Central Bank of Ireland Publishes Anti-Money Laundering Guidelines

The Central Bank of Ireland has published its much-anticipated “Anti-Money Laundering and Countering the Financing of Terrorism Guidelines for the Financial Sector” (the “Guidelines”), which set out the Central Bank’s expectations on anti-money laundering and counter-terrorist financing compliance. The Guidelines will be of keen interest to financial institutions, including banks, insurers, investment firms, funds, and fund managers (“Firms”).

Background

Ireland’s current anti-money laundering framework was introduced by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the “Act”) and, in 2012, the Department of Justice published guidelines which fleshed out the anti-money laundering/countering the financing of terrorism (“AML/CFT”) obligations set out in the Act. 

Ireland amended the Act to transpose the EU’s Fourth Money Laundering Directive 2015/849 (“MLD4”) into Irish law, in November 2018. Subsequently, in December 2018, the Central Bank issued Consultation Paper 128 (“CP 128”) setting out its draft AML/CFT Guidelines for financial institutions (the “Draft Guidelines”). The Central Bank published its much-anticipated final Guidelines on 6 September 2019 (here), along with a feedback statement on CP 128 (the “Statement”).

The Guidelines

The Guidelines set out the Central Bank’s expectations with regard to the AML/CFT obligations imposed on Firms following the transposition of MLD4.  They also incorporate expectations set out in previous Central Bank AML/CFT Sectoral Reports, AML/CFT Bulletins, and relevant European Supervisory Authority Guidelines.

The Guidelines are divided into ten main sections, including sections on Risk Management, Customer Due Diligence (“CDD”), Governance, Suspicious Transaction Reporting (“STRs”), Training and Record Keeping.  The Guidelines also contain a short section on international sanctions. Overall, the Guidelines are largely consistent with the Draft Guidelines, although there is a number of differences, in particular regarding CDD and training requirements.

Risk Management

One of the more significant changes introduced by MLD4 is the specific requirement for entities inscope of the AML/CFT provisions of the Act to carry out a business risk assessment.  According to the Guidelines, this should consist of two distinct but related steps:

  • identifying money-laundering (“ML”) and terrorist financing (“TF”) risks relevant to the Firm’s business; and
  • assessing the identified ML/TF risks in order to understand how to mitigate those risks.

The Guidelines provide detailed guidance on factors to be considered for the purpose of identifying ML/TF risks as well as on: assessing those risks; categorising business relationships and occasional trasanctions according to the perceived level of ML/TF risk; and monitoring and reviewing the business risk assessment.

Customer Due Diligence (CDD)

The Guidelines set out the Central Bank’s expectations in relation to CDD including regarding the use by a Firm of “RegTech” to comply with the Firm’s CDD obligations. In particular, when using RegTech, a Firm must, among other things, ensure that it fully understands the relevant solution it is using and how it impacts on the Firm’s regulatory compliance. 

In contrast to the Draft Guidelines, the Guidelines:

  • specifically refer to the new obligation imposed under section 33(6) of the Act, which prohibits Firms from processing transactions prior to completing customer verifications;
  • reference the obligation to identify all beneficial owners and verify their identity by taking such measures reasonably warranted by a risk based approach – the Draft Guidelines seemed to suggest that there could be circumstances where the obligation to verify a beneficial owner’s identity did not arise;
  • include a new paragraph explaining that each Firm should maintain its own list of documents which it will accept for CDD purposes; and
  • provide additional clarity as to the requirement to carry out CDD on persons “purporting to act on behalf of the customer” – the Guidelines include a footnote which states that such persons may include Power of Attorney cases, Executor/Administrator, Ward of court, a vulnerable customer who has a third party acting on his/her behalf via formal authorisation.

Governance

The Guidelines contain detailed guidance on the role of Governance in effective AML/CFT  compliance.  Like the Draft Guidelines, the Guidelines provide:

the attitude and culture embedded within a Firm is of critical importance in the fight against money laundering and terrorist financing. (….) Firms should engage with the Central Bank in a positive, transparent way and should be proactive in bringing matters to the attention of the Central Bank.”

While the section on Governance includes detailed guidance, including on the role and responsibilities of Senior Management; governance and oversight; the three lines of defence; and policies and procedures, governance related requirements are also included in other sections of the Guidelines.

Suspicious Transaction Reporting (STR)

STR is at the core of AML/CFT and the Guidelines provide significant detail on STRs, including identifying suspicious transactions and the timing and making of an STR. The Guidelines also deal with the tipping-off offence.

Training and Record Keeping

Firms will be familiar with the requirement to provide staff with appropriate and sufficient training on compliance with AML/CFT obligations. In common with the Draft Guidelines, the Guidelines remind Firms that have outsourced AML/CFT functions that they must ensure that staff at the outsourced service provider is appropriately trained on ML/TF matters including on the ML/TF risks relevant to the Firm.

While the Draft Guidelines stated that Firms must assess staff at the end of the AML/CFT session, the Guidelines provide more flexibility in this regard. Specifically, while the Guidelines state that Firms must ensure that all AML/CFT training participants pass an assessment or examination during the training session, they go on the provide that:

if the training does not contain an assessment or examination, Firms must be in a position to demonstrate the effectiveness of training and staff understanding in relation to the same.”

Comment

Firms should review their policies and procedures to ensure that they comply with the Guidelines. As emphasised by Deville Rowland, the Central Bank’s Director General of Financial Conduct, in a speech she delivered at the publication of the Guidelines, regulators are currently ramping up efforts to prevent ML/TF and:

 “time spent getting to grips with these new guidelines is time well spent as it will provide a strong foundation for compliance with current obligations.”

This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.