the source of funds must include the origin of the funds used in transactions or business relationships, requiring evidence such as bank statements, salary details, or sale of assets. Chapter 5, Section 5.17

• How Tiller Satisfies This:

  • The Product allows users to request source of wealth and source of funds information from verification subjects.

  • Verification subjects are required to articulate their source of wealth and source of funds, and upload corresponding proof or evidence which is reviewed by the user.

Requirement: For source of wealth, firms should gather information about how a customer acquired their total wealth, using evidence such as business ownership, investments, or inheritance documents. Chapter 5, Section 5.18

• How Tiller Satisfies This:

  • The Product allows users to request source of wealth and source of funds information from verification subjects.

  • Verification subjects are required to articulate their source of wealth and source of funds, and upload corresponding proof or evidence which is reviewed by the user.

Requirement: Firms must assess the plausibility of the information provided and corroborate it with documentation, especially in cases involving higher risk customers or transactions. Chapter 8, Section 8.5

• How Tiller Satisfies This:

  • The Product does not make any automated or assumed calculation of plausibility and is reliant on the firm and its users to make such assessment.

Requirement: Enhanced due diligence measures, including obtaining more detailed information and additional verification, must be applied when dealing with politically exposed persons (PEPs) or high-risk jurisdictions. Chapter 8, Section 8.4 - 8.7

• How Tiller Satisfies This:

  • The Product is designed as an E-ID Solution and forms part of an overall customer relationship risk assessment which must be designed and implemented by a firm. The firm is responsible for applying relevant ECDD measures based on the findings presented by the Product

Requirement: Firms must conduct regular screening against applicable sanctions lists (e.g., UN, UK, EU) to ensure they do not engage in business with sanctioned individuals or entities. Chapter 12, Section 12.5

• How Tiller Satisfies This:

  • The Product makes use of numerous global sanctions lists to perform initial screening at the point of take-on which includes appropriate sources which are linked to applicable sanctions lists.

  • The Product has a separate module called “Check” which is designed to allow independent screening without sending a request to a verification subject (such as when performing pre-engagement screening).

Requirement: PEP screening must include identifying customers and beneficial owners who are politically exposed persons and applying enhanced due diligence. Chapter 8, Section 8.16 - 8.20

• How Tiller Satisfies This:

  • The Products includes comprehensive PEP screening, leveraging a wide range of international sources and forms part of an overall customer relationship risk assessment which must be designed and implemented by a firm. The firm is responsible for applying relevant ECDD measures based on the findings presented by the Product.

Requirement: Adverse media checks must be conducted to identify negative information associated with customers that could indicate a higher risk of money laundering or terrorism financing. Chapter 5, Section 5.22

• How Tiller Satisfies This:

  • The Product scans over 120,000 sources for adverse media, indicating a robust process for identifying negative information and any findings are flagged to users which can be accepted or rejected, and the appropriate rationale is recorded.

Requirement: Firms must monitor transactions and customer activity for any matches against sanctions, adverse media, or PEP lists and take appropriate action (e.g., blocking transactions, filing suspicious activity reports) when a match is found. Chapter 11, Section 11.10 - 11.15

• How Tiller Satisfies This:

  • The Product is designed as an E-ID Solution and forms part of overall customer relationship risk assessment which must be designed and implemented by a firm. The firm is responsible for performing monitoring of transactions which is not the purpose of the Product.

Requirement: Records of sanctions and PEP screenings, including any actions taken as a result of a match, must be retained and documented for future reference. Chapter 16, Section 16.4

• How Tiller Satisfies This:

  • The Product will automatically delete reports on verification subjects after a minimum period (e.g. 8 weeks) and it is incumbent on firms to ensure that details of any matches and action taken are stored to their own systems, and retained for the required period.

Yes. The Handbook explicitly permits the outsourcing of functions relevant to compliance, including the gathering of identification data and screening. However, under Commission Rule 2.42, the Board remains ultimately responsible for compliance and cannot contract out of its statutory liability.

How Verify by Tiller Addresses This:

• Verify by Tiller acts as an outsourced service provider. While your Board retains liability, Tiller mitigates your vendor risk by providing a platform specifically "mapped" to the GFSC Handbook. It provides the rigorous audit trails and "meaningful, accurate and complete information" required by Commission Rule 2.48(c) to allow you to monitor the outsourced activity effectively.

