ANNUAL ANTIMONEY LAUNDERING TERRORIST FINANCING TRAINING JUNE 2019

ANNUAL ANTI-MONEY LAUNDERING & TERRORIST FINANCING TRAINING JUNE 2019

Important Ø Members should note this is a template presentation and must be personalised by the firm to reflect their own policies and procedures.

Legislation • The Irish AML/CTF legislative framework is set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. This framework was updated with the transposition of the 4 th EU AML Directive into Irish Law in 2018 pursuant to the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018. • The key amendments in the 2018 Act include: § Introduction of Business Risk Assessments § Simplified and Enhanced Due diligence changes § Internal Policies and procedure § Enforcement

What is Anti-Money Laundering & Terrorist financing? It is the process by which criminals conceal the true origin and ownership of the proceeds of drug trafficking or other criminal activity. A common misconception in relation to Money Laundering is that it only relates to theft, drug or similar offences. It might also be: ØTax evasion ØFinancial fraud and deception ØTheft

To be guilty of money laundering a person must know or believe the property involved is or probably is the proceeds of criminal conduct or be reckless as to whether the property is the proceeds of criminal conduct. Terrorist Financing ØFunds intended to finance an act of terrorism. ØLinks between terrorist groups and organised criminal gangs. ØIncludes converting, transferring, handling, acquiring, possessing or using the property that is the proceeds of criminal conduct. There must be intention or knowledge in providing or collecting funds for the purposes of financing terrorism, in order for there to be an offence. 5

Stages of Money Laundering There are three stages in the money laundering process: üPlacement – this is the physical disposal of cash; üLayering – the creation of complex layers which make tracking transactions difficult; üIntegration – absorbing the money back into the economy as legitimate money. 6

Designated Persons Mortgage Intermediaries and intermediaries by virtue of their registration as Insurance Intermediaries who provide Life Assurance or other investment related services are deemed to be “Designated Persons”. Note: Intermediaries only operating in the General Insurance market do not fall under the CDD requirements. However they are expected to be mindful of other legislation that would apply such as Financial Sanctions and to have controls and procedures in place to detect and prevent financial crime, and as a result, to report suspicious transactions. Staff would need to be trained in this regard. (See Appendix 6 in Brokers Ireland AML Guidance notes for further information) 7

Designated Persons must have internal policies and procedures to reflect the requirements of the legislation in relation to the following areas: ØCustomer due diligence ØReporting ØRecord keeping ØInternal procedures & training (All staff including executive & non-executive directors are required to receive annual training in relation to AML & combating terrorist financing. ) 8

What does Customer Due Diligence mean? • Identify & verify the customer. • Identify & verify the beneficial owner (An individual who ultimately owns or controls the customer and/or on whose behalf a transaction or activity is conducted). • Establish purpose & intended nature of business relationship (a business, professional or commercial relationship between the designated person and the customer that the designated person expects to be ongoing). • Monitor customer dealings on an on-going basis.

Beneficial Owner • Company An Individual holding 25% or more of shares or voting rights. • Partnership An Individual holding 25% or more of profits or capital or voting rights, • Trusts An individual who is entitled to a vested interest in the trust property may be considered a beneficial owner. Additionally, settlors, trustees and protectors of a trust may now also be considered beneficial owners. The threshold of 25% ownership no longer applies. • Estate Executor.

Purpose & intended nature of the business relationship In most cases this will be self evident e. g. Ø Investing in a life policy Ø Opening bank account Ongoing monitoring Scrutinise transactions: Ø Source of wealth or funds Ø Consistent with knowledge of customer and the customer’s business and pattern of transactions

Customer Due Diligence Requirements Legislation allows designated persons to apply aspects of the customer due diligence requirements on a risk-sensitive basis depending on: a) The nature of the product being sold; b)The delivery mechanism or distribution channel used to sell the product; c) The profile of the customer; and d) The customer’s geographical location and source of funds.

Intermediaries are required to carry out Customer Due Diligence • Prior to establishing a business relationship with the customer. • Prior to carrying out for/with the customer any transaction which appears linked to another transaction or prior to assisting the customer in carrying out a single transaction if: (i) You do not have a business relationship with the customer; and (ii) The total amount of money paid by the customer in the single transaction or series of transactions is greater than € 10, 000.

