AML Policies & Procedures
Policies & Procedures
A designated business shall adopt policies and procedures in relation to the designated business’s business to prevent and detect money laundering and terrorist financing.
A designated business shall ensure that policies, controls and procedures adopted in accordance are approved by senior management and shall keep such policies, controls and procedures under review, in particular when there are changes to the business profile or risk profile of the designated business.
In preparing internal policies, controls and procedures under this section, the designated business shall have regard to any guidelines on preparing, implementing and reviewing such policies and procedures that are issued by the regulator for that designated business.
The obligations that are imposed on a designated business continue to apply to a person who has been a designated business but has ceased to carry on business as a designated business. The requirement for a designated business that is a body corporate to retain any record extends to any body corporate that is a successor to, or a continuation of, the body corporate.
A designated business that fails to comply with the below obligations commits an offence and is liable—
- on summary conviction, to a fine not exceeding €5,000 or imprisonment for a term not exceeding 12 months (or both), or
- on conviction on indictment, to a fine or imprisonment for a term not exceeding 5 years (or both).
Scope
A designated business shall adopt policies and procedures to be followed by persons involved in the conduct of the designated business’s business that specifies the designated business’s obligations including—
- the assessment and management of risks of money laundering or terrorist financing, and
- internal controls, including internal reporting procedures
The policies and procedures include policies and procedures dealing with—
- the identification and scrutiny of complex or large transactions, unusual patterns of transactions that have no apparent economic or visible lawful purpose and any other activity that the designated business has reasonable grounds to regard as particularly likely, by its nature, to be related to money laundering or terrorist financing, and
- measures to be taken to prevent the use for money laundering or terrorist financing of transactions or products that could favour or facilitate anonymity.
The designated business shall also adopt policies and procedures in relation to the monitoring and management of compliance with and the internal communication of, the policies and procedures. In preparing policies and procedures, the designated business shall have regard to any relevant guidelines applying in relation to the designated business that has been approved.
Coverage
The internal policies, controls and procedures shall include policies, controls and procedures dealing with—
- the identification, assessment, mitigation and management of risk factors relating to money laundering or terrorist financing,
- customer due diligence measures,
- monitoring transactions and business relationships,
- the identification and scrutiny of complex or large transactions, unusual patterns of transactions that have no apparent economic or visible lawful purpose and any other activity that the designated business has reasonable grounds to regard as particularly likely, by its nature, to be related to money laundering or terrorist financing,
- measures to be taken to prevent the use for money laundering or terrorist financing of transactions or products that could favour or facilitate anonymity,
- measures to be taken to prevent the risk of money laundering or terrorist financing which may arise from technological developments, including the use of new products and new practices and the manner in which services relating to such developments are delivered,
- reporting (including the reporting of suspicious transactions),
- record-keeping,
- measures to be taken to keep documents and information relating to