IOMFSA AML/CFT Handbook

Requirement:

• Firms must estimate the ML/FT risk posed by their business and customers, considering factors like customer complexity, geography, and delivery channels.

How Tiller Satisfies This:

• Meeting the requirement to estimate ML/FT risk requires more than just checking boxes; it requires a accurate view of your portfolio. Verify by Tiller ensures your compliance data across all client entities is up to date, mapping high-risk factors such as jurisdictional exposure and PEP factors. This allows your firm to construct an accurate, cumulative risk profile, ensuring your Business Risk Assessment accurately reflects the reality of your customer base rather than a theoretical estimate.

Requirement:

• A CRA must be undertaken prior to establishing a relationship. It must consider nature, scale, complexity, and location of the customer, and be recorded to demonstrate its basis.

How Tiller Satisfies This:

• Verify allows you to automatically capture, and verify all the information such as client inputs, screening results, and geographic data, required to accurately and effectively determine the risk profile of the client ensuring a consistent and documented CRA for every profile

Requirement:

• Firms must assess ML/FT risks posed by any technology used, including digital ID systems, ensuring robustness and data security.

How Tiller Satisfies This:

• Verify acts as a risk-mitigating technology with robust security protocols, data encryption, and immutable audit trails, directly supporting the "robustness" and "data security" requirements of your TRA. The information to support this is available in the Trust Components section of this Trust Site.

Requirement:

• You must ensure "business continuity" in the event of system failure.

How Tiller Satisfies This:

• SLA & Redundancy: Tiller operates with high-availability server redundancy and a documented Disaster Recovery Plan, ensuring minimal downtime and continuous access to your compliance data.

• Tiller targets a platform availability of 99.9% availability per month during business hours. We employ redundant systems and failover mechanisms to ensure availability. Real-time service status and historical uptime reports are available to clients upon request or via our status page.

• Our BCP (Client Product Services DR Plan) outlines contingency planning for the event of a loss of critical service from its Azure cloud hosting provider. For a standard DR situation involving a full failover of all Verify by Tiller services to its secondary data centre at Azure, which is hosted in a separate georedundant region, the target RTO is 24 hours (within 1 business day), and the target RPO is 4 hours. In all failover DR tests and simulated critical failure modes, Tiller achieved a significantly quicker RTO time.

  For non-critical issues, not requiring failover to an alternate data centre there would little if any disruption to services.

Requirement:

• You must identify and verify the customer using reliable, independent source documents, data, or information.

How Tiller Satisfies This:

• Electronic IDV (eIDV): Verify integrates with global data bureaus and biometric providers to perform real-time identity checks, verifying name, address, and date of birth against independent sources.

• Global Document Forensics: Our platform checks government-issued IDs against a global database of document templates, analysing security features (holograms, fonts, MRZ codes) to detect forgeries that the human eye might miss.

Requirement:

• You must identify the beneficial owner (UBO) and take reasonable measures to verify their identity.

How Tiller Satisfies This:

• UBO Unwrapping: Although at this time, Verify cannot allow for the mapping of complex corporate structures, or recording UBO details (This is coming soon in our KYB module), Verify does enabling you to perform on the identified individuals the required screening and verification.

Requirement:

• When using electronic verification, firms must ensure the system is robust, secure, and protects against fraud (e.g., liveness checks).

How Tiller Satisfies This:

• Biometric Liveness Detection: Verify utilises advanced biometric matching (selfie-to-ID) with passive liveness detection certified to the highest ISO 30107-3 iBeta Accreditation Level 2 PAD standard, to prevent spoofing and impersonation fraud, satisfying the Handbook’s guidance on digital identity.

Requirement:

• Procedures must determine whether a customer is on a sanctions list. Screening must be done at the outset and on an ongoing basis.

How Tiller Satisfies This:

• Global Watchlist Screening: Verify screens individuals and entities against all major global sanctions lists (UN, UK, EU, OFAC) in real-time, providing immediate alerts if a client is listed.

Requirement:

• Firms must determine if a customer or UBO is a PEP. This requires proactive steps like database screening.

How Tiller Satisfies This:

• PEP Identification: The platform screens against extensive global PEP databases, identifying not just the PEP but also close associates and family members (RCAs), enabling you to apply Enhanced Due Diligence (EDD) where required.

Requirement:

• A customer subject to regulatory warnings or adverse media regarding criminality must be treated as higher risk.