Intermediaries are required to carry out Customer Due Diligence (contd. ) • Prior to carrying out any service for the customer, if you have reasonable grounds to believe that there is a real risk that the customer is involved in money laundering/terrorist financing(ML/TF). • If you have grounds to doubt the veracity of documents provided by the client. • At any time, including situations where the relevant circumstances of a customer have changed, where the risk of money laundering/terrorist financing warrants its application. • A client risk assessment form is recommended to be completed to assess the risk per transaction – See Appendix 3 BI Guidance notes

Three categories of Customer Due Diligence (CDD) • Simplified Customer Due Diligence applies where the customer or business area is considered to be low risk. • Enhanced Due Diligence now applies to high risk third countries, higher risk relationship/transactions and resident and non-resident ‘Politically Exposed Persons’ deemed to be high risk. • Standard Due Diligence must be applied to all remaining customers and products.

Simplified Customer Due Diligence • Designated persons will be allowed to carry out Simplified Customer Due Diligence where the customer or business area is considered to be low risk. • Simplified Customer Due Diligence can only be applied where a designated person has identified in its business risk assessment, an area of lower risk into which the relationship or transaction falls, and the relationship or transaction concerned can reasonably be considered to be low risk. • Please see Appendix 4 and Appendix 5 in BI AML Guidance notes for a list of factors suggesting potentially lower and higher risk.

Simplified Customer Due Diligence contd. • Where a firm has applied Simplified Customer Due Diligence, it is required to: § Retain record of the reasons for its determination and evidence upon which is was based; and § Carry out sufficient monitoring of the transactions and business relationships to enable the firm to detect unusual or suspicious transactions.

Simplified Customer Due Diligence contd. Examples of products which may fall into the simplified customer due diligence category are: • Protection policies with annual premium of less than € 1000 • Pension business (except ARF and AMRF) Note: Intermediaries must at all times take into account the type of customer, countries or geographical areas, transactions and delivery channels and document the rationale for categorising these products as lower risk for the purposes of applying CDD.

Enhanced Due Diligence (EDD) • High risk third countries § A designated person is required to apply enhanced customer due diligence measures when dealing with a customer established or residing in a high-risk third country. § There is an exemption that applies when the customer is a branch or majority-owned subsidiary of a designated person established in the European Union which complies with the group’s group-wide policies and procedures. These cases must be dealt with using a risk-based approach.

Enhanced Due Diligence • High risk third countries § At present there are 16 countries* that have been identified as 'high risk third countries’. These are listed in the table below: *Please note this list is continuously updated

Enhanced Due Diligence contd. • Relationship/transaction presents a higher risk § A designated person is required to apply enhanced customer due diligence measures where a business relationship or transaction presents a higher degree of risk. § This is to be applied where the relationship or transaction concerned can reasonably be considered, having regard to certain matters, to be high risk.

Enhanced Due Diligence contd. • Politically Exposed Persons (PEPs) § Enhanced Due diligence measures that previously applied only to PEPs resident outside of Ireland now also apply to PEPs resident in Ireland. “PEP” is an individual who has been entrusted with prominent public functions or an immediate family member or a known close associate of such a person. § Life Assurance Policies/PEPs Additional requirements are imposed regarding the identification of the beneficiaries of life assurance policies and other investment-related assurance policies

Enhanced Due Diligence contd. • Life Assurance Policies/PEPs Specific steps must be taken where the PEP is a beneficiary of a life assurance policy. If a designated person knows or has reasonable grounds to believe that a beneficiary of a life assurance or other investment-related assurance policy or a beneficial owner of the beneficiary concerned, is a politically exposed person, or an immediate family member or a close associate of a politically exposed person, it shall: a) inform senior management before pay-out of policy proceeds and b) conduct enhanced scrutiny of the business relationship with the policyholder

Enhanced Due Diligence contd. PEP Identification § Firms should put appropriate policies and procedures in place to determine: • If a customer or beneficiary is a PEP at on boarding; or • If a customer becomes a PEP during the course of the business relationship with the firm. • Firms should note that new and existing customers may not initially meet the definition of a PEP, but may subsequently become one during the course of a business relationship with the firm.

