Case study
SDD Eligibility Verification via GFSC-Regulated Prescribed Business
Situation
A trust administration client wanted to apply Simplified Due Diligence on the basis of a counterparty's regulated status — but had no framework to verify the SDD eligibility claim or document the rationale for compliance and audit purposes.
Risk exposure
Applying SDD without a verified, documented basis is a control failure waiting to be found: the lighter diligence is only defensible if the eligibility condition is evidenced. An unverified claim leaves the institution exposed at its next audit.
Before & after — the numbers
Simplified Due Diligence is a legitimate, risk-based tool — but it is only legitimate when its eligibility condition is verified and documented. The lighter touch it permits is defensible solely on the basis of the evidence that the condition is met. Apply SDD on an unverified assumption and you have not saved effort; you have created a control gap that will surface at the next audit.
This Guernsey trust administration client wanted to apply SDD on the basis of a counterparty’s regulated status, but had no framework to confirm the eligibility claim or to document the rationale for compliance and audit purposes.
Verify the condition, then document it
CCL’s work was precise and evidential. First, we verified the counterparty’s status as a GFSC Prescribed Business — confirming, rather than assuming, that the regulatory condition for SDD eligibility was actually met. Second, we analysed the SDD eligibility against the specific regulatory requirement, establishing not just that SDD could be applied but exactly why, against which provision.
A rationale that survives the audit
The deliverable was a fully documented SDD rationale with regulatory cross-reference and a 100% audit trail — the contemporaneous evidence that the eligibility condition was verified and the decision was sound. The point of the engagement was never the SDD decision in isolation; it was making that decision defensible, so that when an auditor or the regulator asks “on what basis did you apply simplified diligence here?”, the answer is a documented, cross-referenced file rather than an assumption.
Why the small cases matter
This is a deliberately modest engagement in scale, and it illustrates a principle that runs through CCL’s regulatory readiness work: defensibility is built in the documentation, not the decision. A correct decision with no evidenced rationale fails an audit just as surely as a wrong one. The discipline of verifying the condition and documenting the cross-reference is the same whether the population is one trust or an entire customer base.
Regulator-facing outputs
- Verification of the auditor's GFSC Prescribed Business status
- SDD eligibility analysis against the regulatory condition
- Documented rationale with regulatory cross-reference
- Complete audit trail for compliance and review
Capabilities involved
The services behind this work
Regulatory Readiness & Audit Defence
Pre-audit gap analysis, control narratives, response packs and stakeholder coaching for FCA, ECB, GFSC or CBN reviews — before the regulator arrives.
Explore serviceAML Control Framework Transformation
End-to-end review and rebuild: transaction-monitoring calibration, typology refresh, SAR quality, MLRO pathways and three-lines-of-defence redesign.
Explore serviceSpeak to the practice
Before it becomes a regulatory finding, make it a closed action.
A short, confidential advisory call to pressure-test where your KYC, AML, sanctions or risk-classification framework is exposed — and what a defensible fix looks like.