In June this year, the Central Bank of Ireland ('CBI') issued an updated revision of their guidelines on Anti-Money Laundering/Countering the Financing of Terrorism ('AML/CFT') for the financial sector. This follows the initial publication of these guidelines which issued in September 2019. The purpose of these guidelines is to provide assistance to all Credit and Financial Institutions with their compliance to their legal obligations as set out in the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 – 2021 ('the act').

The revised guidelines take into account the recently enacted 5th EU Money Laundering Directive, the CBI's regulatory expectations as set out in previous AML/CFT bulletins as well as the updated European Banking Authority AML/CFT Risk Factor guidelines which issued in Q1 2021.

The key changes which have come out of the revised guidelines are in relation to

1088236a.jpg

AML/CFT Risk Assessments

The guidance has been further updated to confirm that a firm's AML/CFT business risk assessment and customer/transaction risk assessment should be connected. Firms should rely on the assessment of the business' inherent risk to inform their risk-based approach to the identification and verification of individual customers and drive the level and extent of due diligence appropriate to that customer or occasional transaction.

Governance

The CBI has updated the governance section of the guidance to set out their expectations as to the roles and responsibilities of the Board as well as key staff including Senior Management & the Compliance Officer who have responsibility for AML/CFT matters and the Three Lines of Defence (where relevant).

De-Risking

The CBI has included a new section of the Risk Based Approach guidance in relation to De-Risking. Specifically, they have highlighted that it is not acceptable for firms to terminate large categories of customers or exclude cohorts of customers without conducting individual risk assessments in the first instance to determine whether there are any increased CDD measures which could be applied which may add sufficient comfort to allow the customer relationship to be maintained. Where the decision remains to terminate the customer relationship, this rationale including the risks that were presented should be fully documented

PEPs

The PEP section of the guidance has been updated to include the new legislative obligation which now requires Firms to continue to apply enhanced due diligence (EDD) measures to a PEP for as long as is reasonably required until the person is no longer deemed to pose a risk. Previous to this, Firms were allowed to remove EDD measures from a customer who was no longer a PEP for more than 12 months.

Beneficial Ownership Registers

The guidance now includes a section regarding the importance for implementing a beneficial ownership register at a national level as well as a Firms new obligations to check the various beneficial owner registers+ prior to on-boarding a new non-personal customer or trust business and the various measures that must be in place regarding continuing to enter the business relationship, including terminating the relationship where relevant.

+ The express trust (beneficial ownership) register (in accordance with Section 35(3A) of the CJA 2010; The Central Register of Beneficial Ownership of Companies and Industrial Provident Societies or, as the case may be, the Central Register of Beneficial Ownership of Irish Collective Asset management Vehicles, Credit Unions and Unit Trusts (in accordance

with Section 35(3C) of the CJA 2010.

High Risk Third Countries

The guidance has been updated to include the more prescriptive approach outlined in the act for applying EDD measures for customers established or residing in a high risk third country. Such information includes - but not limited to obtaining information regarding the Customer, the Beneficial Owner, the intended purpose of the relationship and the Source of Funds/Wealth.

Transaction Monitoring

The guidance has been updated to reflect the CBIs expectations in relation to Transaction Monitoring (TM) -  both automated and manual. Some key takeaways to note are as follows:

  • Firms must update that their AML/CFT Business Risk Assessment to accurately reflect the TM controls and level of assurance testing undertaken to ensure an effective TM model;
  • Firms should not place absolute reliance on automated transaction monitoring and employees should still be aware of the need to manually identify any transactional activity, which may be suspicious;
  • Firms should ensure that the adequacy of its controls are subject to continued and regular review.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.