Irish Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 Becomes Law

On November 14, 2018, Irish President Michael D. Higgins signed the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 into law.  The new Act, which came into effect (other than section 32) as of November 26, 2018, transposes most provisions of the European Union’s (EU’s) Fourth Money Laundering Directive.  Some of the more significant provisions of the 2018 Act are as follows:

  • Risk Assessment: Section 10 adds a new section 30A to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, to provide that a “designated person” shall carry out a business risk assessment “to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person’s business activities taking into account at least the following risk factors:
    • “(a) the type of customer that the designated person has;
    • “(b) the products and services that the designated person provides;
    • “(c) the countries or geographical areas in which the designated person operates;
    • “(d) the type of transactions that the designated person carries out;
    • “(e) the delivery channels that the designated person uses;
    • “(f) other prescribed additional risk factors.”

Section 30A also requires that senior management approve the business risk assessment, and that the designated person keep the business risk assessment and any related documents up to date.  Failure of the designated person to comply with section 30A’s requirements is an offense punishable by up to five years’ imprisonment.

  • Application of Risk Assessment in Applying Customer Due Diligence: Section 10 also adds a new section 30B to the 2010 Act, to require that a designated person “identify and assess the risk of money laundering and terrorist financing in relation to the customer or transaction concerned, having regard to—
    • “(a) the relevant business risk assessment,
    • “(b) the matters specified in section 30A(2) [of the 2010 Act],
    • “(c) any relevant risk variables, including at least the following:
      • “(i) the purpose of an account or relationship;
      • “(ii) the level of assets to be deposited by a customer or the size of transactions undertaken;
    • “(iii) the regularity of transactions or duration of the business relationship;
    • “(iv) any additional prescribed risk variable,
    • “(d) the presence of any factor specified in Schedule 3 or prescribed under section 34A [of the 2010 Act] suggesting potentially lower risk,
    • “(e) the presence of any factor specified in Schedule 4, and
    • “(f) any additional prescribed factor suggesting potentially higher risk.”

Failure of a designated person to document a determination under section 30B is an offense punishable by up to five years’ imprisonment.

  • Simplified Customer Due Diligence: Section 13 adds a new section 34A to the 2010 Act, to specify the criteria and process for using simplified customer due diligence for lower-risk transactions and business relationships.
  • Correspondent Relationships: Section 17 substantially revises section 38 of the 2010 Act with regard to the criteria for correspondent relationships with third-country respondent institutions.
  • Enhanced Customer Due Diligence – High-Risk Third Countries: Section 18 adds a new section 38A to the 2010 Act regarding enhanced due diligence regarding customers established or residing in a high-risk third country.
  • Enhanced Customer Due Diligence – Heightened Risk: Section 19 substantially revises section 38 of the 2010 Act regarding enhanced due diligence in cases of heightened risk.
  • State Financial Intelligence Unit: Section 21 adds a new Chapter 3A to the 2010 Act to provide for the establishment of a State Financial Intelligence Unit (FIU) within the Garda Síochána to receive and analyze “suspicious transaction reports and other information relevant to money laundering or terrorist financing for the purpose of preventing, detecting and investigating possible money laundering or terrorist financing.” It authorizes designated members of FIU Ireland to request from any person information held by that person, “for the purposes of preventing, detecting, investigating or combating money laundering or terrorist financing.”  In addition, it authorizes designated members of FIU Ireland to request in writing for any financial, administrative or law enforcement information that FIU Ireland requires in order to carry out its functions, from a designated person, a competent authority, the Irish Revenue Commissioners, and the Minister for Employment Affairs and Social Protection.  Failure of a designated person, without reasonable excuse, to comply with either type of FIU Ireland request is an offense punishable by up to three years’ imprisonment.  Finally, Chapter 3A empowers FIU Ireland to respond to requests from competent authorities and to share information with other FIUs and competent authorities.

Note: Financial institutions doing business in Ireland should already be working to implement the new legislation in their anti-money laundering (AML) policies and operations, and taking note of the Garda  Síochána’s extensive authority to operate an FIU and to demand provision of various types of information.

