Irish financial and non-financial businesses and professionals are facing a period of change and uncertainty as the current anti-money laundering and countering the financing of terrorism (AML/CFT) regime undergoes significant reform. One of the main drivers for this reform was the publication of the updated AML/CFT recommendations by the international Financial Action Task Force (FATF) in February 2012 but, in response to recent terrorist attacks in Brussels and Paris, the leak of the Panama Papers as well as advances in digital currencies, policymakers have sought to enhance and further reinforce EU AML/CFT rules.
The reform agenda includes the enactment of new European and domestic legislation and the introduction of corporate beneficial ownership registers. Regulators are also stepping up the number and intensity of inspections and the likelihood is that this will lead to more companies and individuals being sanctioned for non-compliance. Some developments will be welcomed by industry, such as the introduction of a new Irish online suspicious activity reporting system, but overall, the volume and pace of change will prove challenging for many businesses.
Fourth Anti-Money Laundering Directive (4MLD)
On 25 June 2015, 4MLD was enacted with a two year window for implementation into the domestic law of EU Member States. 4MLD is notable for its increased emphasis on a risk based approach to AML/CFT at all levels with the European Commission, the European Supervisory Authorities, EU Member States, regulators and obliged entities (currently known as designated persons) each tasked with conducting some form of risk analysis.
At a local level, Ireland has met the risk challenge head on by publishing its first National Risk Assessment (NRA) last October. The NRA details the macro-level money laundering and terrorist financing risk factors faced by Ireland and the threats, vulnerabilities and risks which are present in various industry sectors. The NRA is expected to provide the basis for an action plan which, when implemented, will further strengthen the Irish AML/CFT regime. It is also envisaged that the NRA will be updated on an ongoing basis as threats and vulnerabilities evolve and it is likely that future iterations of the NRA will be enhanced through greater exchange and analysis of data between law enforcement agencies, supervisors and obliged entities.
In addition to an increased focus on risk, 4MLD also introduces a number of other significant changes to the existing AML/CFT regime including the following (some of which may yet be subject to minor variation through the exercise of national discretions):
- All Member States are required to introduce a central register of beneficial ownership of incorporated entities and trusts (examined in greater detail below);
- Enhanced due diligence is now applicable to domestic politically exposed persons;
- All higher risk gambling service providers (not just casino operators) are required to apply customer due diligence measures to single or linked transactions amounting to €2,000 or more;
- Goods traders making or receiving cash payments of €10,000 or more are now in scope with AML requirements (current threshold is €15,000);
- All decisions to apply simplified customer due diligence will need to be backed up by a risk analysis;
- Firms with majority-owned subsidiaries located in other countries where the minimum AML/CFT requirements are less strict than those of the Member State must implement the requirements of the Member State at those subsidiaries; and
- New minimum penalties for serious, repeated and/or systematic compliance failures including suspension of authorization, temporary ban from managerial functions and maximum pecuniary sanctions of at least €5M or 10% of total annual turnover.
Fifth Money Laundering Directive (5MLD)
In response to terrorist attacks in Europe, the leak of the Panama Papers and developments in crypto and digital currencies, the European Commission published a proposal in July 2016 to amend 4MLD to include additional measures to tackle money laundering and terrorist financing. This is known as 5MLD.
The proposed measures include the application of enhanced checks towards high risk third countries, bringing virtual currency exchange platforms within scope of the AML/CFT regime, lowering due diligence thresholds for prepaid instruments, enhancing the powers of Financial Intelligence Units (FIUs) and giving FIUs swift access to information on the holders of bank and payment accounts, through centralised registers or electronic data retrieval systems.
The ongoing debate on 5MLD between the European Commission, European Council and European Parliament has created an unusual scenario whereby Member States were preparing to transpose a Directive (4MLD) which may yet be impacted by another Directive prior to its transposition.
Ireland & The 5MLD
A new EU Fifth Money Laundering Directive (“5MLD”) is in the advanced stages of negotiations and is currently scheduled to be discussed further by the EU Parliament at the end of 2017. The main reason the new 5MLD is being negotiated is because the 4MLD did not have adequate provisions regarding new and developing technologies including virtual currencies and prepaid cards.
Due to this, Ireland has taken the decision to introduce legislation which will result in the majority of the provisions in the 4MLD not being implemented until after the details of the 5MLD have been finalised. However, Ireland has implemented certain aspects of Article 30 of 4 AMLD which require Irish corporates to obtain and hold certain information on their beneficial ownership.
Ireland is not alone in this approach and is in fact one of 17 member countries that the EU is taking to court due to its failure to implement 4MLD in to law by June 26th, 2017.
Heads of Bill
In January 2017, the Irish Government published a General Scheme of a Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill (Heads of Bill) which is intended to transpose most of the provisions of the 4MLD, amend existing legislation which gave effect to the Third EU Money Laundering Directive (3MLD) and align Irish AML/CFT requirements with FAFT recommendations.
FATF Mutual Evaluation
In addition to publishing recommendations, FATF also conducts peer reviews of each FATF member country on an ongoing basis to assess levels of implementation of its recommendations and to provide an in-depth description and analysis of each country’s system for preventing criminal abuse of the financial system. These peer reviews are known as mutual evaluations.
