The Central Bank of Ireland (CBI) has issued its latest Anti-Money Laundering Bulletin (the Bulletin). While this Bulletin is directed at the Funds sector, the CBI advises designated persons operating in other sectors to "take note" of the Bulletin and "consider its relevance" to their sector. All firms, regardless of sector, are expected to "critically assess" their anti-money laundering/countering the financing of terrorism and financial sanctions frameworks (AML/CFT/FS) against the CBI's expectations.

Moreover, this Bulletin should be read in conjunction with previous CBI bulletins, reports and guidance, including in the areas of Transaction Monitoring, Customer Due Diligence and Suspicious Transaction Reporting.

The focus of the Bulletin is on fund entities (UCITS, QIAIFs, RIAIFs), including SMICs, and their fund management companies (UCITS ManCos and AIFMs). Through supervisory engagements with these firms, monitoring compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (the CJA), the CBI has identified weaknesses in four key areas. Firms must introduce "enhancements" in these areas in order to ensure they can "sufficiently demonstrate compliance" with the requirements of the CJA.

1. Corporate governance

The CBI found numerous shortcomings regarding AML/CFT/FS and corporate governance. These included:

  • a lack of evidence of adequate discussion of AML/CFT/FS at board meetings – such matters should be subject to "robust discussion and challenge at an appropriately senior level" and accurately recorded in board and/or committee minutes
  • failures by firms to "actively" seek the regular provision of "qualitative and quantitative Management Information"
  • a lack of appropriate action in response to identified AML/CFT/FS deficiencies
  • a failure to demonstrate adherence to CBI expectations that the Compliance Officer present an annual 'Compliance Officer Report' to the board
  • a failure to show that firms had "comprehensive assurance testing programmes" in place to ensure "effective and independent" testing of AML/CFT/FS frameworks

The Bulletin reiterates the CBI's expectations (as outlined in its revised AML/CFT Guidelines) regarding:

  • the appointment of a "Member of Senior Management with primary responsibility for implementing, managing and overseeing" the AML/CFT/FS framework
  • the appointment of an individual at management level (the Compliance Officer) to "monitor and manage compliance with, and the internal communication of, the firm's internal AML/CFT/FS policies, controls and procedures"

In both instances, these appointments should be made where warranted by the "nature, scale and complexity of a firm's activities". In the case of the member of senior management, the CBI expects firms to consider whether the appointee should be a member of the board "where Firms are exposed to a significant degree of inherent ML/TF risk".

2. AML/CFT/FS Business Risk Assessment

A number of firms engaged with by the CBI had no Business Risk Assessment in place. Even where one was in place, in many cases the Business Risk Assessment did not "accurately and/or appropriately reflect the inherent ML/TF risks associated with this sector". Particular areas of the Business Risk Assessment where failures were identified included:

  • full assessment of distribution risk
  • "adequate consideration and assessment" of the risks associated with the "extensive" use of outsourcing arrangements
  • geographic risk "to reflect the wide geographical reach relevant to its business operations"
  • "sufficient consideration and assessment" of sector-specific complexities (e.g. complex beneficial ownership structures"

In addition, a number of firms were unable to show that terrorist financing had been considered in their Business Risk Assessment. A number of firms also did not have policies and procedures that adequately documented their methods and approach to completion of the Business Risk Assessment.

3. Outsourcing

The CBI acknowledged that many firms outsource AML activities to third parties. Ultimate responsibility, however, remains with the firm to ensure full compliance with the CJA. The Bulletin notes that the CBI "continues to identify weaknesses" in firms' oversight of third parties. These weaknesses include:

  • a lack of formalised arrangements around the governance of outsourced activities (e.g. through service level agreements)
  • outsourcing arrangements not subject to regular review and assessment at an appropriate senior level
  • a lack of management information and key performance indicators

Of particular concern to the CBI were deficiencies in oversight by some firms of the AML/CFT/FS activities undertaken by outsourced service providers (OSPs). For example, the CBI found that OSPs were not subject to regular and comprehensive due diligence reviews. There was also insufficient oversight of technological solutions deployed by OSPs for the purposes of activities such as PEP and FS screening and Transaction Monitoring.

4. Customer Due Diligence (CDD)

A particular concern for the CBI in this area was non-compliance with Section 33(6) of the CJA, which requires that all CDD has been performed prior to processing transactions, including initial subscriptions. In some instances, the CBI found that firms had ineffective CDD control frameworks in place to ensure that customers are fully identified and verified (where applicable) prior to processing transactions. Oversight of CDD policies and procedures was also lacking in a number of areas, particularly where firms had outsourced CDD activities to an OSP.

Next steps

The Bulletin sets out some useful detail on the CBI's expectations. The CBI will be continuing its supervisory engagements with firms. Where firms fail to demonstrate the necessary remediation to ensure compliance, the CBI states that it will determine the appropriate action to undertake within the full range of its regulatory tools, including, where necessary, utilising its enforcement powers.

Please speak with your usual contact in A&L Goodbody LLP for advice and assistance on compliance with the requirements discussed above.

Mairead McGuinness: statement to the European Parliament

Mairead McGuinness, European Commissioner for Financial Stability, Financial Services and the Capital Markets Union, recently delivered a statement to the European Parliament on increased efforts to fight money laundering by the European Commission.

In her speech, she outlined the tools available to the Commission to enforce AML/CFT rules:

  • Control of transposition: The EU is pursuing Member States for partial or non-transposition of the Fourth and Fifth Anti-Money Laundering Directives into national law.
  • Effective implementation of the AML directives: The Council of Europe is conducting a study on the effective implementation of the AML framework in each Member State, including on-site visits to all Member States, and looking at core provisions of the rules. For example, the Council will examine whether supervisors and Financial Intelligence Units are sufficiently staffed, the functioning of registers of beneficial ownership, and how the supervision of the non-financial sector is carried out.
  • Country Specific Recommendations (CSRs) within the European Semester: The Commission issued 11 AML-related CSRs last year and plans to make greater use of the Semester for AML in the next cycle. Most Member States that have received CSRs have included AML in their Recovery and Resilience Plans. Where measures on AML have been included in Member States' plans, their implementation will be monitored through milestones and targets.
  • Civil society: The Commission is currently implementing a Pilot Project requested by the Parliament called Capacity building, programmatic development and communication in the context of the fight against money laundering and financial crimes. This is aimed at increasing AML/CFT awareness and empowering civil society in this area.
  • Law enforcement: The "fight against criminal finances" will play a prominent role in the new EMPACT 2021-2025; the European Multidisciplinary Platform Against Criminal Threats, which is overseen by Europol. The creation of the European Financial and Economic Crime Centre at Europol in June 2020 is a "significant step" to reinforce law enforcement efforts against financial crimes. The Commission also plans to support operational cooperation of the AMON network of money laundering investigators, and by proposing stronger rules on asset recovery and confiscation in 2022.

Commissioner McGuinness also discussed the new AML framework published on 20 July 2021, specifically highlighting the move to a directly effective regulation, the proposed enhancements of the beneficial ownership regime under the Single Rulebook and the role of the new EU AML supervisory authority, AMLA, which is expected to start its activities in 2024.