opennav

EisnerAmper Ireland | Anti-Money Laundering AML - Preparation For CBI Reviews Under AMLD4 Ireland

EisnerAmper Global

Anti-Money Laundering (AML) – being prepared for CBI reviews under AMLD4

Anti-Money Laundering Image | AML business risk assessment | AMLD4 | Risk & Regulatory ServicesThe commencement of the Criminal Justice (Money Laundering and Terrorist  Financing) (Amendment) Act 2018 (“the 2018 Act”) into law on 26 Nov 2018 transposed the EU 4th directive on money laundering into Irish law via an amendment to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010.  It also marked over 25 years since the introduction of EU & Irish law outlawing money laundering and the financing of terrorism.

Continue reading to get:

  • Recent key changes to the 2018 Act;
  • Useful resources to help you prepare your anti-money laundering and terrorist financing (“AML”) risk assessments; and
  • Insight into how you can prepare for AML review meetings with the Central Bank of Ireland (“CBI”).
AML Background

Since 1994, there have been 9 pieces of Irish legislation on AML together with requirements and guidelines from the CBI,  EU authorities and the Financial Action Task Force (“FATF”).  The government published Ireland’s first National Risk Assessment (“NRA”): Anti-Money Laundering and Countering the Financing of Terrorism in 2016.  The aim of the NRA, required under AMLD4, is to identify, understand, and assess Ireland’s AML risks.  Moreover, the results of the NRA are designed to inform policy and operations and the allocation of resources to the areas identified as highest risk.  The NRA gives a risk rating to each financial services sector.

These have resulted in increased complexity for firms implementing these rules and the regulatory, financial and reputational risks of failing to properly implement and monitor firms’ arrangements.

AML compliance is a key risk for financial organisations.  Consequently, boards should regularly monitor their firms’ adherence to AML regulations via internal audit, compliance and other board reports as well as ensuring relevant board training is carried out at least annually.  In the three years to 31 December 2018, AML-related enforcement actions / settlement agreements accounted for over 25% of all CBI actions with many related fines exceeding €1m, in addition to the reputational damage and costs of remediation which in many cases exceeded the fines.

The 2018 Act – Key Changes

The 2018 Act introduced enhancements to the risk based approach set out in the 2010 Act with changes to customer due diligence (“CDD”) and business risk assessment requirements.  These changes are intended to ensure that AML compliance is not merely a tick-the-box exercise.  Key changes include:

  • A statutory requirement for designated persons to conduct a ‘business risk assessment’.  This assessment should be documented, referenced to Ireland’s National Risk Assessment and approved by the board;
  • Customer due diligence is required to be done on a risk based approach.  Exemptions available to apply simplified due diligence are no longer automatic;
  • A requirement for unregulated firms currently providing Schedule 2 activities (of the 2010 Act) to register with the CBI;
  • Politically exposed person definition now includes persons living in the state;
  • Reducing the cash transaction limit triggering designated person requirements from €15,000 to €10,000;
  • A requirement for groups to unify their AML policies; and
  • Changing beneficial owner definition for trusts to remove the 25% ownership rule for all beneficiaries, trustees, settlors and protectors.
Preparing AML Business Risk Assessments

Under the 2018 Act, firms are required to conduct a business risk assessment to identify AML risks pertinent to their businesses and assess these risks.  The results of this assessment will inform, inter alia, the approach to CDD and assist firms in understanding their AML exposures and the areas for prioritisation.

In preparing an AML business risk assessment firms should use the various sources of information available including the NRA, CBI guidance (inc. December 2018 CP 128), risk factors contained in Schedule 3 and 4 of the amended CJA 2010, industry body information and guidance issued by their respective European Supervisory Authorities (such as the “Risk Factor Guidelines” issued jointly by these agencies in 2017).

AML business risk assessments should be documented, updated annually and approved by the board.  We recommend that compliance officers prioritise this area for 2019 as failure to comply with this requirement risks a criminal prosecution for directors.

Anti-Money Laundering AML Review Image | Risk & Regulatory Services | EisnerAmper Ireland

Customer Due Diligence – Risk Based Approach

As a general rule, a firm is required to carry out due diligence with a customer prior to establishing a business relationship in order to identify the customer and its beneficial owner.  CDD is either simplified, standard or enhanced.  AMLD4 has introduced changes for firms who previously relied on the exemption to carry out simplified due diligence. Firms are required to assess risks in relation to their new customers taking account of risk factors including, countries or geographic areas, products, services, transactions or delivery channels.  CDD records are required to be documented and kept up to date.

Firms must develop and maintain proportionate policies, controls and procedures including risk management practices, customer due diligence, reporting, record-keeping, internal control and compliance management arrangements.

The risk assessment of the customer will drive the type of due diligence used, e.g.: Low risk – simplified due diligence, medium risk – standard due diligence and high risk – enhanced due diligence.

Preparing for Central Bank of Ireland AML Review Meetings

The Anti-Money Laundering Division (“AMLD”) of the CBI is a division that monitors adherence to AML regulations.  AMLD activity includes reviews and inspections of firms.  This often constitutes written inquiries, questionnaires, holding face to face meetings, thematic reviews and full onsite visits.  This applies to firms’ in all impact categories from low to high.

A typical review by the AMLD will involve a request for policies & procedures, compliance monitoring and internal audit reports to be submitted prior to a meeting.  The meeting can typically last 2 hours and focuses on a high-level overview of the firm’s activities, governance framework, AML risk assessment and AML policy and procedures.

In preparing for this meeting attendees should be familiar with all the materials given to the CBI as part of the request list, their roles, the firm’s policies and procedures and be comfortable answering questions on the following areas:

  • Be able to articulate their role in relation to AML, i.e. PCF Head of Compliance and MLRO;
  • Have read and understood the sector rating and implications for their sector set out in the National Risk Assessment;
  • Describe the AML reporting arrangements for the board;
  • Describe the training they have received;
  • Describe the firm’s AML processes and ongoing monitoring including triggers; and
  • Describe the main AML risks to the firm.

This preparation should result in being in a position to demonstrate your understanding of the requirements and the firm’s degree of compliance therewith.

How EisnerAmper Ireland Can Help

Our Risk & Regulatory team works with individuals and boards across all regulated sectors in the area of AML.  Services and solutions include assessment of your current AML regulatory framework and support with remediation programmes and with addressing issues arising from CBI inspections.  Learn more about our Risk & Regulatory Services here, alternatively, request a callback from our Risk and Regulatory team now.

Request a Callback

Our locations

Explore the EisnerAmper
Global Network. Our member
firms are strategically situated
across the globe.