On 9 November 2021, the Central Bank of Ireland ("Central Bank") published its Anti-Money Laundering Bulletin – Issue 7 ("Bulletin") which identifies a number of areas where funds and fund management companies ("Firms") must introduce enhancements to ensure compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (the "CJA").

The Central Bank's findings are based on supervisory engagement it has had with Firms since 2019. Across four discrete areas (referenced below), it sets out (a) the weaknesses it identified in the anti-money laundering and terrorist financing ("AML / CFT") practices of the Firms it reviewed ("Findings"); and (b) the measures it expects Firms to adhere to ( "Expectations"):

Governance

In the area of governance, the Findings include a range of observations where Firms failed to demonstrate effective oversight, implementation, and management of their AML/CFT frameworks. Included in the Expectations was a reminder that Firms must implement a robust assurance testing framework to assess the effectiveness of their AML control frameworks.

Business Risk Assessments

The Findings ranged from Firms not putting a Business Risk Assessment ("BRA") in place to BRAs failing to appropriately assess or reflect inherent money laundering / terrorist financing ("ML / TF") risks and exposures. The Expectations, highlight that a robust BRA, commensurate with the nature, scale and complexity of a Firm's business activities, is a fundamental component in the development of an AML framework.

Outsourcing

In the case of AML activities outsourced to third parties, the Findings identify deficiencies in the documentation, review, and assessment of formalised outsourcing arrangements. The Expectations on outsourcing remind Firms that an effective governance framework extends to oversight of outsourced AML activities and ensuring robust assurance testing, reporting, and monitoring processes are in place.

Customer Due Diligence

Among the Findings on customer due diligence ("CDD"), non-compliance with the requirement that all CDD is in place prior to processing transactions, including initial subscriptions, was highlighted as a particular concern. The Expectations remind Firms to establish and implement comprehensive policies and procedures for the identification and verification (where appropriate) of customers, and that Firms have ultimate responsibility for CDD compliance and must be able to demonstrate effective oversight of any delegate CDD processes.

Next Steps

The Bulletin states that the Central Bank requires all Firms to critically assess their frameworks in the context of the Expectations. Noting that compliance with the Bulletin requirements will continue to be a focus for the Central Bank, it expects Firms to be able to demonstrate that appropriate governance structures are in place to manage and oversee existing and emerging ML / TF and financial sanctions risks, including addressing the deficiencies highlighted in the Bulletin.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.