Enhanced Due Diligence contd. • Firms should undertake regular and on-going screening of their customer base and the customers’ beneficial owners (where relevant), to ensure that they have identified all PEPs. The frequency of PEP screening should be determined by firms commensurate with their business wide risk assessment. • Firms policies and procedures should address how any PEP relationship identified will be managed by the firm including: § Application of EDD § Obtaining Senior Management approval § Enhanced on-going monitoring

Standard Customer Due Diligence (SCDD) Applied on a risk based approach ØProfile of the customer ØNature of product or service ØDistribution channel ØGeographical area of operation

Standard Customer Due Diligence Factors which indicate lower risk Customer Risk Factors: a) public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership; b) public administrations or enterprises; c) Customers that are resident in geographical areas of lower risk as set out in subparagraph (3).

Standard Customer Due Diligence Factors which indicate lower risk Product, service, transaction or delivery channel risk factors: a) Life assurance policies for which the premium is low; b) Insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral; c) A pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme;

Standard Customer Due Diligence Factors which indicate lower risk Product, service, transaction or delivery channel risk factors contd: (d) financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes; (e) products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e. g. certain types of electronic money).

Standard Customer Due Diligence Factors which indicate lower risk Geographical risk factors: (a) EU Member States; (a) third countries having effective anti-money laundering (AML) or combating financing of terrorism (CFT) systems; (b) Third countries identified by credible sources as having a low level of corruption or other criminal activity;

Standard Customer Due Diligence Factors which indicate lower risk Geographical risk factors contd: (a) Third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to combat money laundering and terrorist financing consistent with the revised Financial Action Task Force (FATF) recommendations and effectively implement these requirements. ”.

Standard Customer Due Diligence Lower risk There are products due to their inherent features which are unlikely to be used as a vehicle for money laundering purposes. The following features would indicate low risk: • Only pays out on death or diagnosis of terminal illness of policy holder. • Only pays out on medical evidence and proof is required as to loss of income. • No surrender value. • Small, regular premiums: additional payments by customer not possible. • Large premiums will normally require medical evidence. • No investment element. • Once term of policy is finished no payout and policy ceases.

Standard Customer Due Diligence Generally, for protection products with annual premium of less than € 1000, due diligence requirements are satisfied by the Name, Address and Date of Birth information collected on the application form in conjunction with the fact that the payment is made from an account in the customer’s name (i. e. personal cheques and other payment instruments drawn on policy owner’s own account such as Direct Debits/Standing Orders) If payment is made by bank draft for the products above Brokers Ireland would recommend that the client is requested to request confirmation from the bank confirming where the money is coming from and request completion of the source of funds form. Appendix 7 BI Guidance

Standard Customer Due Diligence Medium Risk The medium risk level is given to products whose inherent features pose some risk for the purposes of money laundering or terrorist financing. These may be products which have a facility for “top up” payments. Examples: • Life assurance savings plan • With premium under € 5000 • Investment Bonds with premium under € 5000 • Post Retirement pension products: ARF & AMRFs

Standard Customer Due Diligence Medium Risk Due Diligence requirements: Name, address and date of birth collected on the application form in conjunction with the fact that the payment is made from an account in the policy owner’s name (i. e. personal cheques and other payment instruments drawn on policy owner’s account such as Direct Debits/Standing Orders) If payment is not by way of Direct Debit/personal cheque drawn on policy owners own account, complete source of funds form (Appendix 7 BI Guidance) Certified copies of identification and proof of address for policy owner and third party if applicable.

Standard Customer Due Diligence Factors which indicate higher risk Customer risk factors: (a) the business relationship is conducted in unusual circumstances; (b) customers that are resident in geographical areas of higher risk as set out in subparagraph (3); (c) non-resident customers; (d) legal persons or arrangements that are personal asset-holding vehicles;

Standard Customer Due Diligence Factors which indicate higher risk Customer risk factors contd: (e) companies that have nominee shareholders or shares in bearer form; (f) businesses that are cash intensive; (g) the ownership structure of the company appears unusual or excessively complex given the nature of the company’s business.

Standard Customer Due Diligence Factors which indicate higher risk Product, service, transaction or delivery channel risk factors: (a) Private banking; (b) Products or transactions that might favour anonymity; (c) Non-face-to-face business relationships or transactions; (d) Payment received from unknown or unassociated third parties; (e) New products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products.

