On 21 December 2018 the Central Bank of Ireland (‘CBI’) published Anti-Money Laundering and Countering the Financing of Terrorism Guidelines for the Financial Sector (‘Guidelines’), and invited feedback in an accompanying Consultation Paper (‘CP128’). CP128 is open for comments and feedback until 5th April 2019. The purpose of the Guidelines is to assist firms in understanding their obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2018 (‘Act’). The Act was amended most recently in 2018 by the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act, 2018 (‘2018 Act’), the primary purpose of which was to transpose into Irish law the Fourth EU Anti-Money Laundering Directive (2015/849).
Governance
The Guidelines stress the importance of a proactive culture and the role of Senior Management which should be clearly defined and documented. The Board should review and approve the business risk assessment and policies and procedures at least annually.
The CBI expects that the MLRO delivers a report at least on an annual basis, that the AML/CFT function is adequately resourced both in terms of staff and systems and has specific expectations in terms of the MLRO’s knowledge, expertise, autonomy and accessibility.
Risk Management
The Act requires firms to conduct a business risk assessment. This should consist of two distinct parts: identification and assessment of risks.
The Guidelines set out factors to be considered in conducting both parts: customer; products, services and transactions carried out; countries or geographic areas; and delivery channels.
Customer Risk
The Guidelines list the following as subcategories to be considered: customer’s business or professional activities, reputation, nature and behaviour. Links to sectors commonly associated with higher corruption risk should be considered as potentially increasing risk.
Product, Services and Transactions Risk
Firms should consider the level of transparency of the product, its complexity, and its value or size. Pooled accounts, offshore trusts, cash intensive products and dealing with nominee shareholders may all increase the risk of a product.
Country or Geographic Risk
In identifying and assessing the risk of a particular jurisdiction firms should consider the nature and purpose of the business relationship within the jurisdiction, the effectiveness of the jurisdiction’s AML/CFT regime, the level of predicate offences relevant to money laundering within the jurisdiction, the level of ML/TF risk associated with the jurisdiction, any economic or financial sanctions against a jurisdiction, and the level of legal transparency and tax compliance within the jurisdiction.
Delivery Channel Risk
Firms should consider the extent to which business relationships are conducted on a non-face to face basis and any introducers or intermediaries used in identifying and assessing the risk associated with delivery channels.
The Guidelines state that the steps taken to identify and assess risk should be proportionate to the nature and size of each firm. Risk assessments should be kept up to date.
Customer Due Diligence
The Guidelines outline the updated requirement to identify and assess the ML/TF risk in the application of Customer Due Diligence (‘CDD’) to all customers and to document the determination made in relation to this risk assessment. In relation to the timing of carrying out CDD, clear policies and procedures should be in place, including defined timeframes for completion of CDD where this is carried out during the establishment of the business relationship.
The Guidelines also provide clarification on the expectations of the CBI in relation to the requirement to discontinue a business relationship where CDD is outstanding. The CBI expects that processes to allow the return of funds to their source will be implemented while at the same time urging firms to exercise caution around this practice.
With the introduction of the 2018 Act, the previous exemptions in relation to Simplified Due Diligence (‘SDD’) are no longer applicable. SDD may be applied to customers who present a lower risk of ML/TF but firms must record the reason for the application of SDD.
There are a number of prescribed circumstances where enhanced due diligence (‘EDD’) must be applied:
Politically Exposed Persons
Policies and procedures should set out timelines for reporting, escalation and approval of such relationships.
Correspondent Relationships with Third Country Institutions
The Guidelines provide detail in terms of the level of information that should be obtained, and outline expectations in terms of risk assessment of correspondent relationships, senior management approval, and documentation of the respective responsibilities of both parties. An onsite visit by an individual appointed by the correspondent institution may be required in some cases.
High-Risk Third Countries and Other High Risk Situations
The Act requires EDD to be applied in cases of high risk third countries or other high risk situations. The Act itself does not specify what EDD would consist of in these cases but the Guidelines suggest a number of measures that firms may consider taking.
Reporting of Suspicious Transactions
The Guidelines note that Suspicious Transaction Reports (‘STRs’) can be a valuable source of market intelligence for authorities and emphasise the importance of adequate record-keeping, including where suspicions have been discounted.
Training
The Guidelines lay out broad expectations in relation to the type, frequency and delivery method of training.
Record Keeping
Firms are expected to keep comprehensive records in relation to all aspects of the conduct of their businesses and the Guidelines emphasise the importance of assurance testing of record retention and of being in a position to produce records at the request of the CBI or a member of the Police.
Download your copy of the Central Bank of Ireland Publishes CP128: AML/CFT Guidelines for the Financial Sector
KB Associates’ Services
KB Associates offers a range of services to investment funds including:
- The provision of MLRO services
- The provision of UCITS/AIF management company services
- The provision of designated persons to perform UCITS business plan and AIFMD programme of activity managerial functions
If you would like to discuss any issues raised in this article, please feel free to contact Frank Connolly (+353 1 667 1987) or Cliff Burke (+353 1 667 1985).