The commencement of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 (“the 2018 Act”) into law on 26 Nov 2018 transposed the EU 4th directive on money laundering into Irish law via an amendment to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. It also marked over 25 years since the introduction of EU & Irish law outlawing money laundering and the financing of terrorism.
Continue reading to get:
Since 1994, there have been 9 pieces of Irish legislation on AML together with requirements and guidelines from the CBI, EU authorities and the Financial Action Task Force (“FATF”). The government published Ireland’s first National Risk Assessment (“NRA”): Anti-Money Laundering and Countering the Financing of Terrorism in 2016. The aim of the NRA, required under AMLD4, is to identify, understand, and assess Ireland’s AML risks. Moreover, the results of the NRA are designed to inform policy and operations and the allocation of resources to the areas identified as highest risk. The NRA gives a risk rating to each financial services sector.
These have resulted in increased complexity for firms implementing these rules and the regulatory, financial and reputational risks of failing to properly implement and monitor firms’ arrangements.
AML compliance is a key risk for financial organisations. Consequently, boards should regularly monitor their firms’ adherence to AML regulations via internal audit, compliance and other board reports as well as ensuring relevant board training is carried out at least annually. In the three years to 31 December 2018, AML-related enforcement actions / settlement agreements accounted for over 25% of all CBI actions with many related fines exceeding €1m, in addition to the reputational damage and costs of remediation which in many cases exceeded the fines.
The 2018 Act introduced enhancements to the risk based approach set out in the 2010 Act with changes to customer due diligence (“CDD”) and business risk assessment requirements. These changes are intended to ensure that AML compliance is not merely a tick-the-box exercise. Key changes include:
Under the 2018 Act, firms are required to conduct a business risk assessment to identify AML risks pertinent to their businesses and assess these risks. The results of this assessment will inform, inter alia, the approach to CDD and assist firms in understanding their AML exposures and the areas for prioritisation.
In preparing an AML business risk assessment firms should use the various sources of information available including the NRA, CBI guidance (inc. December 2018 CP 128), risk factors contained in Schedule 3 and 4 of the amended CJA 2010, industry body information and guidance issued by their respective European Supervisory Authorities (such as the “Risk Factor Guidelines” issued jointly by these agencies in 2017).
AML business risk assessments should be documented, updated annually and approved by the board. We recommend that compliance officers prioritise this area for 2019 as failure to comply with this requirement risks a criminal prosecution for directors.
As a general rule, a firm is required to carry out due diligence with a customer prior to establishing a business relationship in order to identify the customer and its beneficial owner. CDD is either simplified, standard or enhanced. AMLD4 has introduced changes for firms who previously relied on the exemption to carry out simplified due diligence. Firms are required to assess risks in relation to their new customers taking account of risk factors including, countries or geographic areas, products, services, transactions or delivery channels. CDD records are required to be documented and kept up to date.
Firms must develop and maintain proportionate policies, controls and procedures including risk management practices, customer due diligence, reporting, record-keeping, internal control and compliance management arrangements.
The risk assessment of the customer will drive the type of due diligence used, e.g.: Low risk – simplified due diligence, medium risk – standard due diligence and high risk – enhanced due diligence.
The Anti-Money Laundering Division (“AMLD”) of the CBI is a division that monitors adherence to AML regulations. AMLD activity includes reviews and inspections of firms. This often constitutes written inquiries, questionnaires, holding face to face meetings, thematic reviews and full onsite visits. This applies to firms’ in all impact categories from low to high.
A typical review by the AMLD will involve a request for policies & procedures, compliance monitoring and internal audit reports to be submitted prior to a meeting. The meeting can typically last 2 hours and focuses on a high-level overview of the firm’s activities, governance framework, AML risk assessment and AML policy and procedures.
In preparing for this meeting attendees should be familiar with all the materials given to the CBI as part of the request list, their roles, the firm’s policies and procedures and be comfortable answering questions on the following areas:
This preparation should result in being in a position to demonstrate your understanding of the requirements and the firm’s degree of compliance therewith.
Related presentation: AML and Countering the Financing of Terrorism | CBI guidelines for the Financial Sector September 2019.
Our Risk & Regulatory team works with individuals and boards across all regulated sectors in the area of AML. Services and solutions include assessment of your current AML regulatory framework and support with remediation programmes and with addressing issues arising from CBI inspections. Learn more about our Risk & Regulatory Services here, alternatively, request a callback from our Risk and Regulatory team now.
Explore the EisnerAmper
Global Network. Our member
firms are strategically situated
across the globe.