Standard Customer Due Diligence Factors which indicate higher risk Geographical risk factors: (a) Countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective AML/CFT systems; (b) Countries identified by credible sources as having significant levels of corruption or other criminal activity; (c) Countries subject to sanctions, embargos or similar measures issued by organisations such as, for example, the European Union or the United Nations;

Standard Customer Due Diligence Factors which indicate higher risk Geographical risk factors contd: (d) Countries (or geographical areas) providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

Higher risk Standard Customer Due Diligence Ø These products have the facility for third party and/or “top up” payments and therefore an enhanced level of due diligence (by asking for more information) is appropriate. It is to this risk level that the majority of a designated person’s AML resource will normally be directed. Ø The majority of products in this range are found in the investment category which reflects the higher value premium that can be paid into them.

Standard Customer Due Diligence Higher risk Due Diligence Requirements: • Name, address and date of birth collected on the application form in conjunction with the fact that the payment is made from an account in the policy owner’s name (i. e. personal cheques and other payment instruments drawn on policy owner’s account such as Direct Debits/Standing Orders) • Certified copies of identification and proof of address for policy owner and third party if applicable. • Complete source of Wealth form (Appendix 8).

1. Personal customers: Identification of a personal customer is the process whereby a designated person obtains from a customer the information necessary for it to identify who the customer is. The identity of an individual has a number of aspects at any point in time, all of which must be obtained by the designated person: 1) name (which may change due to particular events); 2) address (which is likely to change from time to time); and 3) date of birth (which is a constant).

One plus One approach Obtain one item from the list of photographic IDs (to verify name and date of birth) and one item from the list of non-photographic IDs (to verify address) at the outset of the business relationship. Sources which can be used to verify identity are: • Current valid Passport. • Current valid driving licence. • Current valid National Identity Card. • In the absence of the above documents, written or otherwise documented, assurances from persons or organisations that have dealt with the customer for some time may suffice. • A designated person might consider it appropriate to adopt an alternative approach of identification such as seeking a social welfare card, National Immigration Bureau Card off an individual who has recently immigrated into the State.

Verify address • Current official documentation/cards issued by the Revenue Commissioners. • Current official documentation/cards issued by the Department of Social and Family Affairs. • Instrument of a court appointment (such as liquidator or grant of probate). • Current local authority document e. g. refuse collection bill. • Current statement of account from a credit or financial institution. • Current utility bills (including those printed from the internet). • Current household/motor insurance certificate and renewal notice

Legal persons and arrangements Directors or the equivalent, for example: Partnerships and unincorporated businesses, Clubs, Societies, Public Sector bodies. Identification can generally be satisfied by either: • obtaining a copy of the annual audited accounts listing directors (where the necessary information is publicly accessible and considered by the firm to be current and reliable); or • Obtaining relevant and up-to-date legal opinion from a reliable source documenting due diligence conducted, in relation to information on directors: Øobtaining information from relevant company or other registry such as the CRO or known foreign equivalent; or Øas warranted by the risk, verify one or more directors in line with requirements for personal customers.

Legal persons and arrangements contd. To identify the legal arrangement: • A search of the relevant company or other registry (where the necessary information is publicly accessible and considered by the firm to be current and reliable); or • A copy, as appropriate to the nature of the entity, of the certificate of incorporation; a certificate of good standing; a partnership agreement; a deed of trust or other official documentation proving the name, form and current existence of the customer. • In cases regarded by the firm as higher risk, use of more than one source of information may be warranted.

Legal persons and arrangements contd. 2. Acquire prescribed information at the outset of the business relationship to satisfy the additional information requirements: a) Source of funds for the transaction e. g. an Irish bank account in own name. b) Employment and salary details - this information could be captured in the Factfind. c) Source of wealth (e. g. inheritance, divorce settlement, property sale). This information should be captured on the source of wealth form.

Business Risk Assessment • The firm must undertake and document a comprehensive business risk assessment of the business, it should demonstrate that all potential Money Laundering/Terrorist Financing risks pertinent to their business have been fully considered and challenged such as : üThe nature of the products being sold in the firm üThe delivery mechanism or distribution channel used to sell the product üThe profile of the customer üThe customer’s geographical location and source of funds • The outcome of the business risk assessment should inform the firm’s risk -based approach and the design of AML/CTF controls.

