On 26 November 2018, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2018 (the "AML Act 2018") was commenced, transposing the majority of the Fourth Anti-Money Laundering Directive ("4MLD") into Irish law.
The AML Act 2018 significantly alters and expands the scope of Irish anti-money laundering and counter-terrorist financing ("AML/CFT") legislation, increasing the focus on risk assessment, requiring certain "unregulated" financial institutions to register with the Central Bank of Ireland ("CBI") and bringing certain providers of gambling services within scope of AML/CFT requirements for the first time.
Main changes under the AML Act 2018
Registration of Designated Persons ("Schedule 2" entities)
Certain financial institutions are deemed to be with scope of AML/CFT legislation by virtue of the activities they engage in and regardless of their authorisation status (e.g. SPVs involved in lending or financial leasing). Such entities have been colloquially known as "Schedule 2" financial institutions. Previously, Schedule 2 financial institutions in Ireland were not required to register with the CBI. The AML Act 2018 imposes a registration requirement and provides that the CBI will now establish and maintain a register of such entities. Failure to register is a criminal offence.
In registering, a Schedule 2 financial institution is required to complete a form specifying the activities which qualify it as a designated person and providing a profile of its business in terms of number and type of customers, geographic location of customers and business activities, number of staff and distribution channels. Financial details must also be provided including total assets and total turnover attributable to in- scope activities. The form contains a specific section for completion by Special Purpose Entities ("SPEs") which are defined as a "legal entity, with little or no physical presence and narrow, specific, and/or ring-fenced, objectives, such as the segregation of risks, assets and/or liabilities, or as a cash conduit." In submitting the completed form, a Schedule 2 financial institution will need to confirm that it has an appropriate AML/ CFT control framework in place and will also need to confirm that it has taken and will continue to take reasonable steps to ensure the fitness and probity of its people, including members of the Board, management team and its beneficial owners.
While Schedule 2 financial institutions were already subject to AML/CFT obligations requiring implementation of an AML/CFT control framework, this new registration requirement increases the regulatory focus on such entities.
Increased focus on risk assessment
The AML Act 2018 requires designated persons to conduct a documented risk assessment of their business activities (a "Business Risk Assessment") and sets out specific procedures for doing so, including assessing their own business activities and consulting the National Risk Assessment and, for banks and financial institutions, applicable AML/CFT risk guidance from European regulators. The Business Risk Assessment must be approved by senior management within the business and kept up to date.
Changes to CDD requirements
- The AML Act 2018 removes the category based approach to determining the level of CDD to be applied and designated persons must now make a determination on a case-by-case basis; with the basis for such determination to be documented and made available to the authorities upon request. The AML Act 2018 prescribes certain factors to be taken into account when assessing the money laundering and terrorist financing risks presented by customers and transactions in order to determine the extent of CDD to be applied. Notable higher risk factors include non-resident customers, companies with nominee shareholders, non-face-to-face business relationships, new products and new business practices, and the use of new technologies for products.
- Designated persons may apply simplified CDD in circumstances where the customer or transaction is considered to be low risk. Similarly, enhanced CDD must be applied where the perceived risk is high. Designated persons must also monitor ongoing transactions or business relationships with a degree of scrutiny commensurate with the risk assessment.
- The obligation to apply enhanced CDD to politically exposed persons ("PEPs") has been extended to PEPs resident in Ireland.
- Under existing AML/CFT legislation, it is permissible for banks to open accounts for customers before verifying their identity provided no transactions are carried out on the account pre-verification. This facility will be extended to financial institutions under the AML Act 2018.
- Designated persons may, provided certain conditions are satisfied, rely on non-EU third parties to perform CDD, where the third party is a branch or a majority owned subsidiary of an EU designated person.
Designated Persons - Dealers in High Value Goods
The threshold for qualification as a 'designated person', which brings an individual or entity within scope of the AML/CFT legislation, has been reduced in respect of transacting in goods involving cash from at least €15,000 to €10,000.
The AML Act 2018 imports the definition of beneficial ownership from 4MLD in respect of incorporated entities which expands the scope to include any persons who may exercise control of such corporates. The definition of beneficial ownership in respect of trusts has also been amended to include settlors, protectors and trustees and any individual who is entitled to a vested interest in the trust property, regardless of their percentage interest.
The European Union (Anti-Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2016 (S.I. 560/2016), introduced in November 2016, require incorporated entities to maintain an internal register of beneficial owners. Further statutory instruments are expected, which will:
- impose equivalent requirements on trusts;
- assign legal responsibility to the relevant agencies for the establishment and maintenance of the central registers of beneficial ownership; and
- impose a reporting obligation on incorporated entities and trusts to file returns to the central registers. It is expected that there will be a reasonable window of opportunity for obliged entities to commence reporting.
Policies and procedures
The AML Act 2018 provides a detailed list of policies, procedures and controls which must be adopted by a designated person. It also contains more prescriptive requirements in relation to group-wide policies and procedures than those set out in existing AML/CFT legislation.
The CBI is yet to publish updated guidance regarding the interpretation and application of the AML Act 2018 ("Guidance"), though has indicated that the Guidance is expected to be published before the end of 2018. The publication of the Guidance should provide greater certainty to designated persons when updating their AML/CFT controls and procedures to ensure compliance with the AML Act 2018.
On 19 June 2018, the final text of the Fifth Anti-Money Laundering Directive ("5MLD") was published in the Official Journal of the European Union. Member States have until 10 January 2020 to fully implement 5MLD. From a corporate transparency perspective, the key feature of 5MLD is that it requires Member States to make central registers of beneficial ownership accessible to the general public with the exception of the register in respect of trusts, which will still require demonstration of a legitimate interest.
Gambling Service Providers
Further to the commencement of the AML Act 2018, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Section 25) (Prescribed Class of Designated Person) Regulations 2018 (the "Gambling AML Regulations") have also commenced, and designate providers of gambling services, other than certain excluded services, as designated persons. This means that in-scope gambling service providers (which include bookmakers and online gambling providers) will be obliged to carry out CDD, report suspicious transactions, and comply with other legislative obligations.
The Gambling AML Regulations capture all gambling service providers other than lotteries, bingo, gaming and amusement machines and land-based poker, which were found to be low-risk following a risk assessment of the sector. The CDD requirements only apply where the amount of money paid to or by the customer is more than €2,000.
How we can help
Walkers has one of the largest and most experienced dedicated financial services regulatory groups in Ireland, and has extensive experience in:
- designing and implementing AML/CFT systems, policies and procedures, including for Schedule 2 financial institutions and providers of gambling services;
- reviewing and updating existing AML/CFT controls to ensure that they are compliant with the AML Act 2018;
- advising on AML/CFT related regulatory inspections and enforcements; and
- providing training to directors, senior management and staff of in-scope entities.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.