Jersey AML/CFT/CPF Handbook
The information provided here is for general informational purposes only and is not intended to constitute legal or professional advice. It is provided 'as is' and should not be considered a substitute for a comprehensive review against the relevant laws and regulations as they apply to your company.
We developed our Verify by Tiller platform to provide regulated companies with the necessary information to meet the requirements of the JFSC AML/CFT/CPF Handbook.
To provide you with an additional layer of assurance, we engaged independent compliance experts, BDO Group Jersey, to review our Verify by Tiller platform's adherence to the handbook.
We're proud to confirm that BDO's review found no gaps in our compliance.
We are happy to make BDO's report available to you via the request form below.
Handbook Requirement Mapping
Below is a breakdown as to how Tiller performed against JFSC AML/CFT/CPF Handbook requirements when it was independently assessed by BDO Group Jersey.
Finding out identity
A Supervised Person may demonstrate that it has found out the identity of an individual where it collects all the following [Article 3(2)(a) of the Money Laundering Order]
Legal Name & names currently used
Names are read from the ID Documents Names are checked vs electoral registers or similar
Former names
Application allows additional names to be captured and for supporting documents to be uploaded
Principle residential Address
Date of Birth is read from the ID document then checked to government data sources
Date of Birth
Place of Birth is read from the ID document then checked to government data sources. Manual capture is available where the ID document does not carry this data field.
Nationality
Nationality is read from the ID documents then checked to government data sources. Manual capture is available where the ID document does not carry this data field.
Government Issued Identifier
Identification numbers is read from the ID document then checked to government data sources.
Gender Identity
Gender is read from the ID documents
Obtaining evidence of identity
A supervised person may demonstrate that it has obtained two sources of evidence that cover the above collected identity data
A current passport, national identity card or driving licence
Names are read from the ID Documents Names are checked vs electoral registers or similar
Correspondence from central or local government, bank statement, utility bill or tenancy contract / agreement
Application allows additional names to be captured and for supporting documents to be uploaded
Obtaining Evidence of Identity – Independent Data Sources The Guidance Notes in the AML/CFT Handbook [section 4.3.4, 66] confirms that a supervised person may demonstrate that it is satisfied that data or information it has accessed directly from data source(s) is sufficiently extensive, reliable and accurate under Article 3(2)(a) of the Money Laundering Order where the source, scope and quality of the data or information accessed are understood.
Additional measures for when the person is not physically present
The Guidance Notes specifically highlights features of E-ID applications that may be used to mitigate the risk that documents have been tampered with or forger may include:
The copy of the document is of a very high level of clarity and resolution
Images are captured by the user’s mobile device or extracted from the document’s NFC chip. The images are presented to the user as part of the in-app operations process for approval.
The copy of the document is automatically matched to a pre-defined “template” for the given id document
The document image is compared to government templates as part of the ID&V process
The data in the main body of the document is compared to biometric data stored in the document’s machine-readable zone code
Where the document type supports this capability (for example, passport document switch NFC/RFID chips), this check is undertaken
Data on the document is automatically examined for use of unauthorised print fonts and unexpected character spacing
The ID document image is compared to government templates as part of the ID&V process
The copy of the document is automatically examined to enable detection of fraudulent documents on the basis of that documents’ security features and locations of its elements
The ID document image is compared to government templates as part of the ID&V process.
The copy of the document is examined by individuals specifically training to detect tampering / forgery (e.g. ex-border agents) or the E-ID application has been designed with the characteristics of this training/expertise in mind.
The ID document image is compared to government templates as part of the ID&V process. Verify by Tiller has been built with this requirement in mind and incorporates a range of tamper-detection processes.
The E-ID application itself controls the process and allows no opportunity to tamper with documents or photographs
Verify by Tiller controls the entire process. The user has no opportunity to tamper with images
A highly secure connection is used to transmit copies of documents and photographs
The transmission method is highly secure and undertaken by the application
The E-ID application’s security is regularly tested in order to guard against hacking or other security breaches
Verify by Tiller undergoes regular, full, front-to-back penetration test cycles. These tests are performed by an independent third party.