Business Risk Assessment contd. • The business risk assessment must be documented and must be available to the relevant competent authority upon request. • The business risk assessment must be reviewed and managed at regular, predefined intervals and it must be approved by senior management.

Business Risk Assessment contd. • How the risk assessment affects customer due diligence • In deciding the level of Customer Due Diligence (CDD) to be applied, intermediaries, when undertaking a transaction/entering a business relationship, must consider a number of factors, including: Ø the relevant business risk assessment, Ø the purpose of an account/relationship, Ø the level of assets deposited/the size of the transaction and Ø the regularity of transactions/duration of the business relationship See BI Guidance notes for template Business Risk Assessment – Appendix 2

Ongoing Monitoring • Monitoring means the scrutinising of transactions, and the source of wealth or of funds for those transactions, undertaken during the relationship in order to determine if the transactions are consistent with the designated person’s knowledge of: (a)the customer, (b)the customer’s business and pattern of transactions, and (c)the customer’s risk profile (as determined under section 30 B), and ensuring that documents, data and information on customers are kept up to date in accordance with its internal policies, controls and procedures

Ongoing Monitoring contd. • Designated persons should undertake monitoring on an ongoing basis for patterns of unusual or suspicious activity to ensure that higher risk activity is scrutinised. • “Complex or unusually large” transactions, or “unusual patterns of transactions” must be investigated in greater detail and monitoring increased if they appear suspicious.

Ongoing Monitoring contd. • Employees should be adequately trained to identify such unusual business and report to the designated person’s Money Laundering Reporting Officer (MLRO) (insert firms MLRO name). • For example, employee training should cover encashment fraud attempts with the recent increase in encashment requests being made from client emails to transfer funds to a particular account, where it transpired the client had no knowledge of the encashment request. • Where an encashment request is received, it is recommended to take additional measures to ensure the request is genuine, for example: üPhone the client to confirm the details/instruction üCross reference proof of ID and residency with existing proof of identity and residency on file

Distribution Risk – may alter risk “Face to Face” contact with no facility to take copies of ID • Where the interaction with the customer is on a face to face basis, you should have sight of the original document(s) and appropriate details should be recorded. Where you visit the customer at his/her home address, you should make a detailed record of the visit. This would include, for example, taking details of passport or driving license numbers. • Brokers Ireland recommends that in such scenarios, you request the customer to forward you a copy of the relevant ID and cross reference it with the details which were recorded at the point of sale.

Distribution Risk – may alter risk contd. “Non face-to-face” • The extent of the Customer Due Diligence in respect of non face-to-face customers will depend on the type of the product or service requested and the assessed money laundering risk presented by the customer. • Where the customer is not physically present (e. g. by post, telephone or over the internet) for identification purposes additional measures should be undertaken to establish the customer’s identity.

Distribution Risk – may alter risk contd. Examples: • Telephone the customer on a home or business number which has been verified (electronically or otherwise). • Communicate at a verified address with account opening docs for example, which might have to be returned or acknowledged. • First payment by the customer through a bank in the State or other EU Member State or certain specified acceptable countries. • Internet sign on with details sent by mail to a verified address.

Failure to establish a customer and/or beneficial owner’s identity Where an intermediary can not establish the identity of a customer and/or beneficial owner, as a result of the failure of the customer to provide the designated person with documents of information required, then an intermediary must: ü Not provide a service to the customer, and ü If an existing customer, must discontinue relationship with the customer.

