Annual-AML.CTF-template-presentation-2019.pptx

ANNUAL ANTI-MONEY LAUNDERING & TERRORIST
FINANCING TRAINING
JUNE 2019

Important
 Members should note this is a template presentation and must be
personalised by the firm to reflect their own policies and
procedures.

Legislation
• The Irish AML/CTF legislative framework is set out in the Criminal Justice
(Money Laundering and Terrorist Financing) Act 2010. This framework was
updated with the transposition of the 4th EU AML Directive into Irish Law in
2018 pursuant to the Criminal Justice (Money Laundering and Terrorist
Financing) (Amendment) Act 2018.
• The key amendments in the 2018 Act include:
 Introduction of Business Risk Assessments
 Simplified and Enhanced Due diligence changes
 Internal Policies and procedure
 Enforcement

What is Anti-Money Laundering & Terrorist financing?
It is the process by which criminals conceal the true origin and ownership
of the proceeds of drug trafficking or other criminal activity.
A common misconception in relation to Money Laundering is that it only
relates to theft, drug or similar offences.
It might also be:
Tax evasion
Financial fraud and deception
Theft

To be guilty of money laundering a person must know or believe the
property involved is or probably is the proceeds of criminal conduct or be
reckless as to whether the property is the proceeds of criminal conduct.
Terrorist Financing
Funds intended to finance an act of terrorism.
Links between terrorist groups and organised criminal gangs.
Includes converting, transferring, handling, acquiring, possessing or
using the property that is the proceeds of criminal conduct.
There must be intention or knowledge in providing or collecting funds for
the purposes of financing terrorism, in order for there to be an offence.
5

Stages of Money Laundering
There are three stages in the money laundering process:
Placement – this is the physical disposal of cash;
Layering – the creation of complex layers which make tracking
transactions difficult;
Integration – absorbing the money back into the economy as legitimate
money.
6

Designated Persons
Mortgage Intermediaries and intermediaries by virtue of their registration
as Insurance Intermediaries who provide Life Assurance or other
investment related services are deemed to be “Designated Persons”.
Note: Intermediaries only operating in the General Insurance market do
not fall under the CDD requirements. However they are expected to be
mindful of other legislation that would apply such as Financial Sanctions
and to have controls and procedures in place to detect and prevent
financial crime, and as a result, to report suspicious transactions. Staff
would need to be trained in this regard. (See Appendix 6 in Brokers Ireland
AML Guidance notes for further information)
7

Designated Persons must have internal policies and procedures to reflect
the requirements of the legislation in relation to the following areas:
Customer due diligence
Reporting
Record keeping
Internal procedures & training
(All staff including executive & non-executive directors are required to
receive annual training in relation to AML & combating terrorist
financing.)
8

What does Customer Due Diligence mean?
• Identify & verify the customer.
• Identify & verify the beneficial owner (An individual who ultimately
owns or controls the customer and/or on whose behalf a transaction
or activity is conducted).
• Establish purpose & intended nature of business relationship (a
business, professional or commercial relationship between the
designated person and the customer that the designated person
expects to be ongoing).
• Monitor customer dealings on an on-going basis.

Beneficial Owner
• Company
An Individual holding 25% or more of shares or voting rights.
• Partnership
An Individual holding 25% or more of profits or capital or voting rights,
• Trusts
An individual who is entitled to a vested interest in the trust property may be
considered a beneficial owner. Additionally, settlors, trustees and protectors of a trust
may now also be considered beneficial owners. The threshold of 25% ownership no
longer applies.
• Estate
Executor.

Purpose & intended nature of the business relationship
In most cases this will be self evident e.g.
 Investing in a life policy
 Opening bank account
Ongoing monitoring
Scrutinise transactions:
 Source of wealth or funds
 Consistent with knowledge of customer and the customer’s business
and pattern of transactions

Customer Due Diligence Requirements
Legislation allows designated persons to apply aspects of the customer
due diligence requirements on a risk-sensitive basis depending on:
a) The nature of the product being sold;
b)The delivery mechanism or distribution channel used to sell the
product;
c) The profile of the customer; and
d) The customer’s geographical location and source of funds.

Intermediaries are required to carry out Customer Due Diligence
• Prior to establishing a business relationship with the customer.
• Prior to carrying out for/with the customer any transaction which appears
linked to another transaction or prior to assisting the customer in carrying
out a single transaction if:
(i) You do not have a business relationship with the customer; and
(ii) The total amount of money paid by the customer in the single
transaction or series of transactions is greater than €10,000.

