The Fourth Money Laundering Directive 2015/849 (“MLD4”) will soon be transposed into Irish law by the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2018 (“Bill”), which is currently before the legislature.
Once the Bill becomes law, each financial institution as well as other designated persons will need to carry out a gap analysis of its existing anti-money laundering and counter-terrorist financing (“AML/CTF”) policies and procedures to ensure that they comply with the new requirements.
Overview of the Bill
The Bill’s primary purpose is to amend the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (“2010 Act”) in order to transpose MLD4 into Irish law and to give effect to the recommendations of the Financial Action Task Force. In this regard, it imposes a number of new legislative requirements on credit and financial institutions, together with other designated persons.
The Bill contains new definitions of the terms “monitoring” and “senior management”.
To a large extent the definition of “monitoring” reflects that in the 2010 Act, however, the Bill extends the existing definition to require a designated person to ensure:
that documents, data and information on customers are kept up to date in accordance with its internal policies, controls and procedures adopted in accordance with section 54.
For its part, the new definition of “senior management” states that such a person “need not, in all cases, be a member of the board of directors”. Specifically, it may suffice for the relevant officer or employee to have sufficient knowledge of the institution’s money laundering (“ML”) and terrorist financing (“TF”) risk exposure and sufficient seniority to take decisions affecting its risk exposure (such as the Chief Risk Officer and the Chief Compliance Officer).
Beneficial Owner of Trusts
The 2010 Act defines “beneficial owner” in relation to a trust to include any individual who is entitled to a vested interest in possession, remainder or reversion, in at least 25% of the capital of the trust property.
The Bill expands this to cover all persons entitled to such vested interest in the trust property’s capital, irrespective of the amount of that interest. It also expands the definition of beneficial owner to include the settlor, trustee and protector.
Chapter on Business Risk Assessment
The Bill contains a new chapter on risk assessments required to be undertaken by a designated person. This chapter sets out the requirement to conduct a business risk assessment, as well as the risk factors and information sources a designated person must take into account when doing so. The risk assessment must be documented, kept up to date and approved by senior management. Failure to comply with this requirement will be a criminal offence.
The new chapter also deals with the application of risk assessments in applying customer due diligence (“CDD”) and sets out a number of factors to which a designated person must have regard, when identifying and assessing ML/TF risks.
Identification and Verification of Customers
The Bill contains a number of new provisions applicable to the identification and verification of customers and beneficial owners. Among other things, it deletes the additional requirements applicable to non face to face customers and introduces additional requirements for the beneficiaries of life assurance and other investment-related assurance policies.
The Bill introduces a new section 33A to the 2010 Act to deal with the CDD derogation for electronic money. In addition to lowering the amount that can be stored electronically in certain cases, the Bill imposes a host of additional requirements before the derogation applies. In particular, the Bill specifies that the issuer of the payment instrument must carry out sufficient monitoring of the transactions or business relationship concerned to enable the detection of unusual or suspicious transactions.
Simplified Customer Due Diligence (SCDD)
The Bill inserts a new section 34A dealing with SCDD. This section specifies the matters to which a designated person must have regard when identifying an area of lower risk. It also imposes a record keeping requirement in relation to the reasons and evidence for applying SCDD.
Politically Exposed Persons (PEPs)
The 2010 Act applies enhanced CDD requirements to PEPs residing outside of Ireland. The Bill extends these requirements to domestic PEPs. It also imposes a new requirement on designated persons to determine whether the beneficiary of a life assurance policy or other investment-related assurance policy, or a beneficial owner of the beneficiary is a PEP, an immediate family member or a closely associated person of a PEP. The Bill extends the definition of a PEP to cover a member of the governing body of a political party.
Enhanced Customer Due Diligence (CDD)
In addition to the case of PEPs, the Bill requires a designated person to apply enhanced CDD measures in other instances.
In particular, a designated person must apply enhanced CDD when dealing with a customer established in a high-risk third country. This requirement does not apply where the customer is a branch or majority owned subsidiary of an EU designated person which complies with group wide policies and procedures adopted in accordance with MLD4.
A designated person will also be required to apply enhanced CDD measures in cases of heightened risk and must have regard to specified matters when doing so.
The Bill makes a number of positive changes from the perspective of group entities. In particular designated persons should find it easier to rely on group entities to carry out CDD. In addition the tipping off defence for credit and financial institutions applies to disclosures by a majority-owned subsidiary or a branch of a credit/financial institution in group situations.
Internal Policies, Controls and Procedures
The Bill substitutes a new section on internal policies, controls and procedures, which is considerably more detailed than the existing section 54. These requirements relate, for example, to CDD measures, monitoring, reporting and record-keeping. For the most part, we expect designated persons will already have provisions in their internal policies and procedures which deal with the new requirements.
The Bill also contains more prescriptive requirements for group-wide policies and procedures than those set out in the 2010 Act.
New Powers for the Competent Authorities
The Bill specifically empowers competent authorities to issue written directions to a designated person, including a direction to:
- appoint an individual at management level to act as a compliance manager;
- appoint a member of senior management with primary responsibility for the implementation and management of AML measures; and
- undertake an independent, external audit to test the effectiveness of its internal policies, controls and procedures.
Registration Requirement for Non-regulated Financial Service Providers
The Bill provides for a new register of persons (the “Register”), which broadly applies to any designated person that:
- carries out one or more of the activities set out at reference numbers 2 to 12 and 14 or 15 of the Schedule to the European Union (Capital Requirements) Regulations 2014 or foreign exchange services; and
- is not authorised or licensed to carry on its activities by, or registered with the Central Bank.
Such persons must register with the Central Bank, which must establish and maintain the Register. Failure to register is an offence.
The Bill must now pass through the legislative process, meaning that it is unlikely to become law before Q4 of this year at the earliest. While for the most part the new requirements in the Bill correspond with existing best practice, designated persons will still need to carry out a gap analysis in order to make sure that they are fully compliant. In particular, they will need to review their AML/CTF policies and procedures to ensure these comply with the requirements set out in the Bill, once it is finalised.