Yes. The Handbook adopts a "technology neutral" stance. Chapter 5 (Section 5.6/5.7) and Chapter 6 (Section 6.5) permit the use of electronic systems to verify identity. In fact, Commission Rule 6.23 acknowledges that electronic controls can provide "an equally robust confirmation of a natural person's identity" compared to physical certification.

How Verify by Tiller Addresses This:

• Verify by Tiller utilises advanced E-ID technology that satisfies the criteria for "Electronic System Certifiers" in Section 6.5. It employs biometric facial matching and NFC chip reading of passports to confirm the document's authenticity and the individual's presence (liveness), replacing the need for a lawyer or accountant to certify a copy physically.

To replace a natural person certifier, the electronic system must integrate robust validation controls. Commission Rule 6.24 lists specific examples, including:

1. Capturing photographs of the ID and the person.

2. Liveness checks (anti-impersonation measures).

3. Corroboration of biometric data (e.g., NFC chip).

4. Independent verification of the document against missing/stolen lists.

How Verify by Tiller Addresses This:

• Verify by Tiller meets these specific technical standards by incorporating NFC chip reading (authenticating the government-issued e-Passport), biometric liveness checks (preventing spoofing), and document validation against global databases. Tillers 'Passive Liveness test is certified as meeting the highest ISO 30107-3 iBeta Accreditation Level 2 PAD standard:

  • ISO 30107-3: This international standard is the foundational framework for testing and evaluating how effectively a liveness detection solution can detect and defend against presentation attacks (spoofing attempts like photos, videos, or masks).

  • iBeta Accreditation: iBeta is an independent testing lab accredited to perform testing against the ISO 30107-3 standard.

    • Level 1 PAD: Confirms basic attack detection capabilities.

    • Level 2 PAD: A higher, more robust level of certification that involves more sophisticated attack scenarios, and is considered the gold standard for enterprise-grade solutions.

  This fulfils the "triple-lock" of security implied by the Handbook's guidance on electronic certification.

Yes. Commission Rule 2.46 mandates that prior to establishing an outsourcing arrangement, you must assess the risk of potential exposure to ML/TF/PF. Additionally, Commission Rule 3.67 requires a specific business risk assessment (BRA) update before adopting "new technologies" for CDD.

How Verify by Tiller Addresses This:

• Tiller assists in this process by providing transparency on its data sources and security protocols. They also provide a full due diligence pack which include an already completed due diligence assessment questionnaire to support and expedite the process. Implementing Tiller would constitute a "new business practice" or "new technology," and their system provides the granular reporting on their own controls necessary for your Board to approve the risk assessment as required by Commission Rule 3.71.

The obligation to screen remains absolute. Commission Rule 12.42 requires firms to ensure they are not dealing with sanctioned entities. Chapter 8 requires the identification of PEPs. Using an automated tool is highly recommended for ongoing accuracy.

How Verify by Tiller Addresses This:

• Verify by Tiller integrates real-time screening against global sanctions lists (UN, UK, OFAC) and PEP databases. Crucially, it addresses Commission Rule 8.2.1 (Enhanced Due Diligence) by enabling "more frequent and more extensive ongoing monitoring". Tiller’s "Monitoring" module provides daily alerts on changes to a client's status, ensuring you are immediately aware if a client becomes a PEP or is sanctioned after onboarding.

Yes. Section 5.4 of the Handbook requires verification of the principal residential address. Section 5.5 permits the use of "electronic statements" (e.g., utility bills delivered by email, or digital sources) provided the firm is satisfied with their veracity.

How Verify by Tiller Addresses This:

• Tiller allows for the secure upload and capture of address documents. It also performs direct verification of the residential address against government, credit agency and utility company databases. Furthermore, it can enhance "reasonable measures" by using geolocation capture (GPS data) at the time of onboarding to corroborate that the user is physically present at the claimed location, adding a layer of assurance beyond a simple PDF upload.

Commission Rule 16.14 requires that records are "readily retrievable" and kept for at least five years. You must be able to provide these to the Commission or FIU promptly.

