On 6 September 2019, the Central Bank of Ireland (the "CBI") published the final version of its Anti-Money Laundering ("AML") and Countering the Financing of Terrorism ("CFT") Guidelines for the Financial Sector (the "Guidelines").
The Guidelines are designed to assist credit and financial institutions in understanding their obligations in relation to AML and CFT, following the implementation in Ireland of the 4th EU AML Directive.
The Guidelines are largely consistent with the draft guidelines issued in December 2018 as part of the CBI's Consultation Paper CP128, with the majority of changes being for the purposes of clarification. The purpose of this note is to set out some of the more material changes from the draft guidelines.
Timing of Customer Due Diligence ("CDD")
The Guidelines include a new paragraph acknowledging that the legislation allows a firm to identify and verify the identity of a customer during the establishment of a business relationship in circumstances where the firm believes there is no real risk of money laundering or terrorist financing. However, the Guidelines go on to emphasise that while an account may be opened prior to CDD being completed, transactions may not be carried out by or on behalf of the customer or beneficial owner until CDD is complete.
Unfortunately no guidance in given as to what constitutes a "transaction" for these purposes. For example, does the funding of the account itself constitute a transaction or does the transaction only arise upon the onward transmission of those funds or upon a subscription for a financial instrument? The most prudent course of action will be to conduct all CDD prior to accepting any funds from the customer. In the context of subscriptions for securities or shares/units in investment funds, it is clear that such securities, shares and units should not be issued until CDD is complete.
Documents used to satisfy CDD requirements
The Guidelines do not include examples of documentation that the CBI considers would satisfy the CDD requirements. Instead they state that, in applying a risk-based approach, firms should maintain their own lists of acceptable documents and such lists should be reviewed on an ongoing basis to ensure that they remain current and appropriate.
Obligation to identify and verify beneficial owners
Firms are required to identify beneficial owners, if any, without exception. The Guidelines clarify that the extent to which a beneficial owner's identity is required to be verified is dependent upon the associated money laundering or terrorist financing risk attaching to such beneficial owners.
Reliance on third parties to carry out CDD
The requirement in the draft guidelines for a signed agreement with the third party carrying out CDD has been deleted. This welcome change reflects the widespread practice of relying upon letters of undertaking from third parties rather than formal agreements signed by both parties.
Politically Exposed Persons ("PEPs")
A provision has been added to the Guidelines requiring firms to allocate responsibility for the approval of PEP relationships and to ensure that the approval of such relationships is conducted by individuals who are appropriately skilled and empowered. The approval process must be subject to appropriate oversight.
Further, the Guidelines require firms to utilise reliable and independent data to verify the source of wealth and the source of funds of all PEPs. In the draft Guidelines, such independent verification was only required in cases where a "particularly high" money laundering or terrorist financing risk was associated with the PEP relationship.
The Guidelines emphasise that all employees, directors and agents of a firm are trained in relation to the firm's AML/CFT policy. In addition, firms are required to provide specific AML/CFT training tailored to the roles carried out by members of staff.
The wording of the Guidelines has also been revised in relation to training assessments. Firms should ensure that the AML/CFT training includes an assessment or examination during the training session. If the training does not contain an assessment or examination, firms must be in a position to demonstrate the effectiveness of training and staff understanding of such training. It is difficult to envisage how this can be demonstrated without some form of test or assessment. It is likely therefore that firms will need to introduce assessments as part of their AML/CFT training.
The Guidelines provide useful guidance in relation to an increasingly important area of focus for firms and regulators. They should be read in conjunction with the Guidelines issued by the European Supervisory Authorities on simplified and enhanced due diligence and the factors which credit and financial institutions should consider when assessing money laundering and terrorist financing risk (the "Risk Factor Guidelines"). In addition, it is likely that individual sectors may in time issue their own guidance supplementing the Guidelines in certain areas.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.