AML Update: Bill transposing MLD4 published
A Bill which will transpose most of the Fourth Money Laundering Directive (MLD4) into Irish law has been published by the Minister for Justice.
MLD4 was due to be transposed into Irish law by 26 June 2017. Parts of Article 30 (dealing with the beneficial ownership of corporates) were already transposed in November 2016 (read our
briefing: New rules on information about the beneficial ownership of corporates by individuals). The remaining parts of MLD4 dealing with beneficial ownership are being managed separately by
the Department of Finance.
The Bill (the Criminal Justice (Money Laundering and Terrorist Financing)(Amendment) Bill 2018) will, when enacted, amend the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and the Criminal Justice Act 2013 (which transposed the Third Money Laundering Directive into Irish law).
Together with the Criminal Justice (Corruption Offences) Bill, it forms part of the Government’s white collar crime package (read our Corporate Crime Group’s briefing on that package here: New White Collar Crime Package).
This Briefing summarises the key provisions of the Bill, which reflect the targeted risk-based approach to combating money laundering/terrorist financing (ML/TF) which underpins MLD4.
Conducting Risk Assessments
Designated persons must assess the ML/TF risk involved in a person’s business. Various specified factors must be taken into account, together with any additional risk factors prescribed by the Minister from time to time, any guidance issued by the relevant competent authority, the National Risk Assessment and any guidelines issued by the European Supervisory Authorities. The assessment must be approved by senior management, and must generally be documented.
What should be assessed?
The designated person will have to assess the ML/TF risk presented by the customer/transaction by reference to a number of factors, including the presence of any factor indicating a potentially lower, or a potentially higher, risk. The Bill sets out non-exhaustive lists of factors that might suggest lower, or higher, risk:
- factors suggesting lower risk include the customer being listed on a stock exchange and subject to disclosure requirements;
- factors suggesting higher risk include non-resident customers, the use of nominee shareholders, the use of bearer shares, the use of personal asset-holding vehicles, new products and business practices, and non-face-to-face transactions.
In addition to the requirement under the 2010 Act that customer due diligence (CDD) be carried out at particular times, the Bill proposes that CDD be carried out at any time that the ML/TF risk
Acting on behalf of Customer
Where a person purports to act on behalf of a customer, a designated person will be obliged to verify (a) the identity of that person, and (b) that they are authorised to so act.
Simplified Customer Due Diligence (SDD)
Reflecting the risk-based approach underpinning MLD4, designated persons will be allowed to carry out SDD where the customer or business area is considered to be low risk. If a designated person decides to apply SDD, it must keep a record of how it reached that decision, and continue to monitor the relationship.
A designated person will be required to look into “complex or unusually large” transactions, or “unusual patterns of transactions” in greater detail, and increase monitoring if they appear suspicious.
Life Assurance Policies
Additional requirements will be imposed regarding the identification of the beneficiaries of life assurance policies and other investment-related assurance policies.
Under the 2010 Act, banks can open accounts for customers before verifying their identity provided that no transactions are carried out on those accounts until verification has taken place.
Under the Bill, this right will be extended to financial institutions, and to accounts that permit transactions in transferable securities.
Politically Exposed Persons (PEPS)
Measures that previously applied only to PEPs resident outside of Ireland will now also apply to PEPs resident in Ireland. Specific steps must also be taken where the PEP is a beneficiary of a life
Enhanced Customer Due Diligence (EDD)
Designated persons will have to carry out EDD when:
- dealing with a customer residing or established in a high-risk third country; or
- a relationship or transaction presents a higher degree of risk.
Relying on Third Parties
The circumstances in which a designated person can rely on a third party to carry out CDD will be expanded to provide that (if certain conditions are met) a designated person can also rely on
a third party established in a third country if it is a branch or majority-owned subsidiary of a designated person established in the EU.
A designated person will not be required to carry out various CDD measures in respect of electronic money payment instruments if certain conditions are met.
Policies and Procedures
Matters to be included
The Bill expands the list of matters which must be included in a designated person’s ML/TF policies and procedures, including measures to be taken to prevent risks which may arise from new
Groups of companies will be required to have group-wide policies and procedures for preventing and detecting ML/TF which must be implemented by any designated person within the group. If an Irish company that is a designated person operates a branch or majority-owned subsidiary, it must adopt and apply group-wide policies and procedures. If it has a subsidiary in another EU Member State, it must comply with the local laws that transpose MLD4. If the subsidiary is in a third country with less strict ML laws, it must apply Irish ML/TF law. If a third country does not allow the group’s policies and procedures to be applied, the designated person must ensure that additional measures are applied and notify the competent authority. Suspicious transaction reports must be shared with the group, subject to the restrictions around tipping-off.
