Ireland Safe Deposit Box, Bank and Payment Accounts Register - Frequently Asked Questions

ISBAR is Ireland’s Safe Deposit Box, Bank and Payment Accounts Register. ISBAR is established and operated by the Central Bank of Ireland, on behalf of the State, to ensure full transposition of Directive 2015/849 (as amended). The purpose of ISBAR is to hold information on accounts identifiable by IBAN (including account holders, beneficial owners and signatories), and information on safe deposit box services provided by credit institutions in Ireland, and to enable legally prescribed authorities to search and retrieve information.

ISBAR may be accessed by the Financial Intelligence Unit within An Garda Síochána, as provided for under national law S.I. 46 of 2022.

Following the transposition of EU Directive 2019/1153 via European Union (Money Laundering And Terrorist Financing) (Use Of Financial And Other Information) Regulations 2023 (S.I. 22 of 2023) further access will be  provided to the Criminal Assets Bureau (CAB), other branches of An Garda Síochána. Revenue will be provided access following the transposition of Directive 2011/16/EU on administrative cooperation in the field of taxation (S.I. 704 of 2022). 

Any credit institution established in Ireland, which issues Irish IBAN identifiable accounts, or holds Safe Deposit Boxes on behalf of its customers, is required to provide Bank Account and Safe Deposit Box information to ISBAR.

A credit institution defined in the Capital Requirements Regulation 2013, means (a) “an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account”, as per Article 4(1) of the Capital Requirements Regulation 2013, or (b) An Post in respect of any activity that it carries out, whether as principal or agent, that would render it, or a principal for whom it is an agent, a credit institution as a result of the application of paragraph (a).

Other financial service providers, or financial institutions, defined in the Criminal Justice Act 2010, issue Irish IBANs. Further legislation will be enacted to extend the scope of the reporting obligation to these entities, who will be onboarded to the register at a later date.

Where a credit institution does not provide Irish IBANs nor offer a safe deposit box service, there is no requirement to provide information in this regard. Any such credit institution that does not issue Irish IBANS nor offer safe deposit box services to customers contrary to the requirement to submit information to the Central Bank pursuant to the European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022 [S.I. 46 of 2022] should notify the Central Bank.

Links to relevant Attestation Forms:

• IBAN Attestation Form
• Safe Deposit Box Attestation Form

Credit institutions  are required to upload an Initial return via ONR with all required Bank Account and/or Safe Deposit Box data (Note: two separate returns where applicable). This will provide ISBAR with a baseline dataset following the establishment of the register.

Following the initial upload, credit institutions  are required to upload a Delta return via ONR on a weekly basis. Delta files will be considerably smaller in size than the initial return, as these returns will only include: any new records, any changes to account fields provided in the return, e.g. change of name on an account, addition/removal of a party to an account, change of address, and any accounts closed since the Initial upload of data, on an ongoing basis.

There will be no requirement to provide a delta upload where no changes have occurred in a given week.

The Central Bank of Ireland reserves the right to alter the frequency of reporting by certain credit institutions depending on the volume of records in weekly delta uploads.

For the purpose of bank or payment accounts, the following information will be reported to the register:

• IBAN
• Account Name
• Date of Account Opening
• Date of Account Closure (as applicable)

Account Holder (Natural Person) (or person acting on behalf of account holder)	Forename, Surname, Date of Birth, Address
Account Holder (Not a Natural Person) (or person acting on behalf of account holder)	Name and Registered Address
Beneficial Owner (Natural Person)	Forename, Surname, Date of Birth, Address
Beneficial Owner (Not a Natural Person)	Name and Registered Address

For the purpose of Safe Deposit Boxes, the following information will be reported to the register:

Lessee (Natural Person)	Forename and surname of the lessee, date of birth of the lessee, address of the lessee and lease period
Lessee (Not a Natural Person)	Name of the lessee, registered address of the lessee and lease period

Accounts closed on or after 3 February 2022 should be reported to the register. Accounts closed prior to this date should not be reported and will be rejected as part of how the ISBAR solution is designed.

Accounts reported to ISBAR as closed will be systematically deleted on ISBAR five years from the date of account closure.

In an instance where an account is closed, then reopened, (e.g. where an account was closed in error), the account may be reported as closed, but should be reported as open (as applicable) in the next delta file upload. In this scenario, when the account is re-opened the details previously provided should be reported including original open date and not reopen date), removing the closed date.

Account data still needs to be reported for such accounts. If a customer has died and their assets are frozen pending all formalities in relation to the inheritance being settled, the account will still need to be reported until such time as it is closed.

