.svg)
The Central Bank of Ireland has identified various weaknesses in firms’ anti-money laundering (AML) compliance and set out expectations for firms to “demonstrate” they have an appropriate framework in place.
Reporting in its November AML bulletin, Ireland’s central bank has found a number of deficiencies in the areas of governance, business risk assessments, outsourcing and customer due diligence.
Although it acknowledged that Ireland has taken positive steps in its collective fight against money laundering, the central bank noted that the weaknesses identified in the report require remediation.
The bulletin primarily addresses fund entities; however, the central bank emphasises that it expects all firms, irrespective of their sector, to critically assess their anti-money laundering/counter-terrorism financing/financial sanctions (AML/CTF/FS) frameworks against the central bank’s expectations.
It said that it expects all firms to “demonstrate that appropriate governance structures are in place to manage and oversee existing and emerging ML/TF/FS risks”.
The bank found that although the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 requires firms to have appropriate governance and effective risk and control functions in place, a number of firms failed to demonstrate effective oversight, implementation and management of their AML/CTF/FS framework.
In some cases, minutes of board meetings did not reflect adequate discussion in relation to AML/CTF/FS matters, or firms failed to demonstrate that appropriate action was taken to address identified deficiencies in the AML or financial sanctions framework in a timely manner.
In other instances, compliance officers failed to present an annual report to the board, and firms failed to show that they had comprehensive assurance testing programmes in place to ensure effective and independent testing of their compliance framework.
The bulletin underscores that the central bank expects the boards to be “in a position to evidence effective governance and oversight” of their AML/CTF/FS compliance framework.
In addition, the bank found that many firms had no business risk assessment in place, or their risk assessment did not appropriately reflect the inherent money laundering risks. A number of firms did not even have policies and procedures in place that sufficiently documented their approach to how to complete a business risk assessment.
The bulletin stresses that “the Central Bank expects Firms to demonstrate that an AML/CFT/FS risk framework has been embedded that is commensurate with the risk of ML/TF/FS for their business”.
In particular, the bank expects firms to have a documented business risk assessment, which includes an assessment of inherent money laundering, terrorism financing and financial sanctions risks, an assessment of the effectiveness of this control framework and details of the overall residual risk.
Other key concerns mentioned in the bulletin were deficiencies in how some firms oversee the money laundering activities undertaken by outsourced service providers and gaps spotted in relation to customer due diligence (CDD). A particular concern in this area was non-compliance with a requirement that makes it mandatory to complete all CDD prior to processing transactions, including initial subscriptions.
At those instances when firms outsourced CDD activities to another company, some firms could not show that they had adequate processes in place to review outsourced CDD procedures.
Hence, the document warns businesses that ”it is vital that, in identifying their customers, firms can demonstrate to the Central Bank that they are applying measures that are commensurate with the risk of ML/TF… Firms have ultimate responsibility for compliance with the requirements of the CJA 2010 and must be in a position to demonstrate effective oversight of the CDD processes and procedures.”
“Compliance with the requirements set out in this bulletin will continue to be an area of focus by the Central Bank as part of the scope of future engagements with Designated Persons,” the bank said.
Ireland updated its national AML legislation this March when it transposed the 5th EU AML Directive into its legal system. The Central Bank of Ireland published revised AML/CFT Guidelines for the Financial Sector in June 2021, setting out expectations for firms on how to comply with the country’s AML framework.