The Bill updates the definition of “financial institution” to take account of updates to previous EU Directives, and also defines “collective investment undertaking” (being a UCITS authorised under the 2011 Irish UCITS Regulations, a UCITS management company authorised under the 2011 Irish UCITS Regulations, an AIF within the meaning of the 2013 Irish AIFMD Regulations, or an AIFM within the meaning of the 2013 Irish AIFMD Regulations). A “collective investment undertaking” that markets or otherwise offers its units or shares was already a “financial institution” under the 2010 Act – the Bill simply defines that term.
Registering with the Central Bank
Certain financial institutions that are not already authorised by or registered with the Central Bank will be required to register certain details with the Central Bank to enable it to identify those who are responsible for supervising ML generally.
The Bill also provides an exception for legal professionals from the restriction on providing a service to someone who has not provided them with the necessary AML information/documents – the legal professional can continue to provide the service if they are ascertaining the person’s legal position, or representing them in legal proceedings.
High-Value Goods Dealers
Dealers in high-value goods will now be in-scope where they make or receive cash payments of €10,000 or more (the threshold is currently €15,000).
The conditional ban on banks entering into correspondent banking relationships with banks outside the EU has been extended to financial institutions.
The prohibition on a bank entering into a correspondent relationship with a shell bank has been extended to so that it now applies to all financial institutions.
Financial Intelligence Units (FIUs)
The Bill inserts a new Chapter 3A into the 2010 Act, dealing with the role of Ireland’s FIU (which is part of An Garda Síochána). It deals with the FIU’s powers to receive and analyse information, to access the central registers of beneficial ownership of corporates and trusts, to request information from competent authorities, the Revenue Commissioners, and the Minister for Employment Affairs and Social Protection, and to share information with other FIUs across the EU.
Designated persons will be required to report transactions connected with high-risk third countries to the FIU and to the Revenue Commissioners.
One of the defences to the offence of “tipping off” (disclosures within an undertaking or group) has been broadened to include branches and majority-owned subsidiaries of banks and financial institutions, provided that the institutions in question were complying with group policies and procedures.
An Garda Síochána will be allowed require a designated person to keep CDD records beyond the current 5-year period if they are required for the investigation or prosecution of ML/TF. Thereafter, the designated person must delete those records.
Responding to Queries
At the moment, banks and financial institutions must have systems in place that enable them to respond quickly to queries from An Garda Síochána regarding business relationships within the
previous 6 years. The Bill will extend the requirement to all designated persons, but reduce the time period from 6 years to 5 years.
The penalties that that can be imposed by the Central Bank in respect of AML breaches by regulated financial services providers (RFSPs) are listed in the Bill as follows:
- designated person is an individual: the greater of (a) €1 million and (b) 2 x the amount of the benefit derived from the breach;
- designated person is a body corporate or unincorporated body: the greatest of (a) €10 million, (b) 2 x the amount of the benefit derived from the breach and (c) 10% of its turnover for the last complete financial year. Where the breach is by a person involved in the management of an RFSP, the penalties are as follows:
- designated person is a bank or financial institution: the greater of (a) €5 million and (b) 2 x the amount of the benefit derived from the breach;
- designated person is not a bank or financial institution: the greater of (a) €1 million and (b) 2 x the amount of the benefit derived from the breach;
Taking All Reasonable Steps
It will be a defence to offences under Part 4 (Provisions relating to finance services industry, professional services providers and others) to show that the person charged with the offence took all reasonable steps to avoid committing the offence.
Points to Note Re Beneficial Ownership
As mentioned above, the remaining parts of MLD4 (i.e. those dealing with the beneficial ownership of corporates and trusts) are within the remit of the Department of Finance, and will be
dealt with by that Department separately. Those provisions may be impacted by the agreement that has just been reached at EU level on the Fifth Money Laundering Directive (MLD5) – we are publishing a separate briefing on MLD5 this week.
The Bill contains limited references only to the beneficial ownership rules. References to beneficial ownership in the existing Acts will be amended to bring them into line with the concepts
of beneficial ownership set out in MLD4, and the beneficial owner hold at least 25% of the capital of the trust property will be removed by the Bill.
Further details will be contained in our MLD5 briefing.