Intermediaries are required to carry out Customer Due Diligence
(contd.)
• Prior to carrying out any service for the customer, if you have reasonable grounds
to believe that there is a real risk that the customer is involved in money
laundering/terrorist financing(ML/TF).
• If you have grounds to doubt the veracity of documents provided by the client.
• At any time, including situations where the relevant circumstances of a customer
have changed, where the risk of money laundering/terrorist financing warrants its
application.
• A client risk assessment form is recommended to be completed to assess the risk
per transaction – See Appendix 3 BI Guidance notes

Three categories of Customer Due Diligence (CDD)
• Simplified Customer Due Diligence applies where the customer or
business area is considered to be low risk.
• Enhanced Due Diligence now applies to high risk third countries, higher
risk relationship/transactions and resident and non-resident ‘Politically
Exposed Persons’ deemed to be high risk.
• Standard Due Diligence must be applied to all remaining customers and
products.

Simplified Customer Due Diligence
• Designated persons will be allowed to carry out Simplified Customer
Due Diligence where the customer or business area is considered to be
low risk.
•Simplified Customer Due Diligence can only be applied where a
designated person has identified in its business risk assessment, an area
of lower risk into which the relationship or transaction falls, and the
relationship or transaction concerned can reasonably be considered to be
low risk.
• Please see Appendix 4 and Appendix 5 in BI AML Guidance notes for a
list of factors suggesting potentially lower and higher risk.

Simplified Customer Due Diligence contd.
• Where a firm has applied Simplified Customer Due Diligence, it is
required to:
 Retain record of the reasons for its determination and evidence
upon which is was based; and
 Carry out sufficient monitoring of the transactions and business
relationships to enable the firm to detect unusual or suspicious
transactions.

Simplified Customer Due Diligence contd.
Examples of products which may fall into the simplified customer due
diligence category are:
• Protection policies with annual premium of less than €1000
• Pension business (except ARF and AMRF)
Note: Intermediaries must at all times take into account the type of
customer, countries or geographical areas, transactions and delivery
channels and document the rationale for categorising these products as
lower risk for the purposes of applying CDD.

Enhanced Due Diligence (EDD)
• High risk third countries
 A designated person is required to apply enhanced customer
due diligence measures when dealing with a customer
established or residing in a high-risk third country.
 There is an exemption that applies when the customer is a
branch or majority-owned subsidiary of a designated person
established in the European Union which complies with the
group’s group-wide policies and procedures. These cases must
be dealt with using a risk-based approach.

Enhanced Due Diligence
• High risk third countries
 At present there are 16 countries* that have been identified as
'high risk third countries’. These are listed in the table below:
*Please note this list is continuously updated

Enhanced Due Diligence contd.
• Relationship/transaction presents a higher risk
 A designated person is required to apply enhanced customer due
diligence measures where a business relationship or transaction
presents a higher degree of risk.
 This is to be applied where the relationship or transaction
concerned can reasonably be considered, having regard to certain
matters, to be high risk.

• Politically Exposed Persons (PEPs)
 Enhanced Due diligence measures that previously applied only to
PEPs resident outside of Ireland now also apply to PEPs resident in
Ireland. “PEP” is an individual who has been entrusted with
prominent public functions or an immediate family member or a
known close associate of such a person.
 Life Assurance Policies/PEPs
Additional requirements are imposed regarding the identification
of the beneficiaries of life assurance policies and other
investment-related assurance policies

• Life Assurance Policies/PEPs
Specific steps must be taken where the PEP is a beneficiary of a life
assurance policy. If a designated person knows or has reasonable
grounds to believe that a beneficiary of a life assurance or other
investment-related assurance policy or a beneficial owner of the
beneficiary concerned, is a politically exposed person, or an immediate
family member or a close associate of a politically exposed person, it
shall:
a) inform senior management before pay-out of policy proceeds and
b) conduct enhanced scrutiny of the business relationship with the
policyholder

PEP Identification
 Firms should put appropriate policies and procedures in place to
determine:
• If a customer or beneficiary is a PEP at on boarding; or
• If a customer becomes a PEP during the course of the business
relationship with the firm.
• Firms should note that new and existing customers may not initially
meet the definition of a PEP, but may subsequently become one
during the course of a business relationship with the firm.

