AML Obligations for Solicitors and Legal Professionals in Ireland

Solicitors, along with financial institutions and other professionals are arguably the first line of defence for the financial system, acting as gatekeepers in the prevention of money laundering and countering of terrorist financing.  In this post, we break down the key obligations for Solicitors in Ireland that stem from the comprehensive Irish anti-money laundering regime.

Glossary

• ML/TF - Money Laundering/Terrorist Financing. The substantive offences of money laundering and terrorist financing. Anti-Money Laundering obligations are designed to prevent money laundering and terrorist financing. 
• AML/CFT - Anti-Money Laundering/Countering the Financing of Terrorism. Statutory processes must be applied by banks and other sectors, including solicitors, to prevent the use of certain services that are vulnerable to money laundering and terrorist financing. 
• Customer - The 2010 Act as amended uses the term ‘customer’. For solicitors, this means clients to whom they provide AML- regulated legal services.
• AML- Regulated Legal Services - AML obligations only arise where a solicitor participates in certain types of legal work. This work is defined as a solicitor who carries out any of the following services: 
  • The provision of assistance in the planning or execution of transactions for clients concerning any of the following: 
    • buying or selling land or business entities;
    • managing the money, securities, or other assets of clients;
    • opening or managing bank, savings, or securities accounts;
    • organising contributions necessary for the creation, operation, or management of companies;
    • creating, operating, or managing trusts, companies, or similar structures or arrangements;
  • Acting for or on behalf of clients in financial transactions or transactions relating to land; 

Accordingly, legal activities falling outside these categories are exempt from AML customer due diligence. Irrespective of whether an AML-regulated legal service is being provided, a solicitor must always remain alert to the risk of unwittingly committing the substantive offence of money laundering or terrorist financing.

What is Anti-Money Laundering (AML)?

Anti-money laundering (AML) refers to the activities designated persons perform to actively monitor, detect and report in response to the threat of financial crime and terrorist financing. 

For many firms, the level of risk exposure is relatively low due to the nature of their clients and the services delivered. A risk-based approach is therefore accepted as a best-practice approach to applying appropriate due diligence on a per-client basis.  

The optimal outcome is to apply proportionate measures, which result in effective countermeasures and achieve full compliance while imposing the least administrative burden on clients and staff.  

The Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 places obligations on designated persons to guard against their businesses being used for money laundering or terrorist financing purposes.  Section 25 of the Act defines the term designated person as any person working in Ireland delivering defined services.  

If you are in doubt if your firm or the services you provide fall within the definitions set out within the act, we recommend that you seek guidance from The Law Society or a legal advisor. 

If you want more of an AML overview, read our blog Anti-Money Laundering Guidance in Ireland.

What are my Obligations as a Legal Professional?

Firms are required to manage and monitor their own compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 when ascertaining their statutory obligations.  The 10 key areas requiring action are summarised as follows:

