In June this year, the Central Bank of Ireland (‘CBI’) issued an updated revision of their guidelines on Anti-Money Laundering/Countering the Financing of Terrorism (‘AML/CFT’) for the financial sector. This follows the initial publication of these guidelines which issued in September 2019. The purpose of these guidelines is to provide assistance to all Credit and Financial Institutions with their compliance to their legal obligations as set out in the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 – 2021 (‘the act’).
The revised guidelines take into account the recently enacted 5th EU Money Laundering Directive, the CBI’s regulatory expectations as set out in previous AML/CFT bulletins as well as the updated European Banking Authority AML/CFT Risk Factor guidelines which issued in Q1 2021.
Some of the key changes which have come out of the revised guidelines are in relation to
AML/CFT Risk Assessments
The guidance has been further updated to confirm that a firm’s AML/CFT business risk assessment and customer/transaction risk assessment should be connected. Firms should rely on the assessment of the business’ inherent risk to inform their risk-based approach to the identification and verification of individual customers and drive the level and extent of due diligence appropriate to that customer or occasional transaction.
The CBI has updated the governance section of the guidance to set out their expectations as to the roles and responsibilities of the Board as well as key staff including Senior Management & the Compliance Officer who have responsibility for AML/CFT matters and the Three Lines of Defence (where relevant).
The CBI has included a new section of the Risk Based Approach guidance in relation to De-Risking. Specifically, they have highlighted that it is not acceptable for firms to terminate large categories of customers or exclude cohorts of customers without conducting individual risk assessments in the first instance to determine whether there are any increased CDD measures which could be applied which may add sufficient comfort to allow the customer relationship to be maintained. Where the decision remains to terminate the customer relationship, this rationale including the risks that were presented should be fully documented
The PEP section of the guidance has been updated to include the new legislative obligation which now requires Firms to continue to apply enhanced due diligence (EDD) measures to a PEP for as long as is reasonably required until the person is no longer deemed to pose a risk, arising from their previous PEP status. Previous to this, Firms were allowed to remove EDD measures from a customer who was no longer a PEP for more than 12 months.
Beneficial Ownership Registers
The guidance now includes a section regarding the importance for implementing a beneficial ownership register at a national level as well as a Firms new obligations to check the various beneficial owner registers+ prior to on-boarding a new non-personal customer or trust business and the various measures that must be in place regarding continuing to enter the business relationship, including terminating the relationship where relevant.
+ The express trust (beneficial ownership) register (in accordance with Section 35(3A) of the CJA 2010; The Central Register of Beneficial Ownership of Companies and Industrial Provident Societies or, as the case may be, the Central Register of Beneficial Ownership of Irish Collective Asset management Vehicles, Credit Unions and Unit Trusts (in accordance
with Section 35(3C) of the CJA 2010.
High Risk Third Countries
The guidance has been updated to include the more prescriptive approach outlined in the act for applying EDD measures for customers established or residing in a high risk third country. Such information includes - but not limited to obtaining information regarding the Customer, the Beneficial Owner, the intended purpose of the relationship and the Source of Funds/Wealth.
The guidance has been updated to reflect the CBIs expectations in relation to Transaction Monitoring (TM) - both automated and manual. Some key takeaways to note are as follows:
- Firms must update their AML/CFT Business Risk Assessment to accurately reflect the TM controls and level of assurance testing undertaken to ensure an effective TM model;
- Firms should not place absolute reliance on automated transaction monitoring and employees should still be aware of the need to manually identify any transactional activity, which may be suspicious;
- Firms should ensure that the adequacy of its controls are subject to continued and regular review.
How can Grant Thornton help you?
We have a fully dedicated Financial Crime Compliance team that can assist in relation to:
- Performing comprehensive reviews and gap analysis of your key AML/CFT Framework documentation (Business Risk Assessment, Policy, Procedures, Methodologies, Training) to ensure full compliance with AML/CFT legal requirements, CBI expectations and 1st class Financial Crime Risk Management
- Assurance reviews of your firms critical first and second line AML/CFT functions and processes
- Providing best-in-class advice and guidance with regards to any CBI engagement that your firm may be subject to including inspections and authorisations