The legislation transposing the EU’s Fifth Anti-Money Laundering Directive (“MLD5”) into Irish law is now in force. Each designated body will need to ensure that it complies with the new requirements set out in the Criminal Justice (Money Laundering and Terrorist Financing) Amendment Act 2021 (the “2021 Act”) (here), if it has not already done so.
The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the “2010 Act”), is the core legislation governing anti-money laundering and counter terrorist financing (“AML/CTF”) in Ireland and imposes a number of obligations on “designated persons” including the requirement to carry out a business risk assessment, a customer risk assessment and customer due diligence (“CDD”), and the requirement to report suspicious transactions to the Financial Intelligence Unit (FIU) and the Revenue.
For the most part, the 2010 Act transposes the EU’s Fourth Money Laundering Directive (“MLD4”) into Irish law and largely tracks its requirements. As set out in our earlier briefing (here), the EU adopted MLD5 to amend MLD4 in order further strengthen and adapt the EU’s AML/CTF framework for combatting money laundering and terrorist financing.
MLD5 has largely been transposed into Irish law by the 2021 Act, which amends the 2010 Act in a number of respects. This includes, in particular, extending the scope of application of the 2010 Act and the introduction of new requirements regarding CDD as well as a number of other amendments.
The 2021 Act introduces a number of new types of designated persons including:
- Virtual asset service providers (which must register with the Central Bank of Ireland (the “Central Bank”))
- letting agents (in respect of transactions for which the monthly rent is at least €10,000)
- high-value art dealers and intermediaries (in respect of transactions of at least €10,000 in value).
It also extends the definition of a “tax advisor” to include "any other person whose principal business or professional activity is to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters.”
Customer Due Diligence (CDD)
The 2021 Act includes new provisions relating to the timing of CDD, Verification of Senior Managing Officials (“SMOs”), Measures Applying to Business Relationships, Politically Exposed Persons (PEPs); enhanced CDD in the case of high-risk third countries; and the activities set out in Schedule 4 of the 2010 Act.
Timing of CDD
The 2021 Act provides that a designated person must carry out customer identification and verification any time it is obliged to contact a customer for the purposes of reviewing any relevant information relating to the customer’s beneficial owner by virtue of any enactment or rule of law, including the European Union (Administrative Cooperation in the Field of Taxation) Regulations 2012.
Verification of Identity of Senior Managing Officials (SMO)
Under the 2021 Act, where a beneficial owner is a SMO, a designated person must take the necessary measures to verify the SMO’s identity and keep records of these measures, including any difficulties encountered in the verification process.
Measures applying to business relationships
MLD4/MLD5 were partially transposed into Irish law by the:
- European Union (Anti-Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2019 (as modified by the European Union (Modifications of Statutory Instrument No. 110 of 2019) (Registration of Beneficial Ownership of Certain Financial Vehicles Regulations 2020) (the “BOC Regulations”); and
- European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) Regulations 2021 (see our related briefing here).
The BOC Regulations require in-scope entities to establish and maintain an internal beneficial ownership register and to report certain information to the Central Register of Beneficial Ownership of Companies and Industrial Provident Societies or the Central Register of Beneficial Ownership of Irish Collective Asset-management Vehicles, Credit Unions and Unit Trusts, as the case may be.
Where a customer is in-scope of the BOC Regulations, a designated person must ascertain that information concerning the customer’s beneficial ownership is entered in the relevant Central Register. Similarly, in the case of a trust, the 2021 Act requires a designated person to ascertain that information concerning the beneficial ownership of the customer is entered in the relevant trust's beneficial ownership register or in the Central Register of Beneficial Ownership of Trusts, as the case may be.
Generally a designated person must carry out the above checks prior to the establishment of the business relationship, however in certain circumstances a credit or financial institution may allow an account to be opened before carrying out these checks, but it cannot allow transactions on those accounts by or on behalf of the customer or its beneficial owner(s) until the checks are complete.
Examination of background and purpose of certain transactions
The 2021 Act makes some changes to this requirement. In particular, it reduces the burden on a designated person in that such transactions must only be examined “in so far as possible”. However a designated person must now examine each of the following types of transactions:
(b) unusually large
(c) that have an unusual pattern; or
(d)that have no apparent or lawful purpose.
Politically Exposed Persons (PEPs)
Under the 2021 Act, where a person is a PEP, a designated person must continue to treat him or her as such for as long as is reasonably required taking into account the continuing risk posed by that person.
Enhanced CDD – high risk third countries
The 2021 Act imposes additional obligations on a designated person when dealing with customers established or residing in a high-risk third country. Specifically, it lists the measures to be applied by a designated person in such situations, which list includes:
- obtaining additional information on the customer, the source of funds and wealth, the intended nature of the business relationship and the reasons for the intended or performed transactions;
- obtaining the approval of senior management for establishing or continuing the business relationship;
- conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transaction that need further examination.
Schedule 3/Schedule 4 – Non exhaustive list of factors suggesting potentially lower/higher risk
The 2021 Act makes a number of minor amendments to Schedules 3 and 4 of the 2010 Act. The Schedule 4 amendments include new risk factors in relation to both customers and transactions/products.
The 2021 Act makes a number of other amendments to the 2010 Act, as follows:
- E-money Derogation – the 2021 Act reduces the monetary limits applicable when relying on the exemption from €250 - €150 and from €100 - €50. Moreover, the exemption is no longer available to purely domestic payment instruments with a stored monetary value of €500 or to remote payment transactions. A credit or financial institution acting as an acquirer is prohibited from accepting a payment carried out with an anonymous prepaid card issued in a third country unless the payment instrument concerned complies with the requirements of the e-money derogation;
- Suspicious Transaction reports (STRs) – where a designated person makes an STR, FIU Ireland must, where practicable, provide timely feedback to that person on the effectiveness of and follow-up to the STR;
- Tipping off – the 2021 Act introduces a new defence to the Tipping off offence for credit and financial institutions;
- Anonymous Accounts – the prohibition on credit and financial institutions from setting up an anonymous account is extended to include setting up an anonymous safe deposit box; and
- Whistleblowing – each authority that is a competent authority for the purposes of the 2010 Act must set up effective and reliable mechanisms to encourage the reporting of potential and actual breaches of this Act.
While the 2021 Act transposes most of MLD5 into Irish law, some parts remain to be transposed. In particular, Ireland has yet to provide for centralised automated mechanisms, such as central registries or central electronic data retrieval systems, which allow the timely identification of any natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN and safe deposit boxes held by a credit institution.
As set out above, the 2021 Act introduces a number of changes in the AML/CTF obligations imposed on a designated person under the 2010 Act and such persons will need to review their existing policies to ensure that they comply with the changed obligations. As the 2021 Act is the latest in a number of domestic developments impacting on AML/CTF in recent months, designated persons should also ensure that their policies reflects these other developments, if they have not already done so. These include, in particular, the Central Bank’s AML Bulletin on transaction monitoring, published in October 2020 (here) and its Dear CEO letter, published in December 2020 (here).