The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the Act) was signed into law by the President on 18 March 2021. It awaits commencement by the Minister. The Act amends the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the 2010 Act) and transposes the Fifth Anti-Money Laundering Directive (5AMLD) into Irish law; something which was required to be completed by 10 January 2020.
While the Act transposes most of the elements of 5AMLD, a few notable areas remain outstanding. These are:
a central register of bank accounts (preparations for which are underway in the Department of Finance)
a central register of beneficial ownership of express trusts (the groundwork is laid in the Act but it requires enabling regulations)
a list of recognised prominent public functions in Ireland which qualify as PEPs, which will feed into an EU-wide list of recognised functions overseen by the European Commission (the Act permits the Minister to issue guidelines)
The Act is largely unchanged from the Bill which was published last September, and which we covered in a previous Bulletin article (available here). Overall, the Act has a limited impact on the anti-money laundering and counter-terrorist financing (AML/CFT) regime. The changes introduced are those required by 5AMLD and there is no gold-plating. The key changes introduced by the Act are discussed below.
Virtual Asset Service Providers
One of the most significant new features introduced under the Act is the extension of the AML regulatory regime to financial and credit institutions acting as virtual asset service providers (VASPs) and providing the following services:
exchange between virtual assets and fiat currencies
exchange between one or more forms of virtual assets
transfer of virtual assets from one virtual asset address or account to another
custodian wallet providers
participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset
Firms providing virtual asset services will be “designated persons” for the purposes of the 2010 Act and will be required to comply with AML/CFT obligations, including carrying out a business risk assessment, undertaking customer due diligence (CDD), carrying out ongoing monitoring, and filing suspicious transaction reports (STRs).
New and existing VASPs will be required to register with the Central Bank (CBI) for AML/CFT purposes. The CBI has already set up this registration procedure and VASPs will be required to register once these sections of the Act are commenced; existing VASPs will have three months from the date of commencement in which to register.
In order for the CBI to approve an application for AML/CFT registration, it must be satisfied that:
the firm’s AML/CFT policies and procedures are effective in combatting the ML/TF risks associated with its business model
the firm’s management and beneficial owners are "fit and proper"
The CBI will maintain a Register of Virtual Asset Service Providers and may impose conditions on registration. The Act also bestows supervisory powers on the CBI in terms of the beneficial ownership of VASPs, including placing a restriction on the acquisition of beneficial interest in VASPs without prior approval of the CBI in writing.
Other new designated persons
As well as VASPs, the Act creates further new types of ‘designated person’, which will be required to apply AML measures in the course of their business:
letting agents (in respect of transactions for which the monthly rent is at least €10,000)
high-value art dealers and intermediaries (in respect of transactions of at least €10,000 in value)
tax advisers (the scope of persons who fall within the definition of tax advisor is extended to include "any other person whose principal business or professional activity is to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters)
Beneficial ownership: new obligations on designated persons to check beneficial ownership registers
Prior to the establishment of a business relationship with a customer, a designated person will be required to ascertain that information concerning the beneficial ownership of a customer is entered in the relevant beneficial ownership register (an entity's express trust register, the Central Register of Beneficial Ownership of Companies and Industrial Provident Societies, or the Central Register of Beneficial Ownership of Irish Collective Asset-management Vehicles, Credit Unions and Unit Trusts).
A designated person must not engage in a business relationship until the beneficial ownership information is obtained, unless the designated person is a financial institution. A financial institution may open an account ahead of obtaining the information, but cannot allow any transactions to occur.
Where the beneficial owner is recorded as being a senior managing official, a designated person will be required to verify the identity of that person, keep records of the steps taken and record any difficulties encountered in the verification process.
Beneficial ownership of express trusts
The Act lays the groundwork for anticipated new regulations on the beneficial ownership of express trusts. The Act provides for certain definitions in this regard, including for the "relevant trust", which will be subject to the regulations, and "excluded arrangements" (including pension schemes, retirement funds and employee share schemes) which will be exempted.
Politically Exposed Persons (PEPs)
The definition of a PEP is broadened by the Act to include "any individual performing a prescribed function". The Minister for Justice, with the consent of the Minister for Finance, will be empowered to issue guidelines to competent authorities in respect of the functions in the State considered to be "prominent public functions".
This aspect of the Act was one of the most hotly debated in the Oireachtas, with many TDs and Senators expressing their dissatisfaction with the broad reach of AML/CFT measures for PEPs (enhanced CDD measures also apply to a PEP's family members and "close associates"). Member States do not have discretion in how these measures are applied. However, as a compromise, the Government agreed to the insertion of a subsection permitting the Minister to issue guidelines to competent authorities "for the purpose of facilitating the consistent, effective and risk-based application of this section".
