Compliance

Jersey Says Registry "Vulnerability" Found

Editorial Staff 11 March 2024

Jersey Says Registry

The practice of holding registers of company and other information in international financial centres such as Jersey – and debates about public access to beneficial ownership data, for example – puts an added premium on the need to keep privacy and technology systems watertight.

The Jersey Financial Services Commission has recently disclosed that it has found a "vulnerability" in its registry. 

In a statement, the Commission said the problem was identified on 23 January. “This vulnerability allowed access to non-public names and addresses. It did not link any individuals to registered entities or roles held," it said.

“We have conducted an initial forensic review with an independent cyber security partner. This review identified that the vulnerability was due to a misconfiguration in our third-party-supplied registry system, which had been implemented in January 2021,” it said in a statement, issued last Thursday. 

Questioned by WealthBriefing on Friday, a spokesperson in the Commission’s office said there had not been a breach with loss of data. 

In recent years, calls for public registers of beneficial ownership of companies and trusts have been controversial. Since a top EU court ruling in 2022, jurisdictions such as the Cayman Islands and British Virgin Islands, have rowed back somewhat from how far they intend to go down this route, which they nevertheless accept . A point of contention is that while registers may have their uses, access must follow safeguards and rules to prevent indiscriminate data trawls. The topic highlights a regular debate in global wealth management about the proper limits of legitimate privacy and transparency. Examples include vast hauls of data being “leaked” in the Panama Papers and Paradise Papers sagas.

The JFSC said it immediately resolved the vulnerability. Separately, it has written to “certain individuals whose name and address was accessed and to whom we owe an obligation to communicate individually.”

“We deeply regret this has occurred and are currently undertaking further investigations to determine how this happened. We have been working throughout with the Jersey Office of the Information Commissioner,” the statement added.

Some lawyers, such as Filippo Noseda, partner at Mishcon de Reya, worry that data protection is at odds with transfers of information between governments. 

Register for WealthBriefingAsia today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes