As of the 27th November 2012, the AML/CFT unit of the Central Bank have conducted 75 inspections touching all regulated sectors. The unit undertook a combination of on-site visits and desktop reviews. The thematic inspections revealed “significantly lower level of compliance than was expected”. The main concern of the Central bank was that certain control failures were repeatedly identified among regulated institutions.
Key areas of Weakness
The key areas of weakness that were found were as follows:
• Board engagement on effectiveness of AML policies and procedures in the firm;
• Alignment of business models to achieve compliance
• Use of risk assessment and risk mitigants (controls in place to ensure compliance)
• Demonstrating compliance to the Central Bank including record retention
Key findings
Following the inspections the Central bank issued their key findings in the following areas:
• Governance
• Risk Assessment
• Policies and Procedures
• Training
• Customer Due Diligence
• Suspicious Transaction Reporting
These Key findings will now be analysed
Governance
The key point here is that governance comes from the top. Board and senior management must ensure on-going oversight of compliance with AML/CFT obligations. Firstly they should review and approve all AML/CFT policies and procedures and receive regular updates and reports on testing and compliance with obligations.
The Central Bank found that boards and senior management in regulated sectors were unable to demonstrate that:
• The implications of the 2010 Act on their business had been considered and business models aligned accordingly to ensure compliance
• They had appropriately prepared for commencement of the 2010 Act and allocated necessary resources • They had an appropriate governance framework to ensure on-going oversight of compliance by the firm with the 2010 Act
• They had awareness of potentially serious implications for the firm for failure to comply with the 2010 Act
Risk Assessment
The Central Bank noted many instances where firms had not prepared a risk assessment or had used a generic risk assessment. They were quite clear that generic policies and procedures were not sufficient. They have even used the example of a life insurance company using a credit institutions’ AML policies and procedures. In instances where firms had adopted a risk based approach to AML compliance, the Central Bank found that firms:
• Had not evaluated ML/TF risks pertinent to their business sector;
• Had not adopted appropriate risk mitigant plans to mitigate risks;
• Could not demonstrate to the Central Bank of Ireland
o How the firm evaluated the risk
o Risks pertinent to their sector
o Mitigating measures taken to reduce risks where they claimed to have done so
Policies and Procedures
The Central Bank of Ireland found that in many firms that there were material gaps in AML/CFT policies and procedures to prevent and detect ML/TF including incidences where firms had not implemented policies and procedures in practice.
They outlined that, at a minimum, policies and procedures must:
• Cover all areas of business activity;
• Address all aspects of compliance with Part 4 of the 2010 Act;
• Be appropriate to ML/TF risks associated with the nature of the firm’s business;
• Be clearly set out to enable staff to apply them in practice.
Training
The Central Bank of Ireland found that in many instances there were material gaps in the provision of AML/CFT training to all relevant staff in firms. All members of staff must receive instruction on the law and on-going training relating to AML/CFT. The Central Bank have stated that this must be done on an annual basis.
This annual training includes board members and senior management.
Staff training on the law is an obligation under the 2010 Act and is deemed essential in ensuring that senior management and board members are in a position to oversee compliance with the 2010 Act.
Customer due diligence (CDD)
The Central Bank pointed out that CDD obligations apply to new and existing customers and that firms were not verifying the identity of their customers in compliance with the 2010 Act. This must be done prior to the establishment of a business relationship or the provision of a service or where permitted as soon as practicable thereafter.
Where there were issues with CDD on existing customers, it was found that CDD remediation work was not being carried out in a systematic or comprehensive manner. The Central Bank stated that a trigger based approach to completion of CDD on existing customers may be acceptable for lower risk customers. An example of this is where customers seek new products or services.
However, while a trigger based approach may be acceptable, firms are expected to be able to demonstrate measures taken to verify identity were reasonable, risk-based and consistent. In particular, firms should be cognisant of the following:
• Carry out risk-based approach to review approach to CDD documentation
• Who are your high risk customers?
• Review those files to ensure CDD is adequate
• Trigger-based approach for low risk customers.
The other area of CDD that may need to be reviewed is where doubts arise as to the adequacy of previously obtained documentation. If there are reasonable doubts, then a remediation exercise needs to be undertaken.
The main maxim to take from this is ‘If it is not in writing, it does not exist’. You need to be able to demonstrate all of the above to the Central Bank of Ireland.