At the same time, financial institutions should be anticipating additional changes in Irish AML law.  On January 3, Minister for Justice and Equality Charlie Flanagan received the Irish Cabinet’s approval of the proposed Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2019, which would transpose the EU’s Fifth Money Laundering Directive and enhance current anti-money laundering legislation.  According to the Irish Department of Justice and Equality, the bill includes the following provisions:

  • “[P]revent risks associated with the use of virtual currencies for terrorist financing and limiting the use of pre-paid cards;
  • “[I]mprove the safeguards for financial transactions to and from high-risk third countries;
  • “[B]roaden the scope of designated bodies under the existing legislation;
  • “[E]nhance the customer due diligence (CDD) requirements of the existing legislation;
  • “[P]revent credit and financial institutions from creating anonymous safe-deposit boxes;
  • “[I]nclude a number of technical amendments to other provisions of the Acts already in force.”

In addition, the bill allows for provisions which are not required by the Fifth Directive but will support the Criminal Assets Bureau and the Garda Síochána with regard to their power to access bank records and the administration of their functions in respect of AML.  Finally, according to the Department of Justice, the Department of Finance is also engaged in giving effect to certain provisions of the Fifth Directive, such as “facilitating increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers” and “ensuring the creation of, and access to, centralised national bank and payment account registers or central data retrieval.”

BaFin Issues Money Laundering Act Guidance for German Financial Institutions

On December 11, 2018, the German Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin, or Federal Financial Supervisory Authority) announced that it had issued interpretations and application notes pursuant to Section 51(8) of the Geldwäschegesetz (GwG, or Money Laundering Act).  That subsection of the GwG provides in pertinent part (in unofficial translation) that BaFin shall provide the obliged (covered) entities “with regularly updated interpretative and application instructions for the implementation of due diligence and internal safeguards in accordance with the legal provisions on the prevention of money laundering and terrorist financing.”

The new guidance, downloadable here, applies to all obliged entities under BaFin’s money laundering supervision.  As BaFin  notes, those entities include “not just credit institutions, financial services institutions and payment institutions, but also life insurance undertakings, German asset management companies (Kapitalverwaltungsgesellschaften) and persons and companies that sell or convert e-money.” They also include lawyers conducting certain defined kinds of transactions for their clients, auditors, and chartered accountants.

The new guidance, according to the BaFin press release,

give concrete advice on the legal regulations that are to support the obliged entities in the implementation of their obligations.

The instructions serve to properly implement customer due diligence and internal safeguards and follow a risk-based approach. In particular, legal innovations in the interpretative guidance are explained. Thus, for example, the concept of the fictitious beneficial owner is explained concretely.  In addition, the obligations in connection with the identification of the apparent person are clarified. (Unofficial translation)

Finally, the interpretative guidance addresses developments in the market and regulations.

German financial institutions – and the lawyers who advise them or provide services that come within the scope of the GwG –should therefore pay close attention to the newly issued guidance, and determine whether the guidance warrants changes in their Anti-Money Laundering programs or internal controls.  The full text of the guidance document is 86 pages, so institutions should review it with care to identify specific points on which BaFin has provided guidance for the first time or which may raise complex legal or compliance issues.

United Kingdom Government Announces New Economic Crime Strategic Board

On January 14, the United Kingdom Government announced that Home Secretary Sajid Javid and Chancellor of the Exchequer Philip Hammond would jointly chair the Economic Crime Strategic Board, a new government taskforce that “will work with senior figures from the UK financial sector to tackle economic crime.”  The Board, which is scheduled to meet twice a year, is to “set priorities, direct resources and scrutinise performance against the economic crime threat, which is set out in the Serious and Organised Crime (SOC) Strategy.”

Members of the Board include Chief Executive Officers and chief executives from three leading banking institutions (Barclays, Lloyds, and Santander), and senior representatives from UK Finance, the National Crime Agency (NCA), and the Solicitors Regulation Authority, Accountants Affinity Group, and National Association of Estate Agents.

Note: The formation of the Board should be taken as a salutary development by financial-sector firms and other service sectors.  The United Kingdom Government’s SOC Strategy, issued in November 2018, contains four key objectives, on each of which financial-sector expertise and data can be particularly beneficial.

First, Objective 1 calls for “[r]elentless disruption and targeted action against the highest harm serious and organised criminals and networks.”  One of the key points of this objective is to “put data and intelligence at the heart of our law enforcement approach.”  On that point, the financial sector can assist not only by timely filing Suspicious Activity Reports (SARs), but by providing the Government with timely and meaningful guidance when the Government embarks on SARs reform, as promised in the SOC Strategy.  The Government’s statement about the Board noted that the Home Office, with the private sector, law enforcement, and regulators, is already “is co-designing a new [SARs] system which is more efficient and effective, and which will benefit business and the public sector.”  It also reported that at the Board’s meeting, the Home Secretary would confirm that the Home Office will commit £3.5 million in 2019/20 to support work on SARs reform.

