On November 14, 2018, Irish President Michael D. Higgins signed the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 into law. The new Act, which came into effect (other than section 32) as of November 26, 2018, transposes most provisions of the European Union’s (EU’s) Fourth Money Laundering Directive. Some of the more significant provisions of the 2018 Act are as follows:
- Risk Assessment: Section 10 adds a new section 30A to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, to provide that a “designated person” shall carry out a business risk assessment “to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person’s business activities taking into account at least the following risk factors:
- “(a) the type of customer that the designated person has;
- “(b) the products and services that the designated person provides;
- “(c) the countries or geographical areas in which the designated person operates;
- “(d) the type of transactions that the designated person carries out;
- “(e) the delivery channels that the designated person uses;
- “(f) other prescribed additional risk factors.”
Section 30A also requires that senior management approve the business risk assessment, and that the designated person keep the business risk assessment and any related documents up to date. Failure of the designated person to comply with section 30A’s requirements is an offense punishable by up to five years’ imprisonment.
- Application of Risk Assessment in Applying Customer Due Diligence: Section 10 also adds a new section 30B to the 2010 Act, to require that a designated person “identify and assess the risk of money laundering and terrorist financing in relation to the customer or transaction concerned, having regard to—
- “(a) the relevant business risk assessment,
- “(b) the matters specified in section 30A(2) [of the 2010 Act],
- “(c) any relevant risk variables, including at least the following:
- “(i) the purpose of an account or relationship;
- “(ii) the level of assets to be deposited by a customer or the size of transactions undertaken;
- “(iii) the regularity of transactions or duration of the business relationship;
- “(iv) any additional prescribed risk variable,
- “(d) the presence of any factor specified in Schedule 3 or prescribed under section 34A [of the 2010 Act] suggesting potentially lower risk,
- “(e) the presence of any factor specified in Schedule 4, and
- “(f) any additional prescribed factor suggesting potentially higher risk.”
Failure of a designated person to document a determination under section 30B is an offense punishable by up to five years’ imprisonment.
- Simplified Customer Due Diligence: Section 13 adds a new section 34A to the 2010 Act, to specify the criteria and process for using simplified customer due diligence for lower-risk transactions and business relationships.
- Correspondent Relationships: Section 17 substantially revises section 38 of the 2010 Act with regard to the criteria for correspondent relationships with third-country respondent institutions.
- Enhanced Customer Due Diligence – High-Risk Third Countries: Section 18 adds a new section 38A to the 2010 Act regarding enhanced due diligence regarding customers established or residing in a high-risk third country.
- Enhanced Customer Due Diligence – Heightened Risk: Section 19 substantially revises section 38 of the 2010 Act regarding enhanced due diligence in cases of heightened risk.
- State Financial Intelligence Unit: Section 21 adds a new Chapter 3A to the 2010 Act to provide for the establishment of a State Financial Intelligence Unit (FIU) within the Garda Síochána to receive and analyze “suspicious transaction reports and other information relevant to money laundering or terrorist financing for the purpose of preventing, detecting and investigating possible money laundering or terrorist financing.” It authorizes designated members of FIU Ireland to request from any person information held by that person, “for the purposes of preventing, detecting, investigating or combating money laundering or terrorist financing.” In addition, it authorizes designated members of FIU Ireland to request in writing for any financial, administrative or law enforcement information that FIU Ireland requires in order to carry out its functions, from a designated person, a competent authority, the Irish Revenue Commissioners, and the Minister for Employment Affairs and Social Protection. Failure of a designated person, without reasonable excuse, to comply with either type of FIU Ireland request is an offense punishable by up to three years’ imprisonment. Finally, Chapter 3A empowers FIU Ireland to respond to requests from competent authorities and to share information with other FIUs and competent authorities.
Note: Financial institutions doing business in Ireland should already be working to implement the new legislation in their anti-money laundering (AML) policies and operations, and taking note of the Garda Síochána’s extensive authority to operate an FIU and to demand provision of various types of information.
At the same time, financial institutions should be anticipating additional changes in Irish AML law. On January 3, Minister for Justice and Equality Charlie Flanagan received the Irish Cabinet’s approval of the proposed Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2019, which would transpose the EU’s Fifth Money Laundering Directive and enhance current anti-money laundering legislation. According to the Irish Department of Justice and Equality, the bill includes the following provisions:
- “[P]revent risks associated with the use of virtual currencies for terrorist financing and limiting the use of pre-paid cards;
- “[I]mprove the safeguards for financial transactions to and from high-risk third countries;
- “[B]roaden the scope of designated bodies under the existing legislation;
- “[E]nhance the customer due diligence (CDD) requirements of the existing legislation;
- “[P]revent credit and financial institutions from creating anonymous safe-deposit boxes;
- “[I]nclude a number of technical amendments to other provisions of the Acts already in force.”
In addition, the bill allows for provisions which are not required by the Fifth Directive but will support the Criminal Assets Bureau and the Garda Síochána with regard to their power to access bank records and the administration of their functions in respect of AML. Finally, according to the Department of Justice, the Department of Finance is also engaged in giving effect to certain provisions of the Fifth Directive, such as “facilitating increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers” and “ensuring the creation of, and access to, centralised national bank and payment account registers or central data retrieval.”