Business Risk Services

Third Party Reliance

Sheila Duignan Sheila Duignan

Third party reliance is an increasingly common practice now among financial service providers, particularly in the fund management sector. This bulletin sets out the legal requirements in relation to Third Party Reliance, the Central Bank’s expectations in relation to same and the expected impact MLD4 will have on the subject.

Formal agreement

The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended by the 2013 Criminal Justice Act, (the Act) allows a designated person (firm) to rely on relevant third parties to complete certain Customer Due Diligence (CDD) requirements. However the Act requires that to rely on a third party there must be an agreement in place between the third party and the firm relying on them. The third party must understand and accept that they are being relied on for the fulfilment of AML requirements and they must also be able to provide the designated person with all customer due diligence documents as soon as practicable upon request.

 Although third parties may be relied upon to fulfil CDD requirements, the ultimate responsibility to comply with the CJA 2010 ultimately lies with the Board of the firm relying on the third party and failure to do so is an offence under the Act.

A signed agreement should be in place between the firm and the third party. In the absence of such an agreement the firm must carry out the CDD themselves. The agreement must not contain any conditional language which may lead to the third party not providing the CDD documents to the firm when requested.  Examples of such clauses are ‘to the extent permissible by law’ and ‘subject to regulatory request’.

The agreement should be clear about the categories of customer that the third party will be dealing with and about what identification and verification methods will be used to comply with AML requirement. It should also set out the record keeping obligations of the third party which is five years after the business relationship has ended.


The firm may not rely on the third party to undertake the required on-going monitoring of customer transactions and the customer relationship on their behalf. The firm itself must monitor dealings with a customer including transaction analysis and to examine the source of funds involved in the transactions. The firm must decide whether or not the transactions are consistent with their knowledge of the customer and the customer’s business and pattern of transacting and any knowledge that the firm may have that the customer may be involved in money laundering or terrorist financing.

The firm must also ensure that they monitor the activities of the third party it relies upon. They should perform regular assurance testing to ensure that documentation can be retrieved promptly when required and that the quality of the identity verification process is sufficient.

Who is a relevant third party?

A relevant third party can be a person in the State that is a credit institution, a financial institution, an external accountant or auditor, a tax advisor, an independent legal professional or a trust or company service provider.

They can be a person in another Member State who is supervised for compliance with the EU AML/CFT legislation and is a credit institution, a financial institution or an external accountant, auditor, legal professional or trust or company service provider.

Finally a person who carries on business in a non-EU country which has been designated as having equivalent requirements to EU AML standards, can be a relevant third party. They can be a credit institution, and financial institution or an external accountant, auditor, legal professional or trust or company service provider. Firms must ensure that all requirements are met by the non-EU third party as ultimate responsibility for compliance with CJA 2010 remains with the Board.

AML/CTF rules prohibit firms from relying on third parties established in high risk countries. However, MLD4 provides for Member States exempting branches and majority owned subsidiaries of EU based firms from this exclusion where they fully comply with group-wide AML/CTF policies and procedures. Further information in relation to the impact of MLD4 is provided below.

Additional factors to consider in relation to Third Party Reliance

Secrecy Jurisdictions: In some jurisdictions secrecy laws may mean that a relevant third party would not be in a position to provide the firm with the identification documentation as required by the CJA 2010. Firms must satisfy themselves that any third parties they place reliance on is in a position to meet its obligations under the Act and will not be bound by conflicting national laws.

Politically Exposed Persons (PEPs): While a firm may rely on a third party to perform CDD measures they must undertake all enhanced CDD (ECDD) themselves. PEPs automatically necessitate ECDD so where a PEP has been identified by a third party the due diligence and final determination on the risk posed must be owned by the firm.

‘Face to Face’: Where the third party has met the customer ‘Face to Face’ for identification purposes the firm will be deemed to have met them ‘Face to Face’ for the purposes of their Risk Assessment.

Designated Jurisdictions: Although third parties established in countries outside the EU but with ‘equivalent’ standards to EU AML legislation can be relied upon, firms must include these countries in their country risk assessments.

Fourth Money Laundering Directive (MLD4)

MLD4 is due to be transposed into Irish law by June 2017. There are a number of key changes from the Third Directive and firms relying on relevant third parties must review the agreements in place and ensure that the further obligations imposed by MLD4 are fully satisfied  by the third party. This may involve updating agreements and reviewing the third parties’ AML policies and procedures in light of the new Directive. Further updates will be provided by Grant Thornton when MLD4 is transposed in to Irish law this summer.