A FATF delegation visited Ireland in November 2016 to conduct a mutual evaluation of Ireland’s AML/CFT regime. During the visit, the delegation met with all of the relevant government agencies and with representatives of some of the key industry sectors. The effectiveness of Ireland’s AML/CFT regime was assessed and rated by FATF across a number of headings.
Generally, Ireland was found to have a good understanding of the money laundering and terrorist financing risks it faces. FATF also found Ireland had broadened this understanding to relevant agencies and the private sector through effective national cooperation and coordination. Ireland’s national risk assessment demonstrated an appreciation of the risks it could face from beyond its borders, but given its position as an important regional and international financial centre, it was found it could further refine its understanding of international money laundering risks.
Regulatory Supervision and Enforcement
In the years since the transposition of 3MLD in 2010, there has been a gradual ramping up of supervisory activity in terms of ongoing reviews and enforcement action. The AML/CFT Division in the Central Bank of Ireland (CBI) has substantially increased its headcount in recent times and has refined its approach to supervision using the CBI online reporting system. Recent CBI enforcement cases for AML/CFT breaches have been notable for the frequency and size of the fines (including fines of €3.3M, €2.3M and €1.75M) and the robust nature of the messaging in the publicity statements concerning such cases.
It is notable that poor governance of outsourced AML/CFT activities has been a recurring theme in some of the cases which have attracted the biggest fines. In August 2016, the Minister for Justice and Equality prescribed the Property Services Regulatory Authority (PSRA) as the competent authority for the real estate sector for the purposes of AML/CFT which means that property service providers can expect to face greater scrutiny going forward.
Considering all of the recent and forthcoming changes to the AML/CFT regime, one might expect that policymakers and regulators would produce detailed guidance to assist the industry in adopting an informed and consistent approach to the new regime. However, to date there has been no official confirmation as to whether existing guidance will be updated or replaced even though the new requirements have already started to come into effect.
For example, the beneficial ownership regulations have now been in force for a number of months and have given rise to a significant number of queries across the industry in terms of their interpretation and application. The corresponding legislation in the UK was accompanied by over 150 pages of guidance but as things stand Irish companies will not have the benefit of equivalent guidance.
Online Suspicious Transaction Reporting System
The Financial Intelligence Unit (“FIU”) of An Garda Síochána has acquired a new IT software solution known as ‘GoAML’ which will facilitate the electronic submission of Suspicious Transactions Reports (STRs) to the FIU and will replace the existing paper reports. GoAML is specifically designed by the United Nations Office on Drugs and Crime for use by FIUs throughout the world and will provide numerous benefits to reporting entities, including:
- Secure submission of STRs;
- Electronic receipts for submitted STRs;
- Reduced postage and stationary costs;
- A message board that will allow a reporting entity to communicate directly and securely with the FIU and facilitate the FIU in sharing information on various money laundering and terrorist financing trends and typologies; and
- A feature which allows for reporting entities to maintain statistics on data of interest such as the number of STRs that they have submitted to the FIU.
Central Beneficial Ownership Registers
One of the first visible steps in the domestic transposition of 4MLD was the introduction of the European Union (Anti- Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2016 (the Regulations) in November 2016. The Regulations require that Irish companies and other legal structures maintain details internally of their underlying direct and/or indirect beneficial owners and report these details to a central register which is expected to be operational later this summer. In summary, the concept of beneficial ownership is deliberately and broadly drafted in the regulations to capture any natural person individual who, directly or indirectly, has a greater than 25% ownership or controlling interest in an Irish corporate.
In many cases (for example, where the ultimate ownership of an Irish corporate is diluted amongst multiple individuals) it will not be possible to identify any natural person individual that satisfies this greater that 25% test. In such cases, the Regulations provide that the register should be populated with the senior managing officials of the relevant corporate.
The next 12-18 months will likely be a challenging period for Irish businesses and professionals as they get to grips with the various changes to the current AML/CFT regime and the introduction of 5MLD. Compliance resources are likely to be further stretched by a range of upcoming non- AML/CFT regulatory changes, including the EU General Data Protection Regulation, PSD 2 and MiFID 2. Given that a certain amount of the changes to the AML/CFT regime are still unknown, it is to be hoped that policymakers and regulators will provide industry with sufficient time and space to work through the challenges on a collaborative basis.
How Lysis can help
The Lysis group of companies provides Governance Risk and Compliance (GRC) consulting, AML process execution services and GRC and AML training. In early 2017 we established Lysis Operations (Ireland) Ltd and are building a local delivery capability based in our office at George’s Quay Plaza. We are also able to bring in expertise from our headquarters in London where this is relevant to the local market.
Lysis can assist with:
- Updates to AML policies and procedures to take account of 4MLD/5MLD based on our experience of implementing 4MLD in London.
- KYC refresh and remediation either on client site or from our AML Operations Centres.
- New client on-boarding.
- Training on the content of 4MLD/5MLD and the local implementations thereof.