How Tiller Satisfies This:

• Negative News Screening: Verify scans thousands of global news sources daily for adverse media, helping you identify reputational risks that standard identity checks might miss.

Requirement:

• EDD is required for high-risk customers, including obtaining source of wealth (SoW) and senior management approval.

How Tiller Satisfies This:

• Workflow Management (Custom Forms): Verify allows you to flag high-risk profiles for "Enhanced" review workflows, mandating the collection of additional documents (SoW evidence) ensuring all additional information is captured and reviewed for Senior Management approval.

Requirement:

• For high-risk relationships, you must take reasonable measures to establish the source of wealth.

How Tiller Satisfies This:

• Document Repository: The platform provides a secure repository to upload and categorise SoW evidence (e.g., property sales, dividend statements), linking them directly to the client profile for audit purposes.

Requirement:

• Firms must perform ongoing monitoring of the business relationship, including scrutiny of transactions and ensuring CDD documents are up to date.

How Tiller Satisfies This:

• Perpetual KYC (pKYC): Verify supports daily automated re-screening of your client base. If a client is added to a sanctions list or becomes a PEP post-onboarding, the system triggers an immediate alert for remediation.

Requirement:

• Documents must be kept up-to-date and accurate, particularly for higher risk relationships.

How Tiller Satisfies This:

• Expiry Management: The platform tracks document expiry dates (e.g., passports) and can trigger notifications when updated CDD is required, ensuring your files never become stale.

Requirement:

• Ultimate responsibility remains with the relevant person. You must retain decision-making powers.

How Tiller Satisfies This:

• Decision Engine: Verify is a tool to support your decision, not a replacement. You configure what to check and what not to check and the thresholds to apply. The platform flags findings (e.g., "PEP Match") and give the information needed to help make a decision, but your compliance team makes the final "Approve/Reject" decision within the portal.

Requirement:

• You must consider "supplier maturity" and "geographic risks" of the vendor.

How Tiller Satisfies This:

• Decision Engine: UK/IoM Centric: Tiller Technologies is a mature, Jersey-based technology provider. We host data in secure, compliant jurisdictions within the EU that align with Isle of Man "adequacy" standards for data protection.

Requirement:

• Firms must keep copies of all CDD documents, risk assessments, and results of analysis for at least 5 years.

How Tiller Satisfies This:

• Client Report: Verify generates a time-stamped, immutable client report of all information captured, screening results, actions taken, documents uploaded, and user approvals, ensuring you are always "audit-ready" for the IOMFSA.

Requirement:

• Records must be retrievable within a reasonable timeframe to satisfy competent authority enquiries.

How Tiller Satisfies This:

• Instant Retrieval: All client profiles and associated history are stored digitally allowing you to either manually download and index the in the client file or automatically via the APi inject them into your CRM and/or document storage system. All the information is then instantly ready for regulatory inspections or internal audits.

Under Paragraph 6(1) of the Code, a relevant person must carry out an assessment that estimates the ML/FT/PF risk posed by the customer. This is not optional; it must be undertaken prior to the establishment of a business relationship. The Handbook emphasizes that the CRA allows you to determine the extent of CDD to apply and whether enhanced measures are necessary. It must consider specific risk factors, including the nature, scale, complexity, and location of the customer’s activities.

How Verify by Tiller Addresses This:

• Verify allows you to configure a digital risk assessment model that mirrors your firm’s specific risk appetite. Tou can map your risk factors, such as country risk, client PEP status etc. Verify automates the collection of the information and its verification for every client. This ensures that every CRA is recorded and consistently applied, providing the "demonstrable basis" for your risk rating required by the Code.

The Code lists "circumstances in which the relevant persons and the customer have not met" as a risk factor that may pose a higher risk. However, the Handbook clarifies that in the digital age, "being physically present is not necessarily the only method of meeting a customer". The Handbook allows for the use of electronic methods if the system is sufficiently robust, secure, and protects against fraud.

How Verify by Tiller Addresses This:

• Verify utilizes advanced biometric electronic verification (eIDV). It captures a live video or "selfie" of the customer and matches it biometrically to the photograph on their government-issued ID. This process includes passive liveness detection certified to the highest ISO 30107-3 iBeta Accreditation Level 2 PAD standard to prevent "spoofing" (e.g., holding up a photo or using a deepfake), aligning with Handbook guidance on using technology to mitigate the risks of non-face-to-face identification.