• Awareness: You will need to develop an overall awareness of money laundering and terrorist financing and understand how it can manifest within the context of your firm and your clients. Relevant staff should be made aware of their statutory obligations and that they may be personally liable for failure to report information in accordance with internal procedures.
• MLRO/ Compliance Officer: A Money Laundering Reporting Officer (MLRO) or another nominated person must be appointed who will maintain your policies, controls, and procedures and will have oversight of AML procedures within your firm. A partner should be appointed to have overall responsibility for the establishment and maintenance of effective AML systems and controls. It may be appropriate for the same person to fulfill both roles. 
• Business Risk Assessment: You will need to undertake a business risk assessment (BRA) to identify specific AML risks for your firm and implement mitigating actions. This assessment must be approved by senior management and reviewed periodically.
• Policies, Controls, and Procedures: Establish appropriate AML policies, controls, and procedures.  These should be tailored to your firm taking into account the output of your business risk assessment. The policies, controls, and procedures need to include the following topics and must be approved by senior management: 
  • Training and awareness
  • Risk assessment
  • Customer Due Diligence and ongoing monitoring 
  • Record keeping and refresh cycles 
  • Internal controls and compliance
  • Reporting and Communication 
• Staff Training: Ensure that all staff are appropriately aware of their obligations and trained to apply the AML policies, controls, and procedures as adopted by your firm. Staff are provided with ongoing training on identifying a transaction or other activity that may be related to ML/TF and on how to proceed once such a transaction or activity is identified.
• Customer Due Diligence (CDD): CDD measures must be applied at the initial client onboard, or at any time where the relevant circumstances of a customer have changed; or where the risk of money laundering and terrorist financing warrants their application; or when you are obliged by law to contact a customer for the purposes of reviewing any relevant information relating to the beneficial owner connected with a customer.  The objective is to know who your clients are and to ensure you do not accept clients unknowingly who are outside of your normal risk tolerance. The key elements of CDD procedures will include:
  • A Client Risk Assessment to identify the risk to your firm of taking on a client. The assessment will help to determine if the client fits within the risk tolerance of the firm and will assert an appropriate level of due diligence. Bear in mind that a client risk assessment remains active for the duration of the client relationship – by this, we mean that the behaviour or actions of a client could impact their risk profile (for example, a last-minute change of source of funds could be circumstantial or could be suspicious). Politically Exposed Person (PEP) and sanctions screening can be undertaken as part of the risk assessment process.
  • As part of your CDD process, you will need to identify and verify the parties associated with your client. For corporates, this requires identifying and verifying the corporate or legal entity and the parties that own and control the entity. New obligations require that you verify the beneficial owners against the Central Register of Beneficial Owners (RBO) prior to establishing a client relationship. Where a firm identifies a discrepancy or inconsistency between its own records and those maintained by the Central Register, it must notify the relevant Registrar. 
  • The level of due diligence applied (simplified, standard, or enhanced) will determine the extent of verification required, the degree of ongoing monitoring, and senior management approval.  An enhanced level of due diligence must be performed on PEPs (as well as certain immediate family members) or when dealing with a client established or residing in a high-risk country.
  • The Law Society recommends that solicitors complete a new BRA for each new instruction. It is good practice to refresh the CDD if there has been a gap of over three years between instructions or if you become aware of any changes to your due diligence on your client, for example, a change of name, address, or business.
• Reporting: A report must be made where there is knowledge or suspicion of money laundering or terrorist financing. You need to provide staff with the ability to raise an internal report. Where appropriate, the MLRO/Compliance Officer will report suspicious transactions to An Garda Síochána (the Financial Intelligence Unit) via the GoAML portal and to the Office of the Revenue Commissioners. A user guide to GoAML is available here: GoAML User Guide. Firms and staff must be aware that it is an offence to disclose that a Report has been made, or is required to be made, in a way that is likely to prejudice any subsequent investigation.
• Review: Periodic reviews of the overall AML framework are needed to determine and achieve effectiveness.   This can be an arduous task as it covers a broad spectrum including:
  • Reviewing the Firm’s Business Risk Assessment and the effectiveness of the adopted policies, controls, and procedures within a changing legislative landscape.
  • Staff training, training records, and the awareness of changes in regulations and procedures in order to remain effective.
  • Client profiles need to be monitored with a risk-based approach as they may change over the life of a client relationship.  This can include external factors such as PEPs and sanction screening.
• Records: Firms must be able to demonstrate how they assess and mitigate risk. Customer Due Diligence records must be kept for 5 years after the client relationship ends. Training and risk assessment records must be kept for 5 years. All records must be secure and kept in accordance with data protection legislation.
• Sanctions: All natural and legal persons must comply with financial sanctions. This requires monitoring the EU and UN lists and taking appropriate action. Once a person or entity has been sanctioned, there is a legal obligation not to transfer funds or make funds or economic resources available, directly or indirectly, to that person or entity. Further information on financial sanctions, including access to the consolidated sanction lists, is available here.

Compliance Through Convenience

Although the AML obligations on firms are significant, there are technology options available that allow you to be effective, compliant and potentially improve your client’s onboarding experience. The adoption of technology does not necessarily mean taking on a large or expensive project.

For example, within AML HQ we have developed a one-stop AML portal that helps your team to achieve compliance through convenience. Our portal provides smart processes to help your team efficiently onboard clients with a risk-based approach that automatically creates the records and reports to demonstrate due process and compliance. Our service includes:

• A set of policies, controls, and procedures that you can use out of the box, or further tailor to suit your firm.
• Digital risk assessments to easily complete business and client risk assessments so that you can apply appropriate due diligence.
• Client onboarding tools that allow you to identify and verify corporate and private clients and meet your CDD obligations.
• Access to instant reports that provide audit-ready extracts and compliance gap analysis.

A key benefit of using AML HQ is that all AML records are stored in a secure GDPR complaint central location. This allows you to run our unique Compliance Assessment report that will instantly identify compliance gaps so that you are always informed and audit ready.

Subscription to our service costs €45 per month for firms that have up to 100 customers.  Why not try out AML HQ on a free 14-day trial?