A "selfie" photograph of the customer is taken and biometrically compared/matched to the photograph on the identity document presented
A series of randomised, liveness tests are performed during the ID&V process. These are checked to the government issued ID document.
A video or a "micro-stream” of photographs is taken in order to identify facial movements, which may help to confirm that the customer is present
A series of randomised, liveness tests are performed during the ID&V process. These are checked to the government issued ID document.
Use of anti-impersonation measures
A series of randomised, liveness tests are performed during the ID&V process. These are checked to the government issued ID document.
A code or password is sent to the customer who, immediately before the application
The user is provided with a unique activation link as part of the ID&V process.
Use of location matching
GPS location is captured as part of the ID&V process
The requirement that any image taken is adequately illuminated when using the E-ID solution
Images are captured by the user’s mobile device or extracted from the document’s NFC chip. The images are presented to the user as part of the in-app operations process for approval.
Where a supervised person uses E-ID applications, adequate records are required to be kept
A full report of the ID&V checks & finding is provided to the Supervised Person on completion of the ID&V process.
Record keeping requirements relevant to use of electronic id
Adequate records are required to be kept
Verify by Tiller provides the Supervised Person with a pdf containing a full copy of all data, images and findings conducted as part of the ID&V process. The Supervised Person is subsequently responsible for maintaining these records on an ongoing basis.
Details of the biometric checking undertaken
This varies by country and document type. Please refer to Verify by Tiller’s service documents
Details of what third party data sources have been utilised to verify the customer (if any).
This varies by country and document type. Please refer to Verify by Tiller’s service documents
Details of the audit trail, sign-off or additional steps which have been undertaken.
Verify provides a comprehensive .pdf document the details all the steps and approvals undertaken whilst using the service.
Adequate records are required to be kept
Verify by Tiller provides the Supervised Person with a pdf containing a full copy of all data, images and findings conducted as part of the ID&V process. The Supervised Person is subsequently responsible for maintaining these records on an ongoing basis.
Details of the biometric checking undertaken
This varies by country and document type. Please refer to Verify by Tiller’s service documents
Details of what third party data sources have been utilised to verify the customer (if any).
This varies by country and document type. Please refer to Verify by Tiller’s service documents
Details of the audit trail, sign-off or additional steps which have been undertaken.
Verify provides a comprehensive .pdf document the details all the steps and approvals undertaken whilst using the service
The JFSC Handbook and Verify by Tiller: An Overview
Does Verify by Tiller provide the information required under Article 3(2)(a) of the Money Laundering Order to perform customer due diligence
Yes. Verify by Tiller captures and where information required to verify the identity of an individual and were possible independently verifies that information from regulatory quality 3rd part data sources, and verified identity documents. For full details see the detail in the Handbook Requirement Mapping
Is the use of independent data sources when obtaining evidence of identity acceptable
Whether they are acceptable is always subject to acceptance by the supervised person for their specific circumstances. However, the JFSC AML/CFT Handbook [section 4.3.4, 66] confirms that a supervised person may demonstrate that it is satisfied that data or information it has accessed directly from data source(s) is sufficiently extensive, reliable and accurate under Article 3(2)(a) of the Money Laundering Order. For full details see the detail in the Handbook Requirement Mapping
Does Verify by Tiller apply additional eID measures to aid in the verifying the identity of a person remotely.
Yes, The JFSC AML/Guidance Notes specifically highlights features that eID applications may be used to mitigate the risk that documents have been tampered with or forged. Verify by Tiller employ numerous technologies to mitigate these risks including but not limited to:
Where the document type supports this capability (for example, passport document & ID cards), use of tamper proof NFC/RFID chips
Document tamper detection, verifying key documents markers against templated originals of that specific document and issue.
Image tamper detection and liveliness tests which where the document supports it image verification back to encrypted digital comply of image on NFC/RFID chips.
For full details ee the detail in the Handbook Requirement Mapping
How does Tiller help me meet the "E-ID" requirements in Section 4 of the Handbook?
