In March 2016, the Central Bank published a report setting out its observations and expectations in relation to Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions (AML/CFT) compliance by Irish life insurers (the "Report"). Carried out over the course of 2014 and 2015, the Report was based on a combination of on-site inspections and desk-top reviews which involved the assessment of insurers’ related policies, procedures, risk assessments, outsourcing and third-party arrangements together. The Report also encompassed interviews with key staff, walk-throughs of key processes and testing of relevant IT systems conducted by the Central Bank.
The Report recognises that although the inherent AML/CFT risk may be lower in the insurance sector than in other sectors, insurers should be aware that there are products, customers and geographic regions that present a higher AML/CFT risk.
Main areas of concern identified
The Report concluded that in many instances, insurers generally had satisfactory procedures and systems and controls in place. However, a number of the issues identified indicated that that further improvements should be made by insurers to strengthen their existing AML/CFT framework. The findings of the Report focus on Customer Due Diligence (CDD), Suspicious Transaction Reporting, Terrorist Financing, Financial Sanctions and Compliance and Governance centred on the importance of robust board oversight and record keeping.
The Report identifies the following main areas of concern:
- Non-adherence to the stated AML/CFT policies
- Weaknesses in the suspicious transaction reporting process
- Deficiencies in the ongoing customer and transaction monitoring processes
- Insufficient evidence of adequate data collection as required under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010
- Insufficient documentation being retained to support the application of simplified customer due diligence
- Weaknesses in the suspicious transaction reporting processes and procedures and in the on-boarding process of politically exposed persons
- Insufficient evidence that all members of the insurer's board and/or staff had received instruction in the law relating to AML/CFT issues
- Deficiencies in the policies and processes in place relating to third party reliance and outsourcing arrangements
- Failure to fully consider, qualify or document the criteria and process for the identification, recording, and application of Enhanced Due Diligence to high risk policyholders
Central Bank recommendations
The Central Bank expects that insurers maintain a detailed suite of AML policies which are supplemented by guidance and supporting procedures that fully demonstrate compliance with all legal and regulatory requirements. The Report also points out that these policies should be reviewed and updated accordingly.
In addition, the Central Bank expects that insurers conduct and document an AML risk assessment of their business including all risk categories (e.g. geographic risk, product/service risk, policyholder risk and channel/distribution risk). If any gaps are identified, it is expected that an action plan should be put in place to address such gaps and such plans should be reviewed and approved by the Board at least annually.