22 October 2019
The Central Bank of Ireland has published its much-anticipated ‘Anti-Money Laundering and Countering the Financing of Terrorism Guidelines for the Financial Sector’ (the ‘Guidelines’), which set out the Central Bank’s expectations on anti-money laundering and counter-terrorist financing compliance. The Guidelines will be of keen interest to financial institutions, including banks, insurers, investment firms, funds, and fund managers (‘Firms’).
Ireland’s current anti-money laundering framework was introduced by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the ‘Act’) and, in 2012, the Department of Justice published guidelines which fleshed out the anti-money laundering/countering the financing of terrorism (‘AML/CFT’) obligations set out in the Act.
Ireland amended the Act to transpose the EU’s Fourth Money Laundering Directive 2015/849 (‘MLD4’) into Irish law, in November 2018. Subsequently, in December 2018, the Central Bank issued Consultation Paper 128 (‘CP 128’) setting out its draft AML/CFT Guidelines for financial institutions (the ‘Draft Guidelines’). The Central Bank published its much-anticipated final Guidelines on 6 September 2019, along with a feedback statement on CP 128 (the ‘Statement’).
The Guidelines set out the Central Bank’s expectations with regard to the AML/CFT obligations imposed on Firms following the transposition of MLD4. They also incorporate expectations set out in previous Central Bank AML/CFT Sectoral Reports, AML/CFT Bulletins, and relevant European Supervisory Authority Guidelines.
The Guidelines are divided into ten main sections, including sections on Risk Management, Customer Due Diligence (‘CDD’), Governance, Suspicious Transaction Reporting (‘STRs’), Training and Record Keeping. The Guidelines also contain a short section on international sanctions. Overall, the Guidelines are largely consistent with the Draft Guidelines, although there is a number of differences, in particular regarding CDD and training requirements.
One of the more significant changes introduced by MLD4 is the specific requirement for entities in scope of the AML/CFT provisions of the Act to carry out a business risk assessment. According to the Guidelines, this should consist of two distinct but related steps:
The Guidelines provide detailed guidance on factors to be considered for the purpose of identifying ML/TF risks, as well as on: assessing those risks; categorising business relationships and occasional trasanctions according to the perceived level of ML/TF risk; and monitoring and reviewing the business risk assessment.
Customer Due Diligence (CDD)
The Guidelines set out the Central Bank’s expectations in relation to CDD including regarding the use by a Firm of ‘RegTech’ to comply with the Firm’s CDD obligations. In particular, when using RegTech, a Firm must, among other things, ensure that it fully understands the relevant solution it is using and how it impacts on the Firm’s regulatory compliance.
In contrast to the Draft Guidelines, the Guidelines:
The Guidelines contain detailed guidance on the role of Governance in effective AML/CFT compliance. Like the Draft Guidelines, the Guidelines provide:
‘The attitude and culture embedded within a Firm is of critical importance in the fight against money laundering and terrorist financing. (….) Firms should engage with the Central Bank in a positive, transparent way and should be proactive in bringing matters to the attention of the Central Bank.’
While the section on Governance includes detailed guidance, including on the role and responsibilities of Senior Management; governance and oversight; the three lines of defence; and policies and procedures, governance related requirements are also included in other sections of the Guidelines.
Suspicious Transaction Reporting (STR)
STR is at the core of AML/CFT and the Guidelines provide significant detail on STRs, including identifying suspicious transactions and the timing and making of an STR. The Guidelines also deal with the tipping-off offence.
Training and Record Keeping
Firms will be familiar with the requirement to provide staff with appropriate and sufficient training on compliance with AML/CFT obligations. In common with the Draft Guidelines, the Guidelines remind Firms that have outsourced AML/CFT functions that they must ensure that staff at the outsourced service provider is appropriately trained on ML/TF matters including on the ML/TF risks relevant to the Firm.
While the Draft Guidelines stated that Firms must assess staff at the end of the AML/CFT session, the Guidelines provide more flexibility in this regard. Specifically, while the Guidelines state that Firms must ensure that all AML/CFT training participants pass an assessment or examination during the training session, they go on the provide that:
‘If the training does not contain an assessment or examination, Firms must be in a position to demonstrate the effectiveness of training and staff understanding in relation to the same.’