Second, Objective 2 calls for “[b]uilding the highest levels of defence and resilience in vulnerable people, communities, businesses and systems.” Under this objective, the Government stated that

we will develop technical online solutions to strengthen our systems and better integrate our response with the private sector to ‘design out’ crime. Building on work to date, we will also look to expand global partnerships with industry and like-minded countries. We will improve regulatory frameworks and make sure businesses and public sector bodies have the advice they need to better protect their organisations.

On both of these points, the private sector, including the financial and information-technology sectors, should be prepared to provide timely guidance on how best to conduct “target hardening” of key networks and technologies, and to expand the exchange of information through public- and private-sector organizations in other countries.  Although the Government’s statement that it will ensure companies and agencies “have the advice they need” is well-intentioned, the Government itself should welcome receiving advice from the private sector, which will likely have more current experience and greater expertise regarding key online threats.

Third, Objective 3 calls for “[s]topping the problem at source, identifying and supporting those at risk of engaging in criminality.”  Under this objective, the Government stated that

[i]mproving our understanding of offending pathways for professional enablers is a key priority due to their critical role in enabling the illicit finance which underpins serious and organised crime and allows serious and organised criminals to hide their profits and diversify their criminal activity. The Home Office will undertake work with HM Treasury to better understand the pathways for professional enablers with the aim of developing interventions for those at risk.”

On this point, the Government and the financial sector should share data and collaborate in setting expectations about the extent to which intervention can be effective at disrupting money-laundering professionals and organizations.  It is one thing to target young people for intervention to discourage them from involvement in drug trafficking, cybercrime, or child sexual exploitation and abuse – three of the Government’s stated intervention priorities.  Professional enablers, on the other hand, come from a  variety of disciplines and expertise that young people are not likely to have, which makes the Government’s strategy of intervention more challenging.

Finally, Objective 4 calls for “[e]stablishing a single, whole-system approach.”  This objective appears to be the one on which the Government will count most heavily for financial-sector support.  Recognizing that “[c]urrently there is no dedicated serious and organised crime funding stream,” the SOC Strategy indicated that the Government intends not only to “explore a new funding model that is able to commit investment over multiple years,” but also to “look to the private sector to invest jointly in developing new capabilities, notably in those areas of the commercial and financial sectors that are particularly affected by economic crime.”

On this latter point, private-sector representatives should explore with Government representatives whether private-sector companies’ participation in such development will be taken favorably into account when Government agencies such as the NCA or Financial Conduct Authority are reviewing companies’ compliance programs.  As a point of comparison, in 2018 the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and federal bank supervisory agencies  issued joint statements encouraging bank and credit unions to collaborate in sharing Bank Secrecy Act (BSA) resources, and to take innovative approaches to combating money laundering, terrorist financing, and other illicit financial threats.  The latter statement included assurances such as “innovative pilot programs in and of themselves should not subject banks to supervisory criticism, even if the pilot programs ultimately prove unsuccessful” and pilot programs that expose gaps in a [Bank Secrecy Act/Anti-Money Laundering] compliance program will not necessarily result in supervisory action with respect to that program.”

Similar assurances from the Government may be necessary to encourage financial firms to invest in development of new SOC capabilities.  Such assurances, coupled with indications that the Government is taking private-sector input via the Board seriously, may augur well for future public-private partnerships to combat serious and organized crime.

European Central Bank Intervenes in Banca Carige

On January 2, the European Central Bank (ECB) took control of the governance of the troubled Italian bank Banca Carige SpA, after a majority of Carige’s directors resigned that day.  The ECB’s announcement of its action stated that it had appointed three temporary administrators and a three-member surveillance committee to take charge of the bank and replace the bank’s Board of Directors.  In a written statement, the ECB explained that the board members’ en masse resignation

made the installation of temporary administration necessary to steer the bank in order to stabilise its governance and pursue effective solutions for ensuring sustainable stability and compliance. . . . The decision to impose temporary administration is an early intervention measure aimed at ensuring continuity and pursuing the objectives of a strategic plan. The appointment of the temporary administration results in the removal of Banca Carige’s management and control bodies.