International Financial Sanctions • It is necessary for firms to monitor their customers and transactions against both the Europe Union(EU) and United Nations(UN) Sanctions Committee lists relating to terrorism. • Financial Sanctions lists that relate to terrorism should be monitored to assist in preventing terrorist financing from occurring, including, but not limited to the following: • EU Financial Sanctions list • UN Sanctions Committees list

Procedures and Policies • Firms must adopt internal policies, controls and procedures in relation to their business to prevent and detect the commission of money laundering and terrorist financing. These requirements also apply to persons to whom AML obligations have been outsourced. • The internal policies, controls and procedures are to include: (a) identification, assessment, mitigation and management of risk factors relating to money laundering/terror financing (b) customer due diligence measures (c) monitoring transactions and business relationships

Procedures and Policies contd. (d) the identification and scrutiny of complex/large transactions, unusual patterns of transactions and any other activity that the designated person has reasonable grounds to regard as particularly likely to be related to money laundering/terrorist financing (e) measures to be taken to prevent the use for money laundering or terrorist financing of transactions or products that could favour or facilitate anonymity, (f) measures to be taken to prevent the risk of money laundering or terrorist financing which may arise from technological developments, (g) reporting (including the reporting of suspicious transactions),

Procedures and Policies contd. (h) record keeping, (i)measures to be taken to keep documents and information relating to the customers of that designated person up to date, (j) measures to be taken to keep documents and information relating to risk assessments by that designated person up to date, (k) internal systems and controls to identify emerging risks and keep business-wide risk assessments up to date, and (l)monitoring and managing compliance with, and the internal communication of, these policies, controls and procedures.

Procedures and Policies contd. • Policies, controls and procedures must be approved by senior management and should be kept under review in particular when there are changes to the business profile or risk profile of the firm. • Firms must ensure that they have clearly defined process in place for the formal review at least annually of the policies and procedures within the firm. • These policies, controls and procedures are to have regard to any guidelines issued by the competent authority.

Procedures and Policies contd. • Firms must ensure that persons involved in the conduct of the business (this includes directors, other officers and employees) receive instruction and training in respect of the law and on how to identify transactions or other activity that may relate to money laundering or terrorist financing (suspicious transactions) and how to proceed once identified. • Firms should ensure that the policies and procedures are readily available to all staff and are implemented and adhered to by all staff.

Procedures and Policies contd. • This slide(s) should be personalised to outline the firms procedures and policies

Management Responsibilities The Central Bank recommends that the topic of AML/CTF is a recurring agenda item at board/senior management/ownership level meetings. The firm must ensure that AML/CFT/FS issues and decision making in relation to AML/CFT/FS is evidenced in the firm’s board/management meeting minutes. A copy of these board meeting minutes should be kept on file. For Sole traders, record should be kept of issues and decisions made.

Record Keeping • AML/CTF documents and other records relating to clients shall be kept for a period of not less than five years*. • Record keeping is an essential part of the evidence trail and sufficient processes must be put in place to ensure that records are adequately kept. *You should note however that the Consumer Protection Code requires records to be kept for 6 years from date of last transaction with client.

Record Keeping contd. • Customer information collected to comply with the requirements of Legislation; and • Information regarding transactions undertaken by customers. Possible formats in which records can be retained include one or more of the following: • Original documents • Photocopies of original documents • On microfiche • In scanned form • In computerised or electronic form

Record Keeping contd. Outline the firms internal procedures in respect of record keeping here. .

Requests from An Garda Síochána for client information/records • For the purposes of providing information to the Garda Síochána this must be requested in writing be a member of the force not below the rank of Sergeant (who may give a direction, which must also be in writing, to retain the documents/other related records for a period up to a maximum of five years.

Staff Training • Intermediaries must ensure that all staff receive on-going training in relation to their AML and combating of terrorist financing obligations. • Intermediaries should provide appropriate training which is tailored to the nature, scale and complexity of the firm and which is proportionate to the level of AML/CTF risk faced by the firm. • Firms should provide AML/CTF training which is specific to the role carried out by the member of staff. • Firms should provide an enhanced AML/CTF training tailored to the specific needs of staff who perform key AML/CTF and FS roles within the firm e. g. the firms MLRO or senior management responsible for AML/CTF oversight.

