Out-Law News 2 min. read
20 Sep 2019, 1:43 pm
The guidance (73-page / 1.3MB) reflects the new requirements for enhanced customer due diligence of domestic politically exposed persons (PEPs) and their families and close associates, introduced by the 2018 Criminal Justice Act. PEPs resident outside of Ireland were already subject to enhanced due diligence requirements.
Speaking at the launch Derville Rowland, the CBI's director general of financial conduct, said that firms should adopt a risk-based approach to fulfilling their obligations, and should also keep their controls, policies and procedures under regular review.
"Effective regulation in this area strengthens the integrity of the financial sector and contributes to the safety and security of citizens by preventing drug dealers, and those engaged in human trafficking, terrorist attacks and organised crime, from using the financial system to support these activities," she said.
"Financial institutions must know their customers, understand their customer profiles, monitor the way accounts are used and make reports of suspicions to An Garda Síochána, and the Revenue Commissioners where appropriate," she said.
The new guidance sets out the CBI's expectations of credit and financial institutions in relation to their AML and CFT obligations. In Ireland, these are set out in the 2010 Criminal Justice (Money Laundering and Terrorist Financing) Act, which was amended in 2018 to transpose the requirements of the EU's fourth Anti-Money Laundering Directive (4AMLD) into Irish law. The guidelines also consolidate and update previous CBI publications on AML and CFT, and the relevant European Supervisory Authority guidelines.
The document contains guidance on risk management, carrying out customer due diligence, governance, suspicious transaction reporting, training, record keeping and international financial sanctions. The guidance is not intended to be exhaustive or to override legal or regulatory requirements, and does not set limitation on the steps that firms should take to meet their statutory obligations.
Firms are advised to take a "risk-based" approach to their obligations, which may require them to take more stringent measures in respect of higher-risk customers. However, they may not take a "zero tolerance" approach, for example wholesale termination of business relationships with entire categories of customers without an individual assessment of their risk, bearing in mind the importance of financial inclusion.
Business risk assessment should consist of two "distinct, but related" steps: identifying the risks of money laundering and terrorist financing relevant to the firm's business; then an assessment of the risks identified in order to understand how to mitigate those risks. As a minimum, firms should consider their customers, products and services, types of transactions carried out, countries or geographic areas served and delivery channels when conducting the business risk assessment.
Firms should use the result of the business risk assessment to inform their risk-based approach to the identification and verification of individual customers, and the level and extent of due diligence appropriate to that customer. Firms should consider the risk factors associated with each customer's, or their beneficial owner's, business; including any political exposure, or links to sectors "commonly associated with higher corruption list" including construction, pharmaceuticals and healthcare, arms trade and defence, extractive industries, public procurement or "sectors that involve significant amounts of cash".
The guidance also warns firms to be aware of whether customers hold additional "prominent positions" or "enjoy a high public profile that might enable them to abuse this position for private gain". Examples given include senior local or regional public officials with influence over the award of public contracts, decision-making members of high-profile sporting bodies and individuals "known to influence the government and other senior decisionmakers".