The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 ("2021 Act") which transposes aspects of the EU Fifth Money Laundering Directive EU/2018/843 ("5MLD") brings virtual asset service providers ("VASPs") within the scope of the Irish anti-money laundering and countering the financing of terrorism ("AML / CTF") regime for the first time. This update highlights the key requirements which will apply to VASPs and the new registration requirement.
There has been a lot of debate and discussion about the regulation of "virtual currencies" or "cryptos", both at Irish and European level. Some crypto instruments will fall to be regulated under existing regimes, for example, the Markets in Financial Instruments Directive, depending on their structure. One key question is how regulators might apply oversight of cryptos from an AML / CTF perspective. Similarly, in its most recent guidance the Financial Action Task Force ("FATF") urged for the implementation of AML and CTF obligations on virtual assets and VASPs. 5MLD provided the European solution by introducing a new regime for VASPs.
5MLD has only recently been fully transposed into Irish law by the 2021 Act, which amends the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 ("CJA 2010"). The changes will come into effect when the Act is commenced (which is expected in the coming weeks).
What Virtual Assets are in Scope?
A "virtual asset" is "a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes but does not include digital representations of fiat currencies, securities or other financial assets".
What is a VASP?
A VASP is a person who, by way of business, carries out one or more of the following activities for, or on behalf of, another person:
- An exchange between virtual assets and fiat currencies;
- An exchange between one or more forms of virtual assets;
- A transfer of virtual assets, that is to say, conducts a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another;
- Acts as a custodian wallet provider; or
- Participation in, and provision of, financial services related to an issuer's offer or sale of a virtual asset or both
but does not include a designated person that is not a financial or credit institution and that provides virtual asset services in an incidental manner and is subject to supervision by a national competent authority, other than the Central Bank of Ireland ("CBI").
What Regulatory Requirements Apply?
VASPs will be subject to the detailed AML / CTF requirements set out in the CJA 2010, and associated guidance issued by the CBI or the European Supervisory Authorities. This includes obligations in relation to customer due diligence; ongoing monitoring and reporting; internal governance and training and having robust frameworks in place to detect money laundering and terrorist financing.
The fitness and probity regime, which requires persons performing certain key functions to be "fit and proper", will also apply as part of the registration process.
Overview of the Registration Process
The CBI will not be in a position to accept applications until the 2021 Act comes into force. Firms who wish to apply for VASP registration will then need to submit a Pre-Registration Information Form to the CBI by email to VASP@centralbank.ie, to request an Institution Number.
The CBI has published a sample registration form on its website. Further information on the registration process, including the Pre-Registration Information Form, will be available on the CBI's website once the 2021 Act comes into force.
To register as a VASP, the following information will need to be submitted to the CBI with the application form (and supporting documentation):
- The applicant's AML / CTF policies and procedures;
- The applicant's ML / TF risk assessment;
- Details of all direct and indirect ownership and the management of the applicant;
- Individual Questionnaires to assess the fitness and probity of all individuals who are proposed to hold "pre-approval controlled functions" in the applicant;
- A business plan setting out the applicant's proposed activities, transaction flows, projections and any outsourcing arrangements;
- Details of the applicant's proposed organisational structure, AML / CTF reporting lines and staffing arrangements; and
- Details of the applicant's AML / CTF training plan.
Transitional Arrangements for Existing Providers
The 2021 Act provides for transitional arrangements for existing firms who are already engaged in VASP activities in Ireland.
Any person carrying on business as a VASP immediately before the coming into operation of the new Chapter 9A, can initially continue to operate but must apply for registration with the CBI within three months of section 106G (i.e. the registration obligation) coming into operation. For the interim period, the entity can carry on VASP business until the person's VASP registration application has either been granted or refused by the CBI.
What do Firms Need to do Now?
In scope firms should begin drafting the relevant documentation to support the AML / CTF framework which they will be required to have when the 2021 Act comes into force and to support their CBI application registration.
The CBI had identified VASPs as a key supervisory priority in 2020 but the legislation transposing this regime was not enacted until this year. So we would expect the CBI, at some point, to focus on VASPs from a supervisory perspective and possibly undertake AML / CTF inspections, similar to those undertaken in 2020 for so-called Schedule 2 Firms.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.