Paragraph 13(1)(c) of the Code mandates that firms must perform ongoing monitoring to determine whether a customer is listed on a sanctions list. The Handbook explicitly warns that "periodic or trigger event customer reviews may not be adequate to detect such listings in a timely manner". You must ensure you do not breach sanctions requirements by dealing with a listed entity.

How Verify by Tiller Addresses This:

• Verify is configured for daily automated ongoing monitoring. It screens your entire client base against the latest UN, UK (OFSI), EU, and OFAC sanctions lists every 24 hours. If a client is added to a list, the system generates an immediate alert for your compliance team to investigate, ensuring you meet the requirement to detect listings in a "timely manner".

For high-risk customers, Paragraph 15(2)(c) of the Code requires you to take reasonable measures to establish the customer's Source of Wealth (SoW). The Handbook distinguishes SoW from Source of Funds; SoW refers to the origin of the customer's entire body of wealth. Failing to gather this information for high-risk clients is a direct breach of the Code.

How Verify by Tiller Addresses This:

• Verify provides a structured workflow for Enhanced Due Diligence (EDD). It allows you to mandatorily request SoW declarations and supporting evidence (e.g., property sale contracts, probate documents, audited accounts) for high-risk profiles. These documents are securely stored against the client record, creating an audit trail that demonstrates you have taken "reasonable measures" to establish SoW.

Paragraph 14 of the Code requires you to have procedures to determine if a customer is a Politically Exposed Person (PEP). If a customer is a foreign PEP (or a higher-risk domestic PEP), you must obtain Senior Management approval to continue the relationship and perform enhanced ongoing monitoring.

How Verify by Tiller Addresses This:

• Verify screens against global PEP databases (including relatives and close associates). If a match is found, the profile is flagged. The platform's workflow ensures the flagged match is reviewed and either confirmed or rejected as a false positive with supporting notes. Your procedures can therefore enforce "Senior Management approval" requirement and creating an immutable record of that decision.

Paragraph 7 of the Code requires all relevant persons to carry out a TRA to estimate the ML/FT risks posed by any technology used in their business. The Handbook notes that while technology can improve efficiency, it can also weaken measures if applied without understanding. You must assess the robustness of the technology and its ability to withstand cyber-attacks.

How Verify by Tiller Addresses This:

• Verify supports your TRA by providing full details of all the components required to verify the platforms suitability (including Information Security, Data Protection, Cloud & Reliability, and Risk & Compliance policies and procedures). Tiller also provides a full Due Diligence Pack including a completed Due Diligence Questionnaire for you to use. We provide detailed documentation on our policies and procedures to help you complete your your TRA. Using a reputable third-party provider like Verify can mitigate the risks associated with "home-grown" or unmaintained technology solutions or providers which are not familiar with the Isle of Man's particular needs.

The Handbook states that relevant persons must comply with AML/CFT requirements having regard to their obligations under data protection legislation (GDPR as applied in IoM). Specifically, the TRA must consider the adequacy of controls to ensure compliance with data protection and privacy.

How Verify by Tiller Addresses This:

• Verify is built with Privacy by Design principles. It ensures data is stored securely, encrypted at rest and in transit, and allows for the granular management of the data held. Tiller adheres to the robust framework of global and regional regulations. Our approach ensures full compliance with the 7 principles of General Data Protection Regulation (GDPR) (EU) 2016/679, which is detailed in our Privacy and Personal Data Protection Policy. This commitment extends to specific local regulations, including the Data Protection Act 2018 (DPA 2018) and Data Protection (Application of GDPR) Order 2018 (including its amendments, "Adequacy" Update (2024) and Amendment to Regulations 2025 (SD 2025/0115)). These legal frameworks guide every aspect of our data handling, from collection and processing to storage and disclosure, ensuring the highest standards of data integrity and confidentiality.

While electronic verification is encouraged, the Handbook still permits the use of hard copy documents. However, these must be certified by a "suitable certifier" to establish their reliability. The Handbook requires you to assess the reliability of the certifier and ensure the copy is of good quality.

How Verify by Tiller Addresses This:

• Verify allows for the upload and storage of traditional certified documents alongside electronic checks. You can upload the certified copy and tag the document type. This supports a "hybrid" approach where you may use eIDV for some clients and manual certification for others, keeping all records in one central digital repository. The responsibility however is on the client to ensure the uploaded certified copy is genuine and acceptable.