The following incidences were found in numerous institutions:
• Customers had failed to provide the firm with document/info required to complete CDD and the firm had failed to take the necessary measures as set out in the Act.
• Firms had applied simplified CDD to customers that did not meet the definition of a specified customer
• Firms had entered into arrangements with relevant third parties in circumstances where the requirements of the 2010 Act had not been met.
Suspicious Transaction Reporting
One of the major issues that the Central Bank of Ireland found was that Suspicious Transaction Reports not being made as soon as practicable after firms had formed a suspicion or acquired reasonable grounds to suspect that a person had been or was engaged in an offence of ML/TF. Once a firm has a reasonable suspicion that a transaction or activity is suspicious, and an appropriate investigation of the matter has been concluded, they should report this activity or transaction to the Garda Síochana and the Revenue Commissioners before continuing with the transaction.
The Central Bank of Ireland is specified in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as the State competent authority for credit and financial institutions. The Bank, pursuant section 63 of the Act, is responsible for effectively monitoring credit and financial institutions’ compliance with their obligations.
The Central Bank have informed credit and financial institutions that:
• They must achieve compliance with their obligations under the Act.
• The Central bank of Ireland will conduct a range of on-site inspections across the financial sector to “effectively monitor” compliance and effective implementation by credit and financial institutions with regard to their obligations under the Act.
• As part of the inspection process, emphasis will be placed on compliance with section 54(2) (a) of the Act with regard to the adoption and implementation of policies and procedures for the assessment and management of risks of money laundering and terrorist financing. The Bank expects that policies and procedures will be up-to-date and available for inspection, and that senior management (including boards of directors) can demonstrate full awareness of their responsibilities.
• The Central bank of Ireland will, as provided in section 63 of the Act, “take measures that are reasonably necessary for the purpose of securing compliance.” Administrative sanctions are available to the Bank to achieve this statutory objective.
To go to the AML section on the Central Bank’s website click here
On 31 January 2013, the Department of Finance published the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2013 (“the Bill”) proposing changes to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (“the Act”). The primary purpose of the Bill is to align certain provisions of the 2010 Act more closely with international standards and to amend certain provisions to reflect operational requirements.
Proposed Amendments
The proposed Amendments to the Act are as follows:
The definition of an “occasional transaction” is to be amended so that wire transfers of funds of €1,000 or more are included in the acts. Customer Due Diligence (CDD) measures will also apply to beneficial owners of such funds.
The identification threshold for Private Members Gaming Clubs is to be reduced from €15,000 to €2,000. This will apply to the amount of money paid to the gaming club by the customer or paid to the customer by the gaming club.
Section 34 of the Act which provides for Simplified CDD in the case of a specified customer or specified product is to be amended to set out that it applies where the designated person is satisfied that the customer or product is a specified customer or product ‘having taken such measures as are necessary’ to establish that they are. A designated person will be required to take the necessary measures to establish and satisfy itself that a customer or product is a specified customer or product.
Section 37 is to be amended to set out that enhanced CDD measures are to be applied not only to existing Politically Exposed Persons (PEPs) but to existing customers that subsequently become PEPs. This will include those who become immediate family members or close associates of PEPs. Enhanced on-going monitoring must also be applied to business relationships with PEPs. It will also be made clear that senior management approval must be obtained before a business relationship is continued with an existing customer who becomes PEP. The Bill emphasises that the designated person shall determine source of funds and wealth for transactions with customers that are PEPs or for services sought by PEPs. This would also include any occasional transactions.
Section 39 is to be amended to include a mandatory requirement to apply additional CDD measures where the designated person has reasonable grounds to believe that there is a higher risk of ML or TF. Currently the 2010 Act states that a designated person ‘may apply’ additional CDD measures if there is a higher risk. This amendment is in line with international standards.
Section 54 is to be amended to specifically include requirements for the following in a designated person’s policies and procedures:
• Measures to be taken to keep documents and information obtained for due diligence purposes up to date
• Additional measures to be taken where there is a higher risk of M or TF in respect of a customer, beneficial owner, service, product or transaction
• Measures to be taken to prevent risk of ML or TF which may arise from technological developments (future proofing procedures) including:
o Use of new products and new practices and ways in which services relating to such developments are delivered
o New ways of harvesting CDD documentation
Section 71 is to be amended to enable the State Competent Authority (Central Bank or Department of Justice) to give positive directions to do something as well as negative directions. This may include issuing written directions to a designated person to take specific actions or establish specific processes or procedures the State Competent Authority considers reasonable necessary to comply with the Act. Failure to comply with these directions may be considered by the courts to be an aggravating factor in determining sentencing for an offence.