• Firms should undertake regular and on-going screening of their
customer base and the customers’ beneficial owners (where relevant),
to ensure that they have identified all PEPs. The frequency of PEP
screening should be determined by firms commensurate with their
business wide risk assessment.
• Firms policies and procedures should address how any PEP
relationship identified will be managed by the firm including:
 Application of EDD
 Obtaining Senior Management approval
 Enhanced on-going monitoring

Standard Customer Due Diligence (SCDD)
Applied on a risk based approach
Profile of the customer
Nature of product or service
Distribution channel
Geographical area of operation

Standard Customer Due Diligence
Factors which indicate lower risk
Customer Risk Factors:
a) public companies listed on a stock exchange and subject to
disclosure requirements (either by stock exchange rules or through
law or enforceable means), which impose requirements to ensure
adequate transparency of beneficial ownership;
b) public administrations or enterprises;
c) Customers that are resident in geographical areas of lower risk as
set out in subparagraph (3).

Product, service, transaction or delivery channel risk factors:
a) Life assurance policies for which the premium is low;
b) Insurance policies for pension schemes if there is no early surrender
option and the policy cannot be used as collateral;
c) A pension, superannuation or similar scheme that provides retirement
benefits to employees, where contributions are made by way of
deduction from wages, and the scheme rules do not permit the
assignment of a member’s interest under the scheme;

Product, service, transaction or delivery channel risk factors contd:
(d) financial products or services that provide appropriately defined and
limited services to certain types of customers, so as to increase access for
financial inclusion purposes;
(e) products where the risks of money laundering and terrorist financing
are managed by other factors such as purse limits or transparency of
ownership (e.g. certain types of electronic money).

Geographical risk factors:
(a) EU Member States;
(a) third countries having effective anti-money laundering (AML) or
combating financing of terrorism (CFT) systems;
(b) Third countries identified by credible sources as having a low level of
corruption or other criminal activity;

Geographical risk factors contd:
(a) Third countries which, on the basis of credible sources such as
mutual evaluations, detailed assessment reports or published follow-up
reports, have requirements to combat money laundering and terrorist
financing consistent with the revised Financial Action Task Force (FATF)
recommendations and effectively implement these requirements.”.

Lower risk
There are products due to their inherent features which are unlikely to
be used as a vehicle for money laundering purposes.
The following features would indicate low risk:
•Only pays out on death or diagnosis of terminal illness of policy holder.
•Only pays out on medical evidence and proof is required as to loss of
income.
•No surrender value.
•Small, regular premiums: additional payments by customer not possible.
•Large premiums will normally require medical evidence.
•No investment element.
•Once term of policy is finished no payout and policy ceases.

Generally, for protection products with annual premium of less than
€1000, due diligence requirements are satisfied by the Name, Address
and Date of Birth information collected on the application form in
conjunction with the fact that the payment is made from an account in
the customer’s name (i.e. personal cheques and other payment
instruments drawn on policy owner’s own account such as Direct
Debits/Standing Orders)
If payment is made by bank draft for the products above Brokers Ireland
would recommend that the client is requested to request confirmation
from the bank confirming where the money is coming from and request
completion of the source of funds form. Appendix 7 BI Guidance

Medium Risk
The medium risk level is given to products whose inherent features pose
some risk for the purposes of money laundering or terrorist financing.
These may be products which have a facility for “top up” payments.
Examples:
• Life assurance savings plan
• With premium under €5000
• Investment Bonds with premium under €5000
• Post Retirement pension products: ARF & AMRFs

Medium Risk Due Diligence requirements:
Name, address and date of birth collected on the application form in
conjunction with the fact that the payment is made from an account in the
policy owner’s name (i.e. personal cheques and other payment
instruments drawn on policy owner’s account such as Direct
If payment is not by way of Direct Debit/personal cheque drawn on policy
owners own account, complete source of funds form (Appendix 7 BI
Guidance)
Certified copies of identification and proof of address for policy owner and
third party if applicable.

Factors which indicate higher risk
Customer risk factors:
(a) the business relationship is conducted in unusual circumstances;
(b) customers that are resident in geographical areas of higher risk as set
out in subparagraph (3);
(c) non-resident customers;
(d) legal persons or arrangements that are personal asset-holding vehicles;

Customer risk factors contd:
(e) companies that have nominee shareholders or shares in bearer form;
(f) businesses that are cash intensive;
(g) the ownership structure of the company appears unusual or excessively
complex given the nature of the company’s business.

