Anti-money laundering ("AML") related fines by the Central Bank of Ireland (the "CBI") are increasing in both size and frequency. In the last year there have been three major fines imposed on Irish domestic banks as follows:
- €3,150,000 - May 2017.
- €2,275,000 - April 2017.
- €3,325,000 - October 2016.
These are all related to the domestic banking sector and retail customers, but the increased focus should be noted cautiously by all regulated firms.
This increase follows the CBI's setting up a specific AML enforcement division in 2010 where staff numbers have risen from 17 in 2014 to 37 today. Based on these and other recent examples firms are falling down in the following areas:
- Incomplete risk assessments that did not effectively consider relevant money laundering or terrorist financing risks;
- High-level risk assessments that lacked a thorough analysis of key risks;
- Non-adherence to firms’ own AML/counter terrorist financing ("CTF") policies;
- Failure to ensure the provision of appropriate and comprehensive training to the Board and committee members, as well as enhanced training for staff in key AML/CTF roles;
- Failure to report suspicious transactions without delay; and
- Shortcomings in customer due diligence processes, including the identification of politically exposed persons ("PEPs").
The focus on having a comprehensive and bespoke risk assessment is something the CBI is continually emphasising. In a speech on 9 June 2017 Derville Rowland, Director of Enforcement at the CBI said:
"One of the Central Bank’s key expectations for an effective AML control framework is that it is based on a money laundering and terrorist financing risk assessment specific to the firm’s business and that it has robust controls in place to mitigate and manage the risks identified. We continue to stress to firms and the industry at large that a “tick box” or rules-based approach is not fit for purpose and will not meet regulatory expectations. We will not accept this approach from supervised firms."
Regulated firms should be asking themselves the following questions:
- Has a comprehensive and business specific risk assessment been carried out taking into account both the CBI's recent findings and the AML/CTF National Risk Assessment  for Ireland?
- Does the firm have a written AML policy specifically tailored for its AML approach?
- Does the board and senior management receive AML training at least annually?
- Has an AML framework review been undertaken recently?
- Is a plan in place to prepare for the 4th Money Laundering Directive?