Supervision

Anti-Money Laundering and Countering the Financing of Terrorism Supervision

In fulfilling its role as state competent authority responsible for effectively monitoring credit and financial institutions' compliance with their Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) ("CJA 2010"), credit and financial institutions should have regard to the following:

• All financial and credit institutions must comply with their statutory obligations, and must be able to demonstrate to the Central Bank how they have complied;
• The Central Bank conducts on-site inspections and other supervisory engagements across the financial sector to effectively monitor that there is compliance and effective implementation of the relevant statutory obligations;
• Emphasis will be placed on compliance with the requirements under the CJA 2010 to adopt and implement policies and procedures for the assessment and management of risks of money laundering and terrorist financing;
• Policies and procedures must be up-to-date and available for inspection, and that senior management (including boards of directors) can demonstrate full awareness of their responsibilities;
• Measures will be taken by the Central Bank that are reasonably necessary for the purpose of securing compliance and there are a wide range of administrative sanctions available to the Central Bank to utilize to this end, if necessary.

Risk Based approach to AML Supervision

The Central Bank implements a risk-based approach to AML and CFT supervision of credit and financial institutions ('firms'). Effective risk based supervision entails identifying money laundering ('ML') and terrorist financing ('TF') risks and supervising firms commensurate with the risks identified and taking necessary action to bring about compliance.

There are two elements of the Central Bank's risk-based approach to AML/CFT supervision: (a) Identification and Assessment of ML/TF Risk; and (b) AML/CFT Supervisory Engagement to monitor and bring about compliance by firms.

Identification and Assessment of ML/TF Risk

The Central Bank maintains a Money Laundering / Terrorist Financing Risk Assessment ('ML / TF Risk Assessment') which identifies and assesses ML/TF risk in the financial sector in Ireland from a supervisory perspective.

Risk Assessment Process

The ML/TF Risk Assessment includes;

• The ML/TF risks associated with the firms business models; and
• The overall quality of the firms' AML/CFT control framework

Factors considered during the ML/TF assessment include:

• Nature, scale and complexity;
• Types of customers;
• Distribution channels;
• Products and services; and
• Any other relevant factors

The ML/TF Risk Assessment is an iterative process, given the evolving and changing nature of ML/TF risk in the financial sectors supervised by the Central Bank. The Central Bank reviews and revises its understanding of ML/TF risk from a number of sources, including:

• Output from supervisory engagement;
• Its outreach programme; and
• Intelligence gathering and sharing with law enforcement agencies, financial intelligence units, revenue and customs agencies, national & international policy makers and other supervisors (national and international).

ML/TF Risk Assessment Ratings

The ML/TF Risk Assessment model assigns four ML/TF sectoral ratings - High; Medium High; Medium Low; and Low risk. The overall risk rating for each sector is set out in the table below.

Firm Specific ML/TF Risk Ratings

Firms that are designated persons are categorised by sector and the ML/TF risk rating applicable to that sector will be applied to the firm. Individual firms' ML/TF risk ratings are applied on the basis of supervisory engagements such as inspections, submission of Risk Evaluation Questionnaires and other interactions in relation to the firm. An individual firm's ML/TF risk rating may differ from the risk rating applied to its sector, depending on the specific ML/TF risk associated with its business model and the quality of its AML/CFT control framework.

It is important to note that an assessment of a firm as being of a higher ML/TF risk does not necessarily indicate that there is low level of AML/CFT compliance in that firm. Some firms will by the very nature or scale of their business model, remain higher ML/TF risk even with robust AML/CFT compliance frameworks in place.

AML / CFT Supervisory Engagement Model

Firms should note that the AML/CFT supervisory engagement model is separate and distinct from the Prudential and Consumer supervisory engagement models.

The Central Bank implements a graduated approach to AML/CFT risk-based supervision. What this means is that higher intensity supervisory measures (e.g. onsite inspections) are used to monitor firms that are higher risk. Other less intensive supervisory measures such as AML/CFT Risk Evaluation Questionnaires and outreach activities (e.g. presentations and seminars) are also used as part of the Central Bank's AML/CFT supervisory programme.