The Code provides for exemptions and simplified measures (often called SDD) in lower-risk scenarios, such as listed companies or certain collective investment schemes. However, the Handbook explicitly states that "simplified measures must be risk sensitive" and you must keep a record of what concessions are used.

How Verify by Tiller Addresses This:

• Verify allows you to configure dynamic workflows. If your initial risk assessment scores a client as "Low Risk" (e.g., a PLC), you can use a simplified workflow that requests fewer documents or performs lighter-touch verification, consistent with the Code's concessions. Crucially, it records why SDD was applied, satisfying the audit trail requirement. If your initial risk assessment scores a client as a higher risk, you can use a more complicated workflow that requests more information and supporting documents and performs more verifications.

Paragraph 15(5)(b) of the Code states that a customer subject to a "warning in relation to AML/CFT matters" is a matter posing a higher risk. The Handbook advises that you should consider "adverse media reports" or "reliable and credible allegations of criminality" as part of the customer's reputation profile.

How Verify by Tiller Addresses This:

• Verify integrates negative news screening into the onboarding process. It scans thousands of global news sources for adverse media regarding your client. If a "hit" is found (e.g., allegations of fraud or corruption), it is presented to the compliance officer for review. This enables you to factor reputational risk into your CRA, even if the client has no criminal conviction.

Paragraph 23 of the Code requires the appointment of a Money Laundering Reporting Officer (MLRO) who must be sufficiently senior and have authority. The Handbook clarifies that while you can use technology, "it is not possible to outsource responsibility for compliance". The MLRO must retain responsibility for external disclosures.

How Verify by Tiller Addresses This:

• No. Verify is a tool to assist the MLRO and your onboarding team, not a replacement. It empowers the MLRO by providing organized data, automated alerts, and comprehensive reports. It frees up the MLRO and onboarding team from manual administrative tasks so they can focus on the high-value judgement calls—such as reviewing suspicious activity and submitting SARs—which are duties that cannot be delegated.

Paragraph 33 of the Code requires relevant persons to keep copies of all CDD documents and risk assessments. Paragraph 34 mandates that these records must be retained for at least 5 years from the end of the business relationship or the date of the occasional transaction. Records must be retrievable within a reasonable timeframe.

How Verify by Tiller Addresses This:

• Verify retains all client data, documents, check findings, and documents in a secure digital archive for you to download from manually or using API's inject directly into your existing CRM or Document Storage System for permanent or long term storage. The duration of data retention within Verify is set by the retention policy settings. Verify is not designed to be your permanent archive. This ensures you are not "locked In" to using Verify and retain you required data independence.

"De-risking" is the termination of relationships to avoid risk rather than managing it. The Handbook encourages firms to avoid wholesale de-risking and instead apply a risk-based approach to manage risks on a "case-by-case basis". De-risking can increase financial exclusion and drive funds underground

How Verify by Tiller Addresses This:

• Verify provides granular risk data. Instead of a binary "yes/no" to a client, Verify allows you to see specifically where the risk lies (e.g., a specific high-risk jurisdiction or a specific adverse media article). This allows you to apply targeted Enhanced Due Diligence (EDD) to manage that specific risk rather than simply exiting the relationship, aligning with the Handbook’s guidance to avoid unnecessary de-risking.

Paragraph 27 of the Code requires the MLRO to make an external disclosure (SAR) to the Financial Intelligence Unit (FIU) if they know or suspect ML/FT. This must be done via "Themis," the IOMFIU’s secure online reporting system.

How Verify by Tiller Addresses This:

• Verify does not submit SARs to the FIU (only the MLRO can do this via Themis). However, Verify facilitates the Internal Disclosure process required by Paragraph 26. Staff can flag suspicious findings found by Verify and alert the MLRO. The platform then provides the MLRO with all the necessary CDD data required to populate the SAR on Themis effectively.

The Handbook applies not just to financial institutions but also to "Designated Businesses" under the Designated Businesses (Registration and Oversight) Act 2015. This includes accountants, estate agents, tax advisers, and others. These businesses have the same requirement to conduct risk assessments and CDD.

How Verify by Tiller Addresses This:

• Yes. Verify’s flexible workflow engine is ideal for Designated Businesses. Whether you are an estate agent needing to screen a buyer or an accountant performing KYC on a director, the platform can be scaled to fit. It supports specific data capture requirements by allowing you to tailor custom forms specific to the nature of the service you provide.