Product, service, transaction or delivery channel risk factors:
(a) Private banking;
(b) Products or transactions that might favour anonymity;
(c) Non-face-to-face business relationships or transactions;
(d) Payment received from unknown or unassociated third parties;
(e) New products and new business practices, including new delivery
mechanism, and the use of new or developing technologies for both
new and pre-existing products.

Geographical risk factors:
(a) Countries identified by credible sources, such as mutual evaluations,
detailed assessment reports or published follow-up reports, as not
having effective AML/CFT systems;
(b) Countries identified by credible sources as having significant levels
of corruption or other criminal activity;
(c) Countries subject to sanctions, embargos or similar measures issued
by organisations such as, for example, the European Union or the
United Nations;

Geographical risk factors contd:
(d) Countries (or geographical areas) providing funding or support for
terrorist activities, or that have designated terrorist organisations
operating within their country.

Higher risk
 These products have the facility for third party and/or “top up”
payments and therefore an enhanced level of due diligence (by
asking for more information) is appropriate. It is to this risk level that
the majority of a designated person’s AML resource will normally be
directed.
 The majority of products in this range are found in the investment
category which reflects the higher value premium that can be paid
into them.

Higher risk Due Diligence Requirements:
• Name, address and date of birth collected on the application form in
conjunction with the fact that the payment is made from an account
in the policy owner’s name (i.e. personal cheques and other payment
instruments drawn on policy owner’s account such as Direct
• Certified copies of identification and proof of address for policy
owner and third party if applicable.
• Complete source of Wealth form (Appendix 8).

Identification
1. Personal customers:
Identification of a personal customer is the process whereby a
designated person obtains from a customer the information necessary
for it to identify who the customer is. The identity of an individual has a
number of aspects at any point in time, all of which must be obtained
by the designated person:
1) name (which may change due to particular events);
2) address (which is likely to change from time to time); and
3) date of birth (which is a constant).

One plus One approach
Obtain one item from the list of photographic IDs (to verify name and
date of birth) and one item from the list of non-photographic IDs (to
verify address) at the outset of the business relationship.
Sources which can be used to verify identity are:
• Current valid Passport.
• Current valid driving licence.
• Current valid National Identity Card.
• In the absence of the above documents, written or otherwise
documented, assurances from persons or organisations that have dealt
with the customer for some time may suffice.
• A designated person might consider it appropriate to adopt an
alternative approach of identification such as seeking a social welfare
card, National Immigration Bureau Card off an individual who has
recently immigrated into the State.

Verify address
• Current official documentation/cards issued by the Revenue
Commissioners.
• Current official documentation/cards issued by the Department of
Social and Family Affairs.
• Instrument of a court appointment (such as liquidator or grant of
probate).
• Current local authority document e.g. refuse collection bill.
• Current statement of account from a credit or financial institution.
• Current utility bills (including those printed from the internet).
• Current household/motor insurance certificate and renewal notice

Legal persons and arrangements
Directors or the equivalent, for example: Partnerships and
unincorporated businesses, Clubs, Societies, Public Sector bodies.
Identification can generally be satisfied by either:
•obtaining a copy of the annual audited accounts listing directors (where
the necessary information is publicly accessible and considered by the
firm to be current and reliable); or
•Obtaining relevant and up-to-date legal opinion from a reliable source
documenting due diligence conducted, in relation to information on
directors:
obtaining information from relevant company or other registry
such as the CRO or known foreign equivalent; or
as warranted by the risk, verify one or more directors in line with
requirements for personal customers.

Legal persons and arrangements contd.
To identify the legal arrangement:
• A search of the relevant company or other registry (where the necessary
information is publicly accessible and considered by the firm to be current
and reliable); or
• A copy, as appropriate to the nature of the entity, of the certificate of
incorporation; a certificate of good standing; a partnership agreement; a
deed of trust or other official documentation proving the name, form and
current existence of the customer.
• In cases regarded by the firm as higher risk, use of more than one source
of information may be warranted.

Legal persons and arrangements contd.
2. Acquire prescribed information at the outset of the business
relationship to satisfy the additional information requirements:
a) Source of funds for the transaction e.g. an Irish bank account in own
name.
b) Employment and salary details - this information could be captured in
the Factfind.
c) Source of wealth (e.g. inheritance, divorce settlement, property sale).
This information should be captured on the source of wealth form.

