The new Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018
The long awaited Criminal Justice (Money Laundering and Terrorist Financing) Act 2018 (the 2018 Act) was signed by the President into law on 14th November 2018 and fully transposes the Fourth Anti-Money Laundering Directive (MLD4) in Ireland. The 2018 Act introduces a number of amendments to existing anti-money laundering (AML) legislation set out in the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 and 2013. The Act does not repeal the current legislation. Going forward, all businesses falling within the scope of this legislation will need to comply with three separate Acts and any associated guidance.
Money laundering and terrorist financing are global problems that can compromise the integrity and stability of countries’ financial systems and institutions. Global money laundering transactions are estimated at 2 – 5% of global GDP, $1-2 trillion annually in the U.S. and at least €3 billion of Ireland’s GDP annually. Shockingly the United Nations Office on Drugs and Crime (UNODC) reckons less than 1% of global illicit financial flows are currently seized by authorities.
Money Laundering is the process by which criminals conceal the true origin and ownership of the proceeds of criminal activity. If undertaken successfully, money laundering enables criminals to legitimise “dirty” money by mingling it with “clean” money, ultimately providing a legitimate cover for the source of income. A common misconception is that money laundering only relates to theft, drug or similar offences. However, it also relates to tax evasion, financial fraud and deception.
Obligations are placed on ‘designated persons’ to carry out a range of checks and internal procedures when dealing with customers or transactions. Such measures aim to identify and combat the occurrence of money laundering/terrorist financing related crimes. Such designated persons include credit and financial institutions, accountants, solicitors, trust or company service providers, estate agents and the law now captures the providers of gambling services. A failure to adhere to these statutory compliance measures constitutes an offence.
Some of the key Amendments in the 2018 Act include the following:
Business Risk Assessment - The 2018 Act introduces a statutory requirement for designated persons to conduct and maintain a written ‘business risk assessment’. This will enable designated persons to more clearly identify and assess the money laundering/ terrorist financing risks involved in carrying out their own business activities. The obligation is discharged by following a number of procedures set out in the 2018 Act, including consulting the Department of Finance’s National Risk Assessment and other guidelines issued by their supervisory and regulatory bodies. The business risk assessment must be approved by senior management.
Customer Risk Assessments - It is now a statutory requirement to carry out a stand-alone risk assessment on each customer. A risk assessment of every client is important to determine your firm’s exposure to money laundering/terrorist financing risks and the appropriate Customer Due Diligence (CDD) to be applied. The 2018 Act includes schedules which contain non-exhaustive lists of factors suggesting lower risk levels (schedule 3) or higher risk levels (schedule 4) that might attach to particular customers or transactions.
Internal Policies, Controls & Procedures – The 2018 Act provides a prescriptive version mandating the types of internal policies, controls and procedures that designated persons must have in place to prevent and detect money laundering/terrorist financing. Policies and procedures must be kept under review and must be approved by senior management.
Simplified Customer Due Diligence (SCDD) and Enhanced Customer Due Diligence (ECDD) - Under the former regime, SCDD could be applied to specified low-risk categories of customers or business relationships. However, under the 2018 Act decisions by designated persons on when to apply SCDD must be documented and justified on a case-by-case basis informed by, inter alia, the business risk assessment. ECDD works in a similar fashion and must be applied when the perceived risk level is heightened.
ECDD and politically exposed persons (PEPs) - The 2018 extends the scope of a PEP to persons residing inside the State and their immediate family members and close associates.
Timing of CDD - A designated person must carry out CDD prior to establishing a business relationship and must refrain from providing such services if the customer cannot provide the required information. The 2018 Act adds that CDD must be executed at any time, including a situation where the circumstances of a customer have changed, where the risk of money laundering/terrorist financing warrants its application.
Ongoing Monitoring - The 2018 Act introduces a definition of ‘monitoring’ and requires that designated persons monitor any business relationship that it has with a customer to the extent reasonably warranted by the risk of money laundering or terrorist financing.
Beneficial ownership – This is expanded for companies, trusts and partnerships.
Designated Persons and Responding to Queries - All designated persons must be in a position to respond to queries from An Garda Síochána with respect to any business relationship that that person held within the previous 5 years.
It is crucial to comply with the money laundering and terrorist financing legislation as both the firm and the employee can face criminal penalties for failure to comply with the law. Designated persons must achieve statutory compliance with money laundering legislation by carrying out a business risk assessment, by carrying out a customer risk assessment which will assist you justify the level of CDD required in regard to know-your-customer checks, continuing to monitor customers and transactions, updating policies, controls and procedures, provide training to staff and making suspicious activity reports to the relevant competent authorities where necessary.