On 26 November 2018, two statutory instruments were signed into law commencing the provisions of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 (the 2018 Act). The Act amends the existing Anti-Money Laundering (AML) regulatory framework in the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 and 2013. The Act transposes the majority of the Fourth EU Money Laundering Directive (4MLD) into National Law. The European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) Regulations 2019 (the BOT Regulations) commenced on 29 January 2019 and transpose into Irish law the obligations imposed by 4MLD as amended by the Fifth Anti-Money laundering Directive (5MLD), in relation to determining the beneficial ownership of certain types of trust.
About the Act
The 2018 Act reinforces the fight against money laundering and terrorist financing at a national level. It will operate in conjunction with the Criminal Justice (Corruption Offences) Act 2018 to combat white collar crime in Ireland. By placing a substantial focus on a risk based approach, the Act imposes greater obligations with regards to risk assessments, due diligence, and policies and procedures. As with previous AML legislation, the Act applies to ‘Designated Persons’. The definition of a ‘Designated Person’ has broadened meaning that the Act applies to any person trading in goods involving cash transactions of at least €10,000, lowering the previous threshold from €15,000 and now also includes gambling service providers. The Act imposes more onerous obligations on Designated Persons such as banks and other financial institutions, lawyers, accountants and high value goods dealers in relation to the risk assessment and monitoring of customers.
Overview of Key Changes
1. Beneficial Ownership
The Act follows the definition afforded to ‘beneficial ownership’ by MLD4. A ‘beneficial owner’ under the Act includes any natural person who ultimately owns or controls the relevant body through direct or indirect ownership. The new definition is more prescriptive and identifies who the beneficial owners are for body corporates, trusts and partnerships with more focus on ‘control’ of an entity than the 2010 Act. It extends beneficial ownership to any person who 'controls' a partnership. It also expands the definition of beneficial owner to include the settlor, trustee, protectors and beneficiaries of trusts.
1.1 The BOT Regulations
The BOT Regulations specify the obligations imposed on trustees of any trust that meets the definition of “an express trust whose trustees are resident in the State or which is otherwise administered by the State". The Regulations impose an obligation on trustees to take all reasonable steps to obtain and hold adequate, accurate and current information in respect of the trust’s ‘beneficial owners’ and enter it on a beneficial ownership register for the trust. The register must also contain details of the date a person was entered into the register as a beneficial owner and the date on he or she ceased to be such an owner. The BOT Regulations also impose obligations on trustees in respect of the retention and maintenance of the register. Trustees must provide the register on request to a Designated Person who requests it during the Customer Due Diligence process.
2. Business Risk Assessments
The Act reflects the Risk Based approach embedded in MLD4 and imposes a statutory requirement for Designated Persons to conduct a 'business risk assessment'. The Designated Person will account for various factors which may indicate the level of risk presented by the products and services it provides, the types of customers it has, and the transactions that it carries out during the customer relationship. This assessment is required to be documented and reviewed by an individual at Senior Management level.
3. Due Diligence
Similarly to previous legislation, the Act requires the performance of Customer Due Diligence (CDD) by Designated Persons where there is a risk of money laundering or terrorist financing. At the outset of a new relationship or transaction, the Designated Person must conduct a customer risk assessment, to determine the level of CDD to be applied. Whilst this is not new, the way in which risk is assessed has changed. Designated persons will no longer be able to rely on a 'tick box' approach to CDD but will be required to take a more holistic view of the overall risk associated with a customer relationship.
The Simplified Due Diligence (SCDD) procedure has changed under the Act. SCDD may apply to low risk categories of customers or transactions but there cannot be an automatic CDD exemption for certain customer types. Exempt categories are no longer specified in the Act and instead operate on a more flexible case-by-case basis. Records must be kept so that a Designated Person may recount how the decision to carry out SCDD was reached.
By way of contrast, Enhanced Customer Due Diligence (ECDD) is relevant where there is a significant level of risk. ECDD would ordinarily apply to large, complex transactions or customers or transactions that involve high risk jurisdictions or politically exposed persons (PEPs). Schedule 4 to the 2018 Act sets out specific high risk indicators relating to the customer, product, service or transaction in addition to geographical considerations.
The definition of a Politically Exposed Person (PEP) has changed under the Act to include both foreign and domestic PEPS i.e. individuals who have been entrusted with a prominent public function, their family members and close associates. This is in contrast to the 2010 Act which only considered foreign PEPs to be high risk.
5. Policies and Procedures
The 2018 Act introduces new requirements and additional clarity as to the matters to be included in a Designated Person's AML and terrorist financing policies and procedures. Designated persons will be required to ensure that their policies and procedures cover all areas of AML/CFT and ensure that adequate training is provided to staff members involved in the conduct of the business. The 2018 Act also requires that entities that are part of a group should follow group-wide policies.
The 2018 Act introduces a new definition of ‘Monitoring’ of a business relationship. The act of Monitoring is defined as scrutinising transactions and the source of wealth or of funds for those transactions and ensuring that they are consistent with the customer’s profile.
Risk and Innovation
The increased use of online business, initiatives such as Open Banking and crypto currencies and the growing departure from face-to-face customer relationships present opportunities for potential money launderers and challenges to Designated Persons. These challenges have led to increased levels of innovation in the area of customer identification and Fin-Tech companies continue to invest heavily in this area. As a result, Designated Persons must identify potential risks and enhance their internal controls, policies and procedures to offset the risks of money laundering and terrorist financing facing their businesses.
The Proactive Approach
Designated Persons should adopt a proactive approach to conducting risk assessments and identifying potential money laundering and terrorist financing risks. Continuous monitoring of customer activity and transactions is required to meet the requirements of the 2018 Act. Implementing more robust policies, and maintaining written risk assessments will assist Designated Persons in demonstrating compliance with the obligations imposed by the Act. Tailored training initiatives are required to make employees aware of the relevant obligations imposed by the Act in the context of the business activities of the company.
The commencement date for the majority of the Act was Monday 26 November 2018. Businesses and organisations who are Designated Persons under the Act should now prioritise the following steps to compliance:
- carrying out a Business Risk Assessment;
- ensuring that there is an appropriate person such as an MLRO who can deal with staff training and queries on the incoming changes; and
- ensuring that policies and procedures are amended in line with the new requirements.