Business Risk Assessment
•The firm must undertake and document a comprehensive business risk
assessment of the business, it should demonstrate that all potential
Money Laundering/Terrorist Financing risks pertinent to their business
have been fully considered and challenged such as :
The nature of the products being sold in the firm
The delivery mechanism or distribution channel used to sell the product
The profile of the customer
The customer’s geographical location and source of funds
•The outcome of the business risk assessment should inform the firm’s
risk-based approach and the design of AML/CTF controls.

Business Risk Assessment contd.
• The business risk assessment must be documented and must be
available to the relevant competent authority upon request.
• The business risk assessment must be reviewed and managed at
regular, predefined intervals and it must be approved by senior
management.

Business Risk Assessment contd.
• How the risk assessment affects customer due diligence
• In deciding the level of Customer Due Diligence (CDD) to be applied,
intermediaries, when undertaking a transaction/entering a business
relationship, must consider a number of factors, including:
 the relevant business risk assessment,
 the purpose of an account/relationship,
 the level of assets deposited/the size of the transaction and
 the regularity of transactions/duration of the business relationship
See BI Guidance notes for template Business Risk Assessment – Appendix 2

Ongoing Monitoring
• Monitoring means the scrutinising of transactions, and the source of
wealth or of funds for those transactions, undertaken during the
relationship in order to determine if the transactions are consistent
with the designated person’s knowledge of:
(a)the customer,
(b)the customer’s business and pattern of transactions, and
(c)the customer’s risk profile (as determined under section 30B),
and
ensuring that documents, data and information on customers are kept up
to date in accordance with its internal policies, controls and procedures

Ongoing Monitoring contd.
• Designated persons should undertake monitoring on an ongoing basis
for patterns of unusual or suspicious activity to ensure that higher risk
activity is scrutinised.
• “Complex or unusually large” transactions, or “unusual patterns of
transactions” must be investigated in greater detail and monitoring
increased if they appear suspicious.

Ongoing Monitoring contd.
• Employees should be adequately trained to identify such unusual
business and report to the designated person’s Money Laundering
Reporting Officer (MLRO) (insert firms MLRO name).
• For example, employee training should cover encashment fraud attempts
with the recent increase in encashment requests being made from client
emails to transfer funds to a particular account, where it transpired the
client had no knowledge of the encashment request.
• Where an encashment request is received, it is recommended to take
additional measures to ensure the request is genuine, for example:
Phone the client to confirm the details/instruction
Cross reference proof of ID and residency with existing proof of identity
and residency on file

Distribution Risk – may alter risk
“Face to Face” contact with no facility to take copies of ID
• Where the interaction with the customer is on a face to face basis, you
should have sight of the original document(s) and appropriate details
should be recorded. Where you visit the customer at his/her home
address, you should make a detailed record of the visit. This would include,
for example, taking details of passport or driving license numbers.
• Brokers Ireland recommends that in such scenarios, you request the
customer to forward you a copy of the relevant ID and cross reference it
with the details which were recorded at the point of sale.

Distribution Risk – may alter risk contd.
“Non face-to-face”
• The extent of the Customer Due Diligence in respect of non face-to-face
customers will depend on the type of the product or service requested and
the assessed money laundering risk presented by the customer.
• Where the customer is not physically present (e.g. by post, telephone or
over the internet) for identification purposes additional measures should
be undertaken to establish the customer’s identity.

Distribution Risk – may alter risk contd.
Examples:
• Telephone the customer on a home or business number which has been
verified (electronically or otherwise).
• Communicate at a verified address with account opening docs for
example, which might have to be returned or acknowledged .
• First payment by the customer through a bank in the State or other EU
Member State or certain specified acceptable countries.
• Internet sign on with details sent by mail to a verified address.

Failure to establish a customer and/or beneficial owner’s identity
Where an intermediary can not establish the identity of a customer and/or
beneficial owner, as a result of the failure of the customer to provide the
designated person with documents of information required, then an
intermediary must:
 Not provide a service to the customer, and
 If an existing customer, must discontinue relationship with the customer.