Only ten days earlier, on December 21, 2018, the ECB reportedly had given Carige until the end of December “to durably meet its capital requirements, urging the lender to complete the capital strengthening and actively seek a merger partner, while continuing to shed bad debts and other non-core assets.”  The next day, however, the Genoa-based bank’s leading shareholder, Malacalza Investimenti, the holding company of wealthy Genoese businessman Vittorio Malacalza, blocked approval of a crucial cash call at Carige.  Malacalza Investimenti’s stated reason for its decision was that it wanted more details on Carige’s new business plan and merger options before backing a new infusion of capital.  As a result, Carige’s Deputy Chairman and a board member resigned at a board meeting after Malacalza’s decision.

Although Carige, like other Italian banks, had floundered in the wake of the 2008 financial crisis, its restructuring reportedly did not keep pace with that of other Italian banks.  Between 2014 and 2017, thanks to governance issues and persistent problems in the Genoese local economy, the Genoa-based bank lost €1.3 billion euros in large measure because of bad loans, and had to raise € 2.2 billion in three successive cash calls.

In June 2018, Carige had presented a capital-conservation plan to the ECB, but the ECB had rejected that plan, requesting a new plan by November 30, 2018 and insisting that its capital requirements be met by the end of 2018.   Subsequently, continuing governance challenges and management clashes did nothing to stabilize Carige’s situation.  By the end of 2018, after Malacalza Investimenti’s refusal of the cash call,  Carige reportedly lost 83 percent of its market value.

Note: The ECB’s takeover of Carige is significant in two respects.  First, it establishes an important regulatory precedent, as the first time that the ECB has taken control of and appointed new administrators for a commercial bank since it acquired enhanced supervisory powers in 2014.  The precedent is not without controversy.  A member of the European Parliament, Sven Giegold, a member of the European Parliament (EP) reportedly “called for an investigation of whether earlier attempts to rescue Banca Carige violated European Union rules on state aid.”  Giegold, a member of the EP Greens/European Free Alliance Group, stated “that other Italian banks last year were strong-armed into providing Banca Carige with fresh capital, which proved to be inadequate.”

Second, while Carige is of moderate size compared to ltaly’s leading banks, the ECB’s challenge in steering the bank to stability is made disproportionately greater by the turbulence of Italian politics.  Even though Malacalza, immediately after the ECB takeover, indicated support for a recapitalization of Carige, the ECB is first faced with determining whether a suitable buyer for Carige can be found.  Even if one is found, the ECB must still contend with Carige’s substantial indebtedness.  As South EU Summit noted,

[s]hould the bank’s situation worsen, the Central Bank would be obligated to make shareholders and creditors bear a portion of the losses, as per EU rules. Even if a buyer for the bank is found, this is likely to cause tensions between the EU, and Italy’s right-wing coalition government, which tends to defend the interests of shareholders, who are often middle-class Italians.

How well the ECB does in resolving this financially and politically complex situation may determine whether it becomes a precedent that the ECB can cite to justify future supervision of troubled financial institutions or a precedent that European populists can cite to challenge European Union regulation.

Polish Authorities Arrest Two Individuals, One a Huawei Employee, on Charges of Spying for China

On January 11, Reuters reported that the Polish Internal Security Agency (ISA) detained and charged two individuals — a Chinese employee of the Polish division of Chinese telecommunications company Huawei and a former Polish security official — on allegations of espionage for China.  An ISA spokesman said that the two men would be held for three months. The Chinese Foreign Ministry reportedly stated that it was “greatly concerned” by the reports, and urged Poland to handle the case “justly.”

The ISA spokesman also said that “the allegations related to individual actions, and were not linked directly to Huawei.” Nonetheless, this report is likely to exacerbate concerns in a number of jurisdictions about Huawei’s compliance with foreign laws and the Chinese government’s ability to exploit Huawei technology to access networks and computers in other countries.

In addition to the December 1 arrest of Huawei’s Chief Financial Officer based on allegations that Huawei has violated sanctions against Iran, the United States and other Western nations have been expressing concerns for some time about the potential for China to exploit Huawei hardware and software in other countries to conduct online espionage.  For example, the United Kingdom National Cyber Security Centre stated that it had concerns “around a range of technical issues” associated with risks in Huawei hardware and software, and required Huawei to accept a number of technical requirements to reduce security concerns.  In addition, similar concerns about Chinese exploitation of Huawei technology have been voiced by various companies and European government officials, including statements by Deutsche Telekom, the Czech Republic’s Prime Minister, a senior European Union official, and the Norwegian Justice Minister.

Accordingly, chief information security officers whose companies are using or plan to use Huawei technology should closely track further developments regarding these reports and promptly evaluate whether additional security measures are necessary to reduce the potential threat of Chinese government exploitation and compromise of corporate data.