Page Contents
Key contacts
Related areas
On 1 July 2025, the Central Bank of Ireland (Central Bank) fined Swilly Mulroy Credit Union (SMCU) €36,273 for breaching provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (2010 Act) and the Credit Union Act 1997 (1997 Act) over a seven and a half year period.
Facts of the case
SMCU has been authorised as a credit union since 1985. It admitted to seven prescribed contraventions relating to anti-money laundering/counter-terrorist financing (AML/CFT) and risk management failures under the relatively new Undisputed Facts Settlement Process, including a more detailed factual summary of the key facts, which are set out below. The breaches were identified by the Central Bank in 2022 during an on-site inspection by its Anti-Money Laundering Division. The Central Bank commenced an enforcement investigation in 2023.
Between 2 January 2014 and 30 June 2021, SMCU was found to have operated a practice of soliciting and accepting cash deposits from natural persons and local cash intensive businesses, the majority of whom were not members of the credit union and therefore did not hold accounts with it. The amounts of the deposits received were transferred by electronic funds transfer from the main/omnibus account at SMCU to external bank accounts designated by the depositors, without first being deposited in customer accounts. SMCU failed to apply AML/CFT due diligence measures to the depositors and transactions involved in the cash lodgement service. Under the service, SMCU processed €8.75 million in deposits from over 2,000 cash lodgements made by 23 depositors.
The cash lodgement service was implemented at SMCU following the closure of several bank branches and post offices in the area causing an increased demand for cash from SMCU’s members. However, the service was not offered to the public or more widely and SMCU solicited the 23 depositors for cash deposits. The deposits received were used as a cash float to ensure SMCU had an adequate cash supply to fulfil its members’ demands and to avoid the costs associated with cash deliveries.
The Board of SMCU was made aware on several occasions of the risks associated with the cash lodgement service by its internal and external auditors and the Irish League of Credit Unions. Central Bank AML/CFT guidance also emphasised the greater risk of money laundering and terrorist financing (ML/TF) related to cash intensive practices. Notwithstanding this, no steps were taken by the Board to manage the risks associated with the service, either by ceasing the service or by putting in place the necessary AML/CFT measures to ensure compliance with the 2010 Act.
The service was discontinued after new management recognised the risks associated with the service and brought their concerns to the attention of the Board. Even at this time, however, the Board and management did not notify the Central Bank of the concerns or any identified breaches.
Prescribed contraventions
SMCU admitted to six prescribed contraventions of the 2010 Act and one prescribed contravention of the 1997 Act.
In summary, the prescribed contraventions of the 2010 Act included:
failure to consider the ML/TF risks as part of the business risk assessment conducted by SMCU
failure to conduct a customer risk assessment to identify and assess the risk of ML/TF associated with the depositors to determine the extent of customer due diligence and transaction monitoring required
failure to verify the depositors’ identities, the nature of their business and the source of funds with appropriate documentation as part of customer due diligence measures
failure to monitor dealings with the depositors and scrutinise their transactions and the source of their wealth or funds
failure to examine the background and purpose of transactions that involved unusually large cash lodgements and failure to increase the degree and nature of monitoring of the business relationships connected to those transactions
operating the cash lodgement service contrary to, and entirely outside of, SMCU’s AML/CFT policies and procedures, and failure to apply the policies and procedures to the depositors or the transactions.
In relation to the Credit Union Act 1997, SMCU failed to take steps to manage the risk of ML/TF associated with the cash lodgement service despite the Board being notified of the risks on several occasions.
Determination of the sanction
Under the new Administrative Sanctions Procedure, the Central Bank’s updated guidance now refers to several stages in assessing the appropriate financial sanction for admitted prescribed contraventions. The guidance refers to ‘five steps’, although the Central Bank retains a certain level of discretion as to the appropriate sanction to impose. These steps include: determining an appropriate ‘starting point’ financial figure; applying a ‘severity level’ to that figure by reference to the seriousness of the contraventions; and then considering other factors such as mitigation or aggravating factors, any further adjustment which may be necessary to reflect the relevant factors and an assessment as against the maximum penalty that could be imposed; and considering the appropriateness of the financial sanction element of any investigation when evaluated together with any other sanctions imposed on the firm or individual.
A ‘severity level’ of 6 was applied to the ‘starting point figure’ of €751,000 (which was calculated on the basis of SMCU’s annual average revenue over a seven and a half year period). This resulted in a ‘base monetary penalty’ of €45,060. The severity level was based on the number and duration of the prescribed contraventions and the fact that the contraventions were reckless and connected to ‘serious weaknesses’ in SMCU’s AML/CFT policies and procedures and risk management systems and controls. The contraventions also represented a serious departure from the standards expected of credit unions as articulated in guidance documents published by the Central Bank and Department of Finance in 2013, 2015 and 2019.
An aggravating factor was that SMCU was made aware of the issues relating to the operation of the cash lodgement service on several occasions but failed to report the issues to the Central Bank. In light of this, the base monetary penalty was increased by 15% to €51,819. While there were no mitigating factors, a 30% early settlement discount was applied, resulting in a monetary penalty of €36,273.
Comment
This case serves as a clear reminder of the Central Bank’s continued focus on robust AML/CFT compliance and effective risk management within credit unions. Boards and management must ensure that all services are subject to appropriate client due diligence and risk controls, and that regulatory concerns or breaches are promptly reported to the Central Bank.
For further information on the Central Bank’s updated Administrative Sanctions Regime, related guidance and our experience of advising firms in response to enforcement investigations in practice, please contact Dario Dagostino, Partner, Mark Devane, Partner, Chloe Culleton, Partner, Sarah Lee, Senior Knowledge Lawyer or your usual ALG contact.
Date published: 16 July 2025