How Verify by Tiller Addresses This:

• Verify by Tiller creates a comprehensive digital audit trail. For every check, it generates a detailed PDF report that includes timestamps, the specific data sources checked, and the outcomes of biometric matching. This ensures that even if you change providers later, you have a permanent, exportable record of the due diligence performed, satisfying Chapter 16 requirements.

Yes. While not always a strict rule for low risk clients, Section 3.17.1 (Customer Risk Factors) indicates that firms must consider "adverse media reports" when assessing customer reputation. For high-risk clients, EDD measures often require open-source intelligence searches.

How Verify by Tiller Addresses This:

• Tiller includes an Adverse Media screening module that scans thousands of global news sources. This automates the "negative press" check, helping you build a robust risk profile as required by Chapter 3, without your analysts having to manually trawl search engines.

Yes. Chapter 10 allows firms to rely on an "Introducer" (Appendix C business) but requires the firm to "immediately upon request" obtain identification data. The risk often lies in the delay of receiving this data.

How Verify by Tiller Addresses This:

• Tiller can be used to facilitate Introduced Business. The Introducer can use Tiller to perform the check and instantly share the secure digital ID pack with your firm. This ensures you meet the "immediately upon request" test by effectively having the data available in real-time, reducing the reliance risk described in Section 10.2.

For High-Risk relationships (e.g., Foreign PEPs), Commission Rule 8.6 mandates Enhanced Due Diligence (EDD). Automation alone is rarely sufficient; senior management approval is required.

How Verify by Tiller Addresses This:

• Tiller supports a Risk-Based Approach. You can configure workflows so that if a "hit" (PEP match or high-risk country) occurs, the file is flagged for manual review. Tiller provides the raw data (source of wealth docs, screening hits) to enable your MLRO/Senior Management to make the informed decision required by Chapter 8, but it does not auto-approve high-risk cases, ensuring compliant human oversight.

Section 8.3 requires taking reasonable measures to establish source of funds and wealth for high-risk customers.

How Verify by Tiller Addresses This:

• The platform allows for the secure upload of supporting documentation (bank statements, investment portfolios, sale agreements) directly from the client during the onboarding flow. This ensures SoF evidence is collected and linked directly to the client's digital profile, facilitating the "corroboration" required by Commission Rule 8.25.

The Handbook requires measures to prevent "impersonation or identity fraud". A simple static selfie can be spoofed. Section 6.5(b) suggests "anti-impersonation measures" such as repeating words or movements.

How Verify by Tiller Addresses This: Verify by Tiller uses passive liveness checks rather than just a static photo. Tillers advanced passive liveness technology is certified as meeting the highest international standard of ISO 30107-3 iBeta Accreditation Level 2 PAD:

• ISO 30107-3: This international standard is the foundational framework for testing and evaluating how effectively a liveness detection solution can detect and defend against presentation attacks (spoofing attempts like photos, videos, or masks).

• iBeta Accreditation: iBeta is an independent testing lab accredited to perform testing against the ISO 30107-3 standard.

  • Level 1 PAD: Confirms basic attack detection capabilities.

  • Level 2 PAD: A higher, more robust level of certification that involves more sophisticated attack scenarios, and is considered the gold standard for enterprise-grade solutions.

This technology fully satisfies the robust anti-impersonation requirements of Chapter 6.

Chapter 7 requires understanding the ownership and control structure of legal persons and identifying Ultimate Beneficial Owners (UBOs).

How Verify by Tiller Addresses This:

• While E-ID is primarily for natural persons, Tiller will soon release a new KYB module which will allow you to build corporate structures within the platform, identifying UBOs. You can then trigger the individual E-ID checks for each identified UBO and Director. This "unwrapping" of the corporate structure aligns with Section 7.3 (Beneficial Ownership).

The Handbook requires you to resolve potential matches. Section 12.9 emphasizes that firms must have procedures to handle sanction alerts.

How Verify by Tiller Addresses This:

• Tiller provides detailed match data (e.g., match percentage, specific alias matched). It allows your compliance team to review the potential match, add commentary/rationale for discounting it (if it is a false positive), and mark it as "Resolved." This creates the audit trail of the decision-making process required for regulatory defence.