Staff Training contd. • Training should be consistent with firms policies & procedures and should consider the outcome of the firm’s business risk assessment. • Failure by the employer to provide training is an offence under the requirements. • A formal training schedule should be developed and maintained to ensure all relevant staff are adequately trained at least annually. Firms should ensure that training is provided to new recruits upon joining the firm in a timely manner. • Adequate records in relation to staff training should be retained for all internal & external courses attended for a period of 5 years

Reporting • Requirement to have a documented internal reporting process for staff to report a suspicious transaction - it should provide guidance on how to complete and submit such reports. • There should be documented timelines set by the brokerage in relation to the filing of the Suspicious Transaction Reports (STR). Firms are required to file an STR ‘as soon as practicable’. • Staff reports must be made to the Money Laundering Reporting Officer (MLRO) when the staff member knows, suspects or has reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted

Reporting contd. • Staff reports should include appropriate details of the customer who is the subject of concern and a statement containing as much of the information, giving rise to the knowledge or suspicion, as possible. • All reports submitted via the internal reporting process should be recorded. • The MLRO will then decide whether to make the firm’s report to the FIU via the go. AML system and the Revenue Commissioners. Sufficient information should be retained in order to record the reported suspicion, and support the firms determination of whether to discount the suspicion or to proceed and file the STR with authorities

Reporting contd. * Presenter should provide practical examples of situations which staff might encounter which would warrant a report. • Firms should have written policies and procedures in relation to reporting suspicions that may arise as a result of a failure on the part of the customer to provide the required or updated CDD documentation/information.

Reporting contd. If the MLRO decides an external report needs to be made to the FIU via the go. AML system and the Revenue Commissioners. The following information should be contained in the report: a) The information on which the designated person’s knowledge, suspicion or reasonable grounds are based; b) The identity of the suspected person; c) The whereabouts of the property that is the subject of the money laundering or the funds that are the subject of the terrorist financing; d) Any other relevant information.

Reporting contd. • Firms should ensure that they are registered with go. AML as STRs cannot be submitted via go AML unless the firm has previously registered. • The Revenue Commissioner will accept a printed copy of the STR submitted on go. AML which should be posted to the relevant revenue commissioners address.

Reporting contd. • A designated person may be directed in writing by a member of the Gardaí, not below the rank superintendent, not to carry out a specified service or transaction for a period not exceeding seven days. • A District Court judge may order a designated person not to carry out a specified service or transaction for a period not exceeding 28 days.

Reporting contd. • A designated person may only proceed with a suspicious transaction or service prior to the sending of the report to the FIU and the Revenue Commissioners where: ü it is not practicable to delay or stop the transaction/service from proceeding; or üthe designated person is of the opinion that failure to proceed with the transaction or service may result in the other person suspecting that a report may be made or that an investigation may be commenced or is in the course of being commenced.

Reporting contd. • You must not disclose to the customer concerned or other third persons that a report has been made to the FIU in relation to suspicions of money laundering or terrorist financing. • Designated persons, employees and directors are legally prohibited from tipping off. • Designated persons, employees and director are legally indemnified, in respect of any report made to FIU or Revenue Commissioners in good faith, in relation to a suspicion of money laundering of terrorist financing.

Role of Money Laundering Reporting Officer (MLRO) • Holds a pre-approval controlled function (PCF) in the context of the Central Bank Reform Act 2010 • Has a significant degree of responsibility and should be familiar with relevant aspects of the Act and these guidelines. • He/she is required to determine whether the information or other matters contained in the suspicious transaction he/she has received, via any internal reporting procedure, merit the making of a report to the FIU (Fraud Investigation Unit) and the Revenue Commissioners.

Role of Money Laundering Reporting Officer (MLRO) contd. • Maintenance of a log of any suspicious transactions, including details where it was decided not to make a report to FIU & Revenue Commissioners. The reasons for not doing so should be recorded.

Powers of the Central Bank of Ireland • The Central Bank of Ireland is deemed to be the competent authority responsible for monitoring compliance of designated persons with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018. • The Central Bank has the power under the Administrative Sanctions Regime to sanction for failure to comply with the necessary obligations.

Powers of the Central Bank of Ireland contd. October 2016 - Settlement with Ulster Bank Ireland DAC The Central Bank identified significant failings in Ulster Bank Ireland’s AML/CTF framework and procedures in respect of: • governance and control of AML/CTF outsourcing • assessment of AML/CTF risk specific to its business and the relevant mitigating systems and controls • identification and verification of existing customers (CDD) who predated the Irish AML/CTF laws effected in May 1995 (pre-95 customers) The Central Bank also identified areas of non-compliance in respect of trade finance procedure manuals, adherence to internal procedures, AML/CTF training of non-executive directors and reliance on third parties in respect of CDD

Powers of the Central Bank of Ireland contd. April 2017 - Settlement with Allied Irish Bank The Central Bank identified 6 breach's of the CJA 2010 as a result of significant failings in Bank of Ireland’s AML/CTF framework controls, policies and procedures in respect of: The breaches occurred after the enactment of the CJA 2010 in July 2010 and persisted on average for over three years. They included AIB’s failure to: Ø Report suspicious transactions without delay to An Garda Síochána and the Revenue Commissioners. Ø Conduct customer due diligence (‘CDD’) on existing customers who had accounts prior to May 1995 (‘Pre-95 customers’)

Powers of the Central Bank of Ireland contd. Ø The Central Bank also identified breaches in respect of AIB’s AML/CFT policies and procedures in a number of areas, including the above, and its trade finance business.

Powers of the Central Bank of Ireland contd. May 2017 - Settlement with Bank of Ireland The Central Bank identified significant failings in Bank of Ireland’s AML/CTF framework controls, policies and procedures in respect of: • Risk assessment: assessment of money laundering/terrorist financing (‘ML/TF’) risks specific to its business and the relevant mitigating systems and controls. • Suspicious transaction reports: reporting of six suspicious transactions to An Garda Síochána and the Revenue Commissioners without delay.

Powers of the Central Bank of Ireland contd. May 2017 - Settlement with Bank of Ireland contd. • Correspondent banking: conduct of enhanced customer due diligence (‘CDD’) on one correspondent bank situated outside of the EU. • The Central Bank also identified areas of non-compliance with the CJA 2010 in relation to BOI’s trade finance business, CDD measures and its reliance on third parties to conduct CDD.

Feedback from Central Bank AML/CTF inspections From the sample testing undertaken by the Central Bank of both new and existing customers, a number of issues were identified, including: - Photo ID and/or address verification documents were not always available on the customer file. Ø For corporate customers, no constitutional documentation and/or other information (e. g. audited accounts, information from Companies Registration Office, etc. ) were obtained for some of the customer files reviewed. Ø Documented evidence to demonstrate that on-going monitoring takes place was not always maintained.

Feedback from Central Bank AML/CTF inspections contd. The Central Bank expects that: Ø All required identification and verification is obtained and retained. Where Standard or Enhanced CDD is carried out, sufficient detail must be evidenced on the customer file. Ø Records are maintained of the on-going monitoring conducted, including the type of and frequency of the monitoring undertaken.

Feedback from Central Bank AML/CTF inspections contd. A number of issues were identified in relation to training, including: Ø Insufficient evidence that all staff, including those in key roles relating to AML/CTF, had received appropriate training. Ø Training records were not always maintained to demonstrate who had received the training, when the training took place and the nature of the training received. Ø In some of the larger retail intermediaries, staff members were provided with generic, high level AML/CTF training, but limited or no specific training related to the AML/CTF procedures and processes relating to the firm’s specific operations.

Feedback from Central Bank AML/CTF inspections contd. In assessing the policies and procedures in place, the Central Bank identified a number of issues, including: Ø Policies and procedures that are not aligned to, and reflective of, the Money Laundering/Terrorist Financing risk assessment of the retail intermediary’s specific product/service offering and its operations. Ø Policies and procedures were not always adhered to in practice. Ø Policies and procedures did not provide sufficient detail in relation to suspicious transaction reporting e. g. no timelines set in relation to the filing of suspicious transaction reports and insufficient information provided on what might be deemed a suspicious transaction.

Feedback from Central Bank AML/CTF inspections contd. • The Central Bank also expects that retail intermediaries undertake and document a Money Laundering/Terrorist Financing business risk assessment of their business, to include all risk categories e. g. distribution channel, customer type, etc. • Such an assessment should be updated regularly and reflect any changes in products or services offered e. g. new offerings with increased risk may require Standard or Enhanced Customer Due Diligence to be carried out. See template business risk assessment in Brokers Ireland AML/CTF Guidance notes

Reference material • Additional information available on Central Bank website: https: //www. centralbank. ie/regulation/anti-money-laundering-and-counteringthe-financing-of-terrorism • Please see Brokers Ireland guidance notes and templates on the Brokers Ireland website