For a copy of the Bill click here
What is Money Laundering?
A person commits an (money laundering) offence if—
(a) person engages in any of the following acts in relation to property that is the proceeds of criminal conduct:
(i) concealing or disguising the true nature, source, location, disposition, movement or ownership of the property, or any rights relating to the property;
(ii) converting, transferring, handling, acquiring, possessing or using the property;
(iii) removing the property from, or bringing the property into the State, and
(b) the person knows or believes (or is reckless as to whether or not) the property is the proceeds of criminal conduct.
It has become a society wide problem and while there is no concrete evidence as to how much it is costing the IMF as well as FATF estimate that 2-5% of Global GDP emanates from the black economy or involves laundered money.
Applying the 2-5% rule of thumb to Ireland, money laundering in:
Credit Institutions: up to €8.4bn (5% of €167,235,000,000 of Irish Private Sector deposits: May 2012)
Mutual Funds: up to €101bn (5% of €2.0 trillion of funds administered in Ireland – IFIA statistics July 2012)
Insurance: up to €2.0bn (5% of €40.2bn under-written in 2009 – Financial Regulator statistics)
Credit Unions: up to €695m (5% of €13.9bn – ILCU 2010 Financial Year review)
Stages in Money Laundering
Money Laundering has three distinct phases:
PLACEMENT:
Stage where criminally obtained money is first put into the financial system (e.g. credit entry on a bank account.)
LAYERING:
The movement of the money through a series of transactions with no real economic purpose, in order to make it more difficult to prove the criminal origin of the funds and disguise ownership.
INTEGRATION:
Taking the money out of the financial system for genuine economic use
What is Terrorist Financing?
There are two specific types of Terrorist Financing:
• Type 1: Obtaining, collecting or disguising funds for terrorist movements
• Type 2: Obtaining or collecting funds for specific terrorist attacks.
There is little difference between terrorists and money launderers in their use of the financial system. Terrorist groups build and maintain financial infrastructures to support their activities and seek different sources of funding including donations from charities sympathetic to their cause, engaging in criminal activities, voluntary payments from expats, extorted money from expats, legitimate business activities carried out by front companies sympathetic to the cause.
The 2 key differences of Terrorist Finances are:
Sums that fund terrorist attacks are not always large and the associated transactions are not necessarily complex
Terrorists can be funded from legitimately obtained income ( E.g. charitable donations) .it is difficult to identify the stage at which legitimate funds become terrorist property
On the 5th of February 2013 the EU Commission adopted proposals for the 4th EU AML Directive. These proposals will be sent forward for negotiation and adoption. It is expected that the proposals will be debated at a public hearing on 15th March 213. Once the text has been finalised and adopted at a European level, the Directive must be transposed into national legislation within a period of two years.
Purpose
The purpose of the Directive is to improve clarity and consistency of rules across all Member States. The proposed changes are now outlined:
• PEPs – PEPs will be extended to include domestic PEPs, including their families and close associates.
• Simplified CDD- Designated persons must justify the application of Simplified CDD on a number of factors. It will no longer be merely ticking a box that they are a specified customer or a specified product.
• Beneficial Owners: Legal requirement that all body corporates and legal entities must hold adequate, accurate and current information on their beneficial ownership. They will be required to allow access to this information by designated persons.
• Extend the scope of AML legislation to cover the entire Gambling sector . Also proposed to create a new predicate offence for tax crimes.
• Designated person must undertake documented risk assessments and that these must be current and up to date.
• New rules to clarify that branches and subsidiaries situated in other Member States must also comply with host state rules.
• EBA, EIOPA and ESM will also provide an opinion of the risks of their sector. This will enable entities to conduct appropriate and relevant risk assessments.
• Amend the current Country of Equivalence regime. The existing regime was critiscised by FATF as providing automatic exemption from certain requirements without being founded on basis of risk.
• It also aims to strengthen the cooperation between the different national Financial Intelligence Units (FIUs) whose tasks are to receive, analyse and disseminate to competent authorities reports about suspicions of money laundering or terrorist financing.
For a copy of the 4th EU AML proposals click here