Outsourcing Principles

Firms must as part of their vendor assurance, ensure the outsourced provider has "appropriate knowledge, skill, and experience" and applies policies and controls to an equivalent standard.

How Tiller Satisfies This:

• Local Regulatory Alignment: Unlike other providers, Verify by Tiller has been explicitly mapped to the GFSC Handbook. We collaborated with Guernsey compliance specialists Horsepool to ensure our workflows align with local Schedule 3 requirements.

• Security Standards: Tiller Technologies demonstrates that its information security, data protection, personnel skills, and operational controls meet the highest international standard for information security management.

• Proven Track Record: Tiller are the chosen partner for regulated entities across the Channel Islands and globally, including banks, wealth managers, and trust companies.

Firms must assess the ML/TF/PF risks and vulnerabilities (cyber risks) associated with "New Technology" before adoption.

How Tiller Satisfies This:

• Data Residency: Your client data is hosted in Microsoft Azure data centres (based in Europe), ensuring alignment with GDPR and data sovereignty requirements. Tiller and it's sub-processors strictly manage and are transparent about how data is managed and were required to perform the function instructed by you, shared.

• Encryption Standards: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256), mitigating the risk of data interception or leakage. We employ a security in depth design approach to ensure data is always secure.

• Penetration Testing: We undergo regular independent penetration testing (annual or major release) to validate the resilience of our platform against cyber threats. We also continually test and monitor our platforms security state and resilience posture.

Electronic verification must act as a "triple check," verifying:

1. Authenticity: The document is genuine.

2. Liveness: The person presenting it is real and present.

3. Linkage: The person is linked to the identity and address.

How Tiller Satisfies This:

• Authenticity (NFC Verification): Verify by Tiller utilizes NFC chip reading to cryptographically validate e-Passports. This accesses the government-signed digital data directly, preventing tampering and "photoshop" fraud which optical-only checks might miss. In addition, we apply rigorous templated, tamper and authenticity detection techniques to verify all forms or presented id documents.

• Liveness (ISO 30107-3 Level 2): We utilize Passive Liveness detection certified to ISO 30107-3 Level 2. This detects deepfakes, masks, and screen spoofs instantly without complex user instructions.

• Linkage (Geo & Residential Address): We verify the individual's residential address against international regulatory quality databases (50+ countries) and can capture geo-location data during the check to confirm the user is physically located where they claim to be.

The firm must "monitor the outsourced activity" and maintain a retrievable audit trail. Relying solely on a third party without oversight is not permitted.

How Tiller Satisfies This:

• Immutable Audit Logs: client acceptance of terms, documents uploaded, and check performed etc., all generate a timestamped digital record.

• The "Compliance Pack" (PDF): For every client screened, Tiller generates a comprehensive PDF report detailing the information captured from the client, checks performed, the results (Pass/Fail), notes and the specific risk flags. This document can be downloaded manually or automatically via the API to your internal Document Management System (DMS) to satisfy record-keeping rules (Regulation 14).

• Administrative Annotations: The Tiller Portal allows your internal compliance team to add "Administrative Notes" to a client profile. This is critical for recording your human decision-making rationale (e.g., "Accepted risk based on additional evidence Y"), proving that you retain final responsibility.

The agreement must ensure the provider reports any knowledge or suspicion of ML/TF to the firm's MLRO.

How Tiller Satisfies This:

• Automated Flagging: Verify by Tiller does not "hide" results. If a check fails (e.g., a sanction match, a liveness failure, or a document expiry), the system triggers a "Red Flag" or "Refer" status on the dashboard, ensuring the appropriate review and informed action can be taken.

• Escalation Workflow: These flags act as the trigger for your internal team to investigate. While Tiller does not file the SAR with the Financial Intelligence Unit (FIU), our clear "Exception Reporting" ensures your MLRO has the immediate intelligence needed to form a suspicion and report if necessary.

This is the most critical document for SaaS engagements. The GFSC explicitly recognizes Cloud services as an "asset" that must be risk managed.

• Cloud as Outsourcing: The Guidance states: "The Commission recognises that a Firm may hold assets using cloud services or similar outsourced service. It is the expectation that a Firm would identify these assets held in this manner in the same way they would any other outsourced provider."

• Board Accountability: The Board remains accountable, and they must verify that the SaaS provider has appropriate controls (Identify, Protect, Detect, Respond, Recover).

• Standardised Services: The Commission acknowledges that for large, standardised providers (like Microsoft Azure or SaaS platforms), a bespoke contract may not be possible. In these cases, the Board must:

  • Review the provider's standard terms.

  • Assess if those terms meet the firm's minimum-security requirements.

  • Accept the residual risk formally in the Board minutes.

How Tiller Satisfies This:

• Extensive Information Available: Through this Trust Portal we provide full access to our governance policies and procedures providing you with the confidence that Tiller has appropriate controls in place to (Identify, Protect, Detect, Respond, Recover).

• Contractual Terms: Our contract with you is already designed to ensure it allows you to adhere to all the requirements set out by the GFSC without the need for any additional special terms, security requirements or other provisions. The contract has been reviewed and accepted by many companies operating in Guernsey and the Crown Dependencies and is proven to meet legal needs of those companies. Should however you have any unique requirements in excess of those mandated by the regulators our sales staff will be happy to discuss your specific requirements.

This applies to all licensees (Investment, Fiduciary, Insurance, Banking) and sets the governance standard.

• Due Diligence: You must conduct (and document) technical due diligence before signing. For a SaaS provider.

• Business Continuity (BCP): You must have a "Exit Plan." If Tiller (the SaaS) goes offline or goes bust, how do you continue to screen clients?

  • Standard: You must be able to switch to an alternative provider or revert to manual checks without significant disruption.

• Data Sovereignty: While Guernsey has no hard "data residency" law preventing data leaving the island (unlike some jurisdictions), you must ensure compliance with the Data Protection (Bailiwick of Guernsey) Law, 2017.

  • Requirement: The SaaS provider must host data in an "Adequacy" jurisdiction (e.g., UK, EU/EEA) or have Standard Contractual Clauses (SCCs) in place.

How Tiller Satisfies This:

• Due Diligence: Through this Trust Portal and the support provided by our own onboarding process we provide all the information you require to perform a detailed due diligence assessment on Tiller and its platform. We even provide a completed due diligence assessment form which you can download plus all the supporting documentation.

• Contractual Terms: Backed into our contractual terms are exit clauses which ensures you can evidence an exit plan should you need to switch to an alternative provider. All your data is available to you to download and extract via our API.

• Data Sovereignty: Your client data is hosted in Microsoft Azure data centres (based in Europe), ensuring alignment with GDPR and data sovereignty requirements. Tiller and it's sub-processors strictly manage and are transparent about how data is managed and were required to perform the function instructed by you, shared.

When a SaaS company is used for CDD, it is "New Technology."

• Risk Assessment: Regulation 3(3)(c) mandates a specific risk assessment to identify "money laundering and terrorist financing risks" arising from the technology.

  • Example: Does the system allow for "spoofing"? Is the database update frequency sufficient?

• Board Approval: This specific assessment must be discussed and approved by the Board.

How Tiller Satisfies This:

• Up to Data Sources: Verify by Tiller only uses regulatory quality data sources which are updated daily when performing its check. Our technology, such as the use of NFC chips and templated anti-tamper checks of id documentation ensures we meet the highest verification standards.

• Extensive Information to support assessment: Through this Trust Portal and the support provided by our own onboarding process we provide all the information you require to perform a detailed risk assessment on Tiller and its platform. We even provide a completed due diligence assessment form which you can download.