4AMLD, as amended, does not distinguish between open and dormant accounts. Closing date is a requirement as per the directive, therefore dormant accounts will be treated as open accounts for the purpose of the register. The challenge of accurate due diligence on such accounts for the purpose of the register is understood, given the 15 year time period or more that has elapsed, and different regulatory requirements in those times. For the purpose of reporting to the register, the following applies to such accounts:

• Dormant Accounts held by Credit Institutions that have been transferred to the NTMA and are subsequently deemed closed by the Credit Institutions (i.e. the dormant accounts may never be re-opened at a future date) are not reportable to ISBAR where the transfer to NTMA occurred before the 3rd of February 2022 (i.e. the date the ISBAR regulations came into effect).
• Dormant Accounts held by Credit Institutions that have been closed since the 3rd of February 2022 must be reported to ISBAR as closed.
• Dormant Accounts held by Credit Institutions that are not deemed closed as part of an established practice by Credit Institutions managing such accounts in line with the applicable legislation, are reportable to ISBAR as open accounts. If they are subsequently deemed closed (i.e. the dormant account may never be re-opened at a future date), such dormant accounts must be updated on ISBAR as closed.

The reporting period is weekly following initial upload. Where no changes have occurred a nil delta file is not required.

The Central Bank’s expectation is that problem records will be resolved as soon as possible and resubmitted via delta return.

There is no obligation by institutions to report on public holidays. The reporting frequency should be adhered to where possible.

No account balance or other monetary information will be contained in the register per the current legislation.

The Central Bank’s Online Reporting (ONR) system will be used as a secure mechanism to collect ISBAR data from Credit Institutions.  

There will be an “initial submission” which will constitute a baseline Bank Account / SDB dataset. Following the initial submission, weekly “delta” files reflecting changes to the records provided e.g. name changes, address changes, change of parties to an account, new accounts or accounts closed since the initial upload will be required.

Institutions will be able to monitor the progress of their upload via statuses provided on the ONR front-end. The data in the upload will be stored in a secure (internal) database and will not persist on ONR.

A technical schema  denotes the file specifications for successful transmission via ONR. See accompanying guidance regarding file validations.

Files will be XML-based. Each file will be zipped.  A single XML file will be contained within a single ZIP file.

For Bank Account data files, the zip filename format is C-Code_YYYYMMDD_BAR.zip.

For Safety Deposit Box data files, the zip filename format is C-Code_YYYYMMDD_SDB.zip.

The file shall only be processed by the ONR system if it adheres to the following naming convention: C-Code_YYYYMMDD_BAR.zip or C-Code_YYYYMMDD_SDB.zip

1. C-Code – the C-Code is the identifier for the institution on ONR (e.g. C999)

2. YYYYMMDD is the reporting date of the file submission (e.g. 20220802)

3. BAR / SDB is the file identifier (i.e. Bank Account Register or Safe Deposit Box)

4. Extension is .zip

Note: The C-Code on the .zip file must match the C-Code of the logged on Financial Institution on ONR

The .xml file shall only be processed by the ONR system if it adheres to the following naming convention: C-Code_YYYYMMDD_BAR.xml or C-Code_YYYYMMDD_SDB.xml

1. C-Code – the C-Code is the identifier for the institution on ONR (e.g. C999)

2. YYYYMMDD is the reporting date of the file submission (e.g. 20220802)

3. BAR / SDB is the file identifier (i.e. Bank Account Register or Safe Deposit Box)

4. Extension is .xml

Note: The C-Code on the .xml file shall be required to match the C-Code of the logged on Financial Institution on ONR

The maximum acceptable file size is 80mb compressed. Multiple returns, to allow for returns generated from multiple sources and/or to allow for file size upload limitations will be accepted.

See further information within - ISBAR Return Completion Guidance

In order to successfully upload their data files, the following substitute data should be reported for the beneficial owner of companies listed on a regulated market:

1. First Name          -  “Exempt”
2. Last Name           -  “Exempt”
3. Date of Birth      -  “01/01/1900
4. Address Line 1   -  “Exempt”
5. Country Code     -   “IRL”

In order to successfully upload their data files, the following substitute data should be reported on a temporary basis where data is missing for Day 1 reporting purposes and as necessary as part of any subsequent delta uploads):

Missing information IBAN Record: 

1. First Name (Person or Entity) – “Unknown”
2. Last Name – “Unknown”
3. DOB – “31/12/1901”
4. Address Line 1 – “Unknown”
5. Country Code – “TUV”

Missing information Safe-Deposit Box Record:

1. First  (Person or Entity) – “Unknown”
2. Last Name – “Unknown”
3. DOB – “31/12/1901”
4. Address Line 1 – “Unknown”
5. Country Code – “TUV”
6. Lease start date – “31/12/1901”

Lease end date (if applicable) – “02/01/1902”

Credit Institutions must confirm the count of records containing substitute information to the Central Bank. To do so, a Substitute Data Confirmation Form must be downloaded from the Central Bank website and following completion, should be signed by the Head of Compliance or equivalent and returned via email to [email protected].