Tiller aligns with the guidance in Section 4.3.5 (Electronic Identification) of the Handbook. We provide:
Passive Liveness Detection: To guard against impersonation fraud.
Document Authenticity: Forensic checks to ensure the ID is not forged.
Audit Trail: A full, unalterable log of the verification steps for your Compliance Unit testing.
Liveness Detection meets the following international standards:
ISO 30107-3: This international standard is the foundational framework for testing and evaluating how effectively a liveness detection solution can detect and defend against presentation attacks (spoofing attempts like photos, videos, or masks).
iBeta Accreditation: iBeta is an independent testing lab accredited to perform testing against the ISO 30107-3 standard.
Level 1 PAD: Confirms basic attack detection capabilities.
Level 2 PAD: A higher, more robust level of certification that involves more sophisticated attack scenarios, and is considered the gold standard for enterprise-grade solutions.
Does Verify by Tiller's screening/monitoring take into account the introduction of the Sanctions and Asset-Freezing (Implementation of External Sanctions) (Jersey) Order 2021
The main purpose of the Order is to give legal effect in Jersey to sanctions imposed by the United Nations Security Council (UNSC) and the autonomous sanctions regimes of the UK. This was necessary after the UK's departure from the European Union, as Jersey could no longer rely on EU sanctions regulations. This legislation, along with the Sanctions and Asset-Freezing (Jersey) Law 2019, provides the legal foundation for Jersey to implement a wide range of sanctions measures.
Verify by Tiller automatically checks individuals against the relevant UK and UN sanctions lists required under this order so is compliant. However it remains the responsibility of the supervised person that all requirements under this order are satisfied.
Does Verify by Tiller assist in the record keeping requirements set out in the Handbook
Businesses are required to keep accurate, clear and up to date records to satisfy customer due diligence and mitigate ongoing risk.
Verify by Tiller provides all the information it has captured, the checks and results of those checks and any supporting evidence such as images in one clear, simple but comprehensive PDF report that can be downloaded and included in the business records on the individual. Verify also provides an API with access to all the same information both in PDF format and in machine readable JSON format, allowing the CDD process to be fully integrated with your existing CRM or CLM system. See the detail in the Handbook Requirement Mapping
Does using Tiller constitute "Material Outsourcing" under the JFSC OSP?
Generally, yes. Because Verify by Tiller handles critical CDD data and functions that are fundamental to your AML compliance, most firms should treat this as a "Material" outsourcing arrangement. We have prepared a Material Outsourcing Assessment and Notification template you can use to document this decision and notify the JFSC.
Can I use Tiller's specific "Outsourcing Notification" text for my JFSC portal submission?
Yes. To save you time, we have drafted "Outsourcing Notification" describing the "Nature of the Outsourced Activity" and "Risk Mitigation Measures" that you can copy and paste directly into the JFSC portal when submitting your outsourcing notification.
It should be noted that some of the questions can only be completed by your business and all answers, included those either fully or partially completed by Tiller Technologies must be reviewed thoroughly and accepted or if necessary, updated based on your outsourcing due diligence assessment and business regulatory obligations.
How does Verify by Tiller address the UK Global Irregular Migration and Trafficking in Persons (Sanctions) Regulations 2025?
The UK Global Irregular Migration and Trafficking in Persons (Sanctions) Regulations 2025 is a specific sanctions regime. It is the legislation that provides the legal authority to impose various sanctions, such as asset freezes, travel bans, and director disqualifications, on individuals and entities involved in people smuggling, human trafficking, or the instrumentalization of migration.
The names of people and entities designated as sanctioned under the Global Irregular Migration and Trafficking in Persons regulations will appear on the larger HMT Financial Sanctions List. This list, also known as the Consolidated List, is the list of people and entities who have been designated under various UK sanctions regimes including the Global Irregular Migration and Trafficking in Persons regulations as being sanctioned. This list is maintained by the Office of Financial Sanctions Implementation (OFSI) at HM Treasury.
The HMT Financial Sanctions List is one of the many sanction list that Verify by Tiller checks when performing individual or entity AML checks.
BDO Report on Verify by Tiller download request form
Last updated