International Financial Sanctions
• It is necessary for firms to monitor their customers and transactions
against both the Europe Union(EU) and United Nations(UN) Sanctions
Committee lists relating to terrorism.
• Financial Sanctions lists that relate to terrorism should be monitored to
assist in preventing terrorist financing from occurring, including, but not
limited to the following:
• EU Financial Sanctions list
• UN Sanctions Committees list

Procedures and Policies
• Firms must adopt internal policies, controls and procedures in relation
to their business to prevent and detect the commission of money
laundering and terrorist financing. These requirements also apply to
persons to whom AML obligations have been outsourced.
• The internal policies, controls and procedures are to include:
(a) identification, assessment, mitigation and management of risk
factors relating to money laundering/terror financing
(b) customer due diligence measures
(c) monitoring transactions and business relationships

Procedures and Policies contd.
(d) the identification and scrutiny of complex/large transactions, unusual
patterns of transactions and any other activity that the designated person
has reasonable grounds to regard as particularly likely to be related to
money laundering/terrorist financing
(e) measures to be taken to prevent the use for money laundering or
terrorist financing of transactions or products that could favour or facilitate
anonymity,
(f) measures to be taken to prevent the risk of money laundering or
terrorist financing which may arise from technological developments,
(g) reporting (including the reporting of suspicious transactions),

(h) record keeping,
(i)measures to be taken to keep documents and information relating to the
customers of that designated person up to date,
(j) measures to be taken to keep documents and information relating to
risk assessments by that designated person up to date,
(k) internal systems and controls to identify emerging risks and keep
business-wide risk assessments up to date, and
(l)monitoring and managing compliance with, and the internal
communication of, these policies, controls and procedures.

• Policies, controls and procedures must be approved by senior
management and should be kept under review in particular when there
are changes to the business profile or risk profile of the firm.
• Firms must ensure that they have clearly defined process in place for
the formal review at least annually of the policies and procedures within
the firm.
• These policies, controls and procedures are to have regard to any
guidelines issued by the competent authority.

• Firms must ensure that persons involved in the conduct of the business
(this includes directors, other officers and employees) receive instruction
and training in respect of the law and on how to identify transactions or
other activity that may relate to money laundering or terrorist financing
(suspicious transactions) and how to proceed once identified.
• Firms should ensure that the policies and procedures are readily
available to all staff and are implemented and adhered to by all staff.

• This slide(s) should be personalised to outline the firms procedures
and policies

Management Responsibilities
The Central Bank recommends that the topic of AML/CTF is a recurring
agenda item at board/senior management/ownership level meetings. The
firm must ensure that AML/CFT/FS issues and decision making in relation
to AML/CFT/FS is evidenced in the firm’s board/management meeting
minutes. A copy of these board meeting minutes should be kept on file.
For Sole traders, record should be kept of issues and decisions made.

Record Keeping
• AML/CTF documents and other records relating to clients shall be kept
for a period of not less than five years*.
• Record keeping is an essential part of the evidence trail and sufficient
processes must be put in place to ensure that records are adequately
kept.
*You should note however that the Consumer Protection Code requires
records to be kept for 6 years from date of last transaction with client.

Record Keeping contd.
• Customer information collected to comply with the requirements of
Legislation; and
• Information regarding transactions undertaken by customers.
Possible formats in which records can be retained include one or more of
the following:
• Original documents
• Photocopies of original documents
• On microfiche
• In scanned form
• In computerised or electronic form

Record Keeping contd.
Outline the firms internal procedures in respect of record keeping here..

Requests from An Garda Síochána for client information/records
• For the purposes of providing information to the Garda Síochána this
must be requested in writing be a member of the force not below the
rank of Sergeant (who may give a direction, which must also be in
writing, to retain the documents/other related records for a period up
to a maximum of five years.

Staff Training
• Intermediaries must ensure that all staff receive on-going training in
relation to their AML and combating of terrorist financing obligations.
• Intermediaries should provide appropriate training which is tailored to
the nature, scale and complexity of the firm and which is proportionate
to the level of AML/CTF risk faced by the firm.
• Firms should provide AML/CTF training which is specific to the role
carried out by the member of staff.
• Firms should provide an enhanced AML/CTF training tailored to the
specific needs of staff who perform key AML/CTF and FS roles within
the firm e.g. the firms MLRO or senior management responsible for
AML/CTF oversight.

Staff Training contd.
• Training should be consistent with firms policies & procedures and
should consider the outcome of the firm’s business risk assessment.
• Failure by the employer to provide training is an offence under the
requirements.
• A formal training schedule should be developed and maintained to
ensure all relevant staff are adequately trained at least annually. Firms
should ensure that training is provided to new recruits upon joining the
firm in a timely manner.
• Adequate records in relation to staff training should be retained for all
internal & external courses attended for a period of 5 years

Reporting
• Requirement to have a documented internal reporting process for staff
to report a suspicious transaction - it should provide guidance on how to
complete and submit such reports.
• There should be documented timelines set by the brokerage in relation to
the filing of the Suspicious Transaction Reports (STR). Firms are required to
file an STR ‘as soon as practicable’.
• Staff reports must be made to the Money Laundering Reporting Officer
(MLRO) when the staff member knows, suspects or has reasonable
grounds to suspect that money laundering or terrorist financing is being or
has been committed or attempted

Reporting contd.
• Staff reports should include appropriate details of the customer who is
the subject of concern and a statement containing as much of the
information, giving rise to the knowledge or suspicion, as possible.
• All reports submitted via the internal reporting process should be
recorded.
• The MLRO will then decide whether to make the firm’s report to the FIU
via the goAML system and the Revenue Commissioners. Sufficient
information should be retained in order to record the reported suspicion,
and support the firms determination of whether to discount the suspicion
or to proceed and file the STR with authorities

Reporting contd.
* Presenter should provide practical examples of situations which staff
might encounter which would warrant a report.
• Firms should have written policies and procedures in relation to reporting
suspicions that may arise as a result of a failure on the part of the
customer to provide the required or updated CDD
documentation/information.

Reporting contd.
If the MLRO decides an external report needs to be made to the FIU via
the goAML system and the Revenue Commissioners. The following
information should be contained in the report:
a) The information on which the designated person’s knowledge,
suspicion or reasonable grounds are based;
b) The identity of the suspected person;
c) The whereabouts of the property that is the subject of the money
laundering or the funds that are the subject of the terrorist financing;
d) Any other relevant information.

Reporting contd.
• Firms should ensure that they are registered with goAML as STRs
cannot be submitted via go AML unless the firm has previously
registered.
• The Revenue Commissioner will accept a printed copy of the STR
submitted on goAML which should be posted to the relevant revenue
commissioners address.

Reporting contd.
• A designated person may be directed in writing by a member of the
Gardaí, not below the rank superintendent, not to carry out a specified
service or transaction for a period not exceeding seven days.
• A District Court judge may order a designated person not to carry out a
specified service or transaction for a period not exceeding 28 days.

Reporting contd.
• A designated person may only proceed with a suspicious transaction or
service prior to the sending of the report to the FIU and the Revenue
Commissioners where:
 it is not practicable to delay or stop the transaction/service from
proceeding; or
the designated person is of the opinion that failure to proceed with the
transaction or service may result in the other person suspecting that a
report may be made or that an investigation may be commenced or is in
the course of being commenced.

Reporting contd.
• You must not disclose to the customer concerned or other third persons
that a report has been made to the FIU in relation to suspicions of
money laundering or terrorist financing.
• Designated persons, employees and directors are legally prohibited
from tipping off.
• Designated persons, employees and director are legally indemnified, in
respect of any report made to FIU or Revenue Commissioners in good
faith, in relation to a suspicion of money laundering of terrorist
financing.

Role of Money Laundering Reporting Officer (MLRO)
• Holds a pre-approval controlled function (PCF) in the context of the
Central Bank Reform Act 2010
• Has a significant degree of responsibility and should be familiar with
relevant aspects of the Act and these guidelines.
• He/she is required to determine whether the information or other
matters contained in the suspicious transaction he/she has received, via
any internal reporting procedure, merit the making of a report to the FIU
(Fraud Investigation Unit) and the Revenue Commissioners.

Role of Money Laundering Reporting Officer (MLRO) contd.
• Maintenance of a log of any suspicious transactions, including details
where it was decided not to make a report to FIU & Revenue
Commissioners. The reasons for not doing so should be recorded.

Powers of the Central Bank of Ireland
• The Central Bank of Ireland is deemed to be the competent authority
responsible for monitoring compliance of designated persons with the
Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and
Criminal Justice (Money Laundering and Terrorist Financing) (Amendment)
Act 2018 .
• The Central Bank has the power under the Administrative Sanctions
Regime to sanction for failure to comply with the necessary obligations.

Powers of the Central Bank of Ireland contd.
October 2016 - Settlement with Ulster Bank Ireland DAC
The Central Bank identified significant failings in Ulster Bank Ireland’s
AML/CTF framework and procedures in respect of:
• governance and control of AML/CTF outsourcing
• assessment of AML/CTF risk specific to its business and the relevant
mitigating systems and controls
• identification and verification of existing customers (CDD) who predated
the Irish AML/CTF laws effected in May 1995 (pre-95 customers)
The Central Bank also identified areas of non-compliance in respect of
trade finance procedure manuals, adherence to internal procedures,
AML/CTF training of non-executive directors and reliance on third parties
in respect of CDD

April 2017 - Settlement with Allied Irish Bank
The Central Bank identified 6 breach's of the CJA 2010 as a result of
significant failings in Bank of Ireland’s AML/CTF framework controls,
policies and procedures in respect of:
The breaches occurred after the enactment of the CJA 2010 in July
2010 and persisted on average for over three years.
They included AIB’s failure to:
 Report suspicious transactions without delay to An Garda Síochána
and the Revenue Commissioners.
 Conduct customer due diligence (‘CDD’) on existing customers who
had accounts prior to May 1995 (‘Pre-95 customers’)

 The Central Bank also identified breaches in respect of AIB’s
AML/CFT policies and procedures in a number of areas, including
the above, and its trade finance business.

May 2017 - Settlement with Bank of Ireland
The Central Bank identified significant failings in Bank of Ireland’s
AML/CTF framework controls, policies and procedures in respect of:
• Risk assessment: assessment of money laundering/terrorist
financing (‘ML/TF’) risks specific to its business and the relevant
mitigating systems and controls.
• Suspicious transaction reports: reporting of six suspicious
transactions to An Garda Síochána and the Revenue Commissioners
without delay.

May 2017 - Settlement with Bank of Ireland contd.
• Correspondent banking: conduct of enhanced customer due
diligence (‘CDD’) on one correspondent bank situated outside of the
EU.
• The Central Bank also identified areas of non-compliance with the
CJA 2010 in relation to BOI’s trade finance business, CDD measures
and its reliance on third parties to conduct CDD.

Feedback from Central Bank AML/CTF inspections
From the sample testing undertaken by the Central Bank of both new and
existing customers, a number of issues were identified, including:
- Photo ID and/or address verification documents were not always available
on the customer file.
 For corporate customers, no constitutional documentation and/or other
information (e.g. audited accounts, information from Companies
Registration Office, etc.) were obtained for some of the customer files
reviewed.
 Documented evidence to demonstrate that on-going monitoring takes
place was not always maintained.

Feedback from Central Bank AML/CTF inspections contd.
The Central Bank expects that:
 All required identification and verification is obtained and retained. Where
Standard or Enhanced CDD is carried out, sufficient detail must be
evidenced on the customer file.
 Records are maintained of the on-going monitoring conducted, including
the type of and frequency of the monitoring undertaken.

A number of issues were identified in relation to training, including:
 Insufficient evidence that all staff, including those in key roles relating to
AML/CTF, had received appropriate training.
 Training records were not always maintained to demonstrate who had
received the training, when the training took place and the nature of the
training received.
 In some of the larger retail intermediaries, staff members were provided
with generic, high level AML/CTF training, but limited or no specific
training related to the AML/CTF procedures and processes relating to the
firm’s specific operations.

In assessing the policies and procedures in place, the Central Bank identified
a number of issues, including:
 Policies and procedures that are not aligned to, and reflective of, the
Money Laundering/Terrorist Financing risk assessment of the retail
intermediary’s specific product/service offering and its operations.
 Policies and procedures were not always adhered to in practice.
 Policies and procedures did not provide sufficient detail in relation to
suspicious transaction reporting e.g. no timelines set in relation to the
filing of suspicious transaction reports and insufficient information
provided on what might be deemed a suspicious transaction.

• The Central Bank also expects that retail intermediaries undertake and
document a Money Laundering/Terrorist Financing business risk assessment of
their business, to include all risk categories e.g. distribution channel, customer
type, etc.
• Such an assessment should be updated regularly and reflect any changes in
products or services offered e.g. new offerings with increased risk may require
Standard or Enhanced Customer Due Diligence to be carried out.
See template business risk assessment in Brokers Ireland AML/CTF Guidance
notes

Reference material
• Additional information available on Central Bank website:
https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-
the-financing-of-terrorism
• Please see Brokers Ireland guidance notes and templates on the Brokers
Ireland website

Annual-AML.CTF-template-presentation-2019.pptx

Recommended

Recommended

More Related Content

Similar to Annual-AML.CTF-template-presentation-2019.pptx

Similar to Annual-AML.CTF-template-presentation-2019.pptx (20)

Recently uploaded

Recently uploaded (20)

Annual-AML.CTF-template-presentation-2019.pptx