The Act also permits a designated person to continue monitoring someone who was previously a PEP "as long as is reasonably required to take into account the continuing risk posed by that person and until such time as that person is deemed to pose no further risk specific to politically exposed persons".
Triggers for conducting CDD extended
The Act extends the triggers for conducting CDD to include any time that a designated person is required "by virtue of any enactment or rule of law" to contact a customer for the purposes of reviewing information relating to the customer's beneficial owners.
Enhanced CDD for high-risk third countries
The Act provides a list of enhanced CDD measures, which a designated person is required to apply when dealing with a customer established or residing in a high-risk third country. These involve obtaining "additional information" on the customer, beneficial owner(s), their sources of wealth, the intended nature of the business relationship, and completed or intended transactions.
A designated person will also be required to obtain senior management approval for establishing or continuing such a business relationship and to conduct enhanced monitoring "by increasing the number and timing of controls applied and selecting patterns of transaction that need further examination".
Examination of background and purpose of certain transactions
The Act introduces a slight relaxation of the requirement for designated persons to examine the background and purpose of transactions which are complex or unusually large by providing that a designated person shall do this "as far as possible".
Schedules of low and high risk factors
Schedule 3 of low risk factors is amended to qualify that the specified geographical risk factors (suggesting a lower risk of ML/TF) refer to the place of registration, establishment and/or residence. Schedule 4 of high risk factors is amended to include further specified red flags for identifying transactions that pose a higher risk of ML/TF.
Limiting of the 'tipping off' defence
The Act limits the 'tipping off' defence for disclosure to those specified persons who can prove that the disclosure was made to either:
a credit institution or financial institution incorporated in a Member State, where both the institution making the disclosure, or on whose behalf the disclosure was made, and the institution to which it was made belonged to the same group, or
a majority-owned subsidiary or branch, situated in a third country, of a credit institution or financial institution incorporated in a Member State and where the subsidiary or branch was in compliance with group-wide policies and procedures, including procedures for sharing information within a group.
Prior to this amendment, the defence could be applied in group situations where the institution to which the disclosure was made was "situated in a Member State or a country other than a high-risk third country". Now, the institution must be incorporated in a Member State in order for this group exemption from disclosure rules to apply.
Feedback to designated persons
The Act requires the Financial Intelligence Unit to "provide timely feedback" to a designated person, "where practicable" in respect of suspicious transaction reports made to them. This places an existing administrative practice on a legislative footing.
Breaches within competent authorities
A new section requires each competent authority to establish "effective and reliable mechanisms" to encourage the reporting of potential and actual breaches of the 2010 Act. Such mechanisms must include the provision of "one or more secure communication channels" for such reporting, which can also be used by persons "to report any threats or retaliatory or hostile actions they are subjected to for reporting suspected breaches".
Co-operation with Member State competent authorities
The European Union (Money Laundering and Terrorist Financing) Regulations 2019 inserted a new section into the 2010 Act requiring competent authorities to take "the necessary steps" to cooperate with competent authorities in other Member States. The Act clarifies that cooperation with Member State competent authorities may include the sharing of information where it is not prevented by law and that the provision of assistance must not be refused on the basis that the information involves tax matters, requires the competent authority to maintain secrecy or confidentiality, or that there is an inquiry, investigation or proceeding underway.
The Act repeals the old provision in the 2010 Act on the Appeal Tribunal and replaces it with a new, more expansive, section allowing for the establishment of a permanent Appeal Tribunal. The new section outlines how the tribunal is to be constituted, how members are to be appointed and removed and the conditions of appointment, which include a requirement that each member of the Tribunal be a practising barrister or solicitor of at least ten years' practice.
Electronic money & anonymous safe-deposit boxes
The Act lowers the value limit for carrying out CDD on e-money instruments (such as pre-paid cards) from €250 to €150. It also gets rid of the €500 limit exemption for domestic electronic payment instruments, reduces the cash redemption limit from €100 to €50 and adds a new requirement that a transaction cannot exceed €50 if initiated via a remote payment transaction.
The Act also makes it an offence for a credit institution or financial institution, acting as an acquirer, to accept a payment carried out with an anonymous prepaid card issued in a foreign state that does not fall within the exemptions.
The existing prohibition on credit or financial institutions setting up anonymous accounts or passbooks is extended to safe-deposit boxes.
Scope of CBI's supervision – performance of certain functions
The Act extends the supervisory and enforcement functions and powers of the CBI under the Central Bank Acts (1942, 2010 and 2013) to monitoring and ensuring compliance with the AML Directives and FATF Recommendations.
This would seem to address any lingering uncertainty concerning the applicability of the CBI's administrative sanctions procedure to certain financial service providers, such as 'Schedule 2 firms' (on which an obligation to register with the CBI was imposed by the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018).