The frequency and intensity of AML/CFT supervisory engagement model for an individual firm is dependent on its ML/TF risk rating as set out in the table below:

Table: AML/CFT Minimum Supervisory Engagement Model

[1] Certain firms with the highest level of ML/TF risk associated with the nature and scale and complexity of their business model and/or operations have been assigned an "Ultra High" ML/TF risk rating. Such firms are subject to a more intensive/frequent level of supervisory engagement.

It should be noted that the engagement levels set out above are the minimum that firms in the different categories are subject. The Central Bank may apply additional supervisory measures to firms and sectors in circumstances where it further mitigates against the risk of the financial services industry being exploited for money laundering and/or terrorist financing purposes. For example, the Central Bank has appointed Relationship Managers to certain firms and sectors in order to ensure appropriate responses and timely interventions to matters that arise. In addition, the Central Bank may meet with key control functions within firms e.g. CEO, CRO, Internal Audit, Independent Non-Executive Directors, as well as attending board meetings in order to determine that firms are aware of ML/TF risks and that appropriate measures are being taken to mitigate those risks. The Central Bank conducts supervisory engagement (including onsite inspections) of firms rated medium low and low on an ongoing basis. This supervisory engagement results in firms being strategically targeted in order to optimise our supervisory reach in a particular sector; selected randomly on a spot check basis; or being selected on a responsive basis, arising from information brought to the attention of the Central Bank by a firm, or by another party.

Supervisory Powers under the Central Bank (Supervision and Enforcement) Act 2013

In addition to the preventative measures set out under the CJA 2010 the Central Bank can deploy a number of other supervisory powers under the Central Bank (Supervision and Enforcement) Act 2013 in order to obtain compliance by regulated firms with their obligations under the CJA 2010. Where the Central Bank deems appropriate it may:

• Issue a notice in writing to a designated person requesting that it furnish a report on any matter, including AML / CFT and measures to prevent breaches of Financial Sanctions;
• Request designated persons provide information which is necessary in order for the Central Bank to perform its obligations as a Competent Authority;
• Subject to the issuing of the appropriate warrants or consent of the occupier, appoint authorised officer(s) to enter premises, conduct searches, request the provision of relevant documentation and summon certain persons to provide information and answer questions.

Designated persons found to be in breach of their AML / CFT obligations under the CJA 2010 will be required to undertake remediation action. Designated persons who fail to engage with the Central Bank and undertake the required remedial action or, are those firms that are found to have committed serious breaches under the CJA 2010 may find themselves subject to an enforcement action taken under the Central Bank's Administrative Sanctions Procedure (ASP) as set out in more detail below.

Enforcement

As the Competent Authority responsible for the monitoring and supervision of financial and credit institutions compliance with their obligations under the CJA 2010 in Ireland, the Central Bank is empowered to take measures that are reasonably necessary to ensure that firms comply with the provisions of the CJA 2010.

The Central Bank has the power to administer sanctions, under the Central Bank's Administrative Sanctions Procedure, against designated persons for certain breaches of Part 4 of the CJA 2010.

Please see the links below to a number of recent Settlement Agreements in respect of breaches of the CJA 2010:

Danske Bank A/S

Campbell O'Connor

Appian Asset Management Limited

Intesa Sanpaolo Life DAC

Bank of Ireland

Allied Irish Banks, p.l.c.

Drimnagh Credit Union Limited

Bray Credit Union Limited

Ulster Bank Ireland DAC

Western Union Payment Services Ireland Limited

AXA MPS Financial Limited

Community Credit Union Limited

UBS International Life Limited

Risk Evaluation Questionnaire ('REQ') Return

Building upon the obligations of credit and financial institutions under the CJA 2010, the Central Bank has developed a REQ in order to seek information regarding individual firms' exposure to ML / TF risks and also their AML / CFT compliance framework.

The Central Bank will notify firms on an annual basis to request submission of the REQ. Firms are required to submit the REQ in the specified format, through the Central Bank's Portal, within the time period specified.