Accountants, along with financial institutions and other professionals are arguably the first line of defence for the financial system, acting as gatekeepers in the prevention of money laundering and the countering of terrorist financing. Within this post, we break down the key obligations for Accountants in Ireland that stem from the comprehensive Irish anti-money laundering regime.
What is Anti-Money Laundering (AML)?
Anti-money laundering (AML) refers to the activities designated persons perform to actively monitor, detect and report in response to the threat of financial crime and terrorist financing.
For many firms, the level of risk exposure is relatively low due to the nature of their clients and the services delivered. A risk-based approach is therefore accepted as a best-practice approach to applying appropriate due diligence on a per-client basis.
The optimal outcome is to apply proportionate measures, which result in effective countermeasures and achieve full compliance while imposing the least administrative burden on clients and staff.
The Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 places obligations on designated persons to guard against their businesses being used for money laundering or terrorist financing purposes. Section 25 of the Act defines the term designated person as any person working in Ireland delivering defined services. Within the context of the accountancy sector, this includes but is not limited to:
- Tax advisers or any other person whose principal business or professional activity is to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters
If you are in doubt if your firm or the services you provide fall within the definitions set out within the act, we recommend that you seek guidance from your governing body or legal advisor.
If you want more of an AML overview, read our blog Anti-Money Laundering Guidance in Ireland.
What are my Obligations as an Accountant?
- Firms are required to manage and monitor their own compliance and must always refer directly to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 when ascertaining their statutory obligations. The 10 key areas requiring action are summarised as follows:
- Awareness: You will need to develop an overall awareness of money laundering and terrorist financing and understand how it can manifest within the context of your firm and your clients. Relevant staff should be made aware of their statutory obligations and that they may be personally liable for failure to report information in accordance with internal procedures.
- MLRO/ Compliance Officer: A Money Laundering Reporting Officer (MLRO) or another nominated person must be appointed who will maintain your policies, controls, and procedures and will have oversight of AML procedures within your firm.
- Business Risk Assessment: You will need to undertake a business risk assessment to identify specific AML risks for your firm and implement mitigating actions. This assessment must be approved by senior management and reviewed periodically.
- Policies, Controls, and Procedures: Establish appropriate AML policies, controls, and procedures. These should be tailored to your firm considering the output of your business risk assessment. The policies, controls, and procedures need to include the following topics and must be approved by senior management:
- Training and Awareness
- Risk Assessment
- Customer Due Diligence and ongoing monitoring
- Record keeping and refresh cycles
- Internal controls and compliance
- Reporting and Communication
- Staff Training: Ensure that all staff are appropriately aware of their obligations and trained to apply the AML policies, controls, and procedures as adopted by your firm. Ensure staff are provided with ongoing training on identifying a transaction or other activity that may be related to ML/TF and on how to proceed once such a transaction or activity is identified.
- Client Due Diligence (CDD): CDD measures must be applied at initial client onboarding or at any time when the relevant circumstances of a customer have changed; or where the risk of money laundering and terrorist financing warrants their application; or when you are obliged by law to contact a customer for the purposes of reviewing any relevant information relating to the beneficial owner connected with a customer, including where obliged to do so to seek information for tax purposes. The objective is to know who your clients are and to ensure you do not accept clients unknowingly who are outside of your normal risk tolerance. The key elements of CDD procedures will include:
- A Client Risk Assessment to identify the risk to your firm of taking on a client. The assessment will help to determine if the client fits within the risk tolerance of the firm and will require an appropriate level of due diligence. Bear in mind that a client risk assessment remains active for the duration of the client relationship – by this, we mean that the behaviour or actions of a client could impact their risk profile (for example, a last-minute change of source of funds could be circumstantial or could be suspicious). Politically Exposed Person (PEP) and sanctions screening may be undertaken as part of the risk assessment process.
- As part of your CDD process, you will need to identify and verify the parties associated with your client. For corporates, this requires identifying and verifying the corporate or legal entity and the parties that own and control the entity. New obligations require that you verify the beneficial owners against the Central Register of Beneficial Owners (RBO) prior to establishing a client relationship. Where a firm identifies a discrepancy or inconsistency between its own records and those maintained by the Central Register, it must notify the relevant Registrar.
- The level of due diligence applied (simplified, standard, or enhanced) will determine the extent of verification required, the degree of ongoing monitoring, and senior management approval. An enhanced level of due diligence must be performed on PEPs (as well as certain immediate family members) or when dealing with a client established or residing in a high-risk country.
- Reporting: A Suspicious Transaction Report (STR) must be made where there is knowledge or suspicion of money laundering or terrorist financing. You need to provide staff with the ability to raise an internal STR. Where appropriate, the MLRO/Compliance Officer will report suspicious transactions to An Garda Síochána (the Financial Intelligence Unit) via the GoAML portal and to the Office of the Revenue Commissioners. A user guide to GoAML is available here: GoAML User Guide. Firms and staff must be aware that it is an offence to disclose that a STR has been made, or is required to be made, in a way that is likely to prejudice any subsequent investigation.
- Review: Periodic reviews of the overall AML framework are needed to determine and achieve effectiveness. This can be an arduous task as it covers a broad spectrum including:
- Reviewing the Firm’s Business Risk Assessment and the effectiveness of the adopted policies, controls and procedures within a changing legislative landscape.
- Staff training, training records and the awareness of changes in regulations and procedures in order to remain effective.
- Client profiles need to be monitored with a risk-based approach as they may change over the life of a client relationship. This can include external factors such as PEPs and sanction screening.
- Records: Firms must be able to demonstrate how they assess and mitigate risk. Customer Due Diligence records must be kept for 5 years after the client relationship ends, or in the case of a transaction, after the transaction is complete. Training and risk assessment records must be kept for 5 years. All records must be secure and kept in accordance with data protection legislation.
- Sanctions: All natural and legal persons must comply with financial sanctions. This requires monitoring the EU and UN lists and taking appropriate action. Once a person or entity has been sanctioned, there is a legal obligation not to transfer funds or make funds or economic resources available, directly or indirectly, to that person or entity. Further information on financial sanctions, including access to the consolidated sanction lists, is available here.
Compliance Through Convenience
Although the AML obligations on firms are significant, there are technology options available that allow you to be effective, and compliant and potentially improve your client’s onboarding experience. The adoption of technology does not necessarily mean taking on a large or expensive project.
For example, within AML HQ we have developed a one-stop AML portal that helps your team to achieve compliance through convenience. Our portal provides smart processes to help your team efficiently onboard clients with a risk-based approach that automatically creates the records and reports to demonstrate due process and compliance. Our service includes:
- A set of policies, controls, and procedures that you can use out of the box, or further tailor to suit your firm.
- Digital risk assessments to easily complete firm and client risk assessments so that you can apply appropriate due diligence.
- Client onboarding tools that allow you to identify and verify corporate and private clients and meet your CDD obligations.
- Access to instant reports that provide audit-ready extracts and compliance gap analysis.
A key benefit of using AML HQ is that all AML records are stored in a secure GDPR-compliant central location. This allows you to run a unique Compliance Assessment report that will instantly identify compliance gaps so that you are always informed and audit ready.
Subscription to our service costs €45 per month for firms that have up to 100 customers. Why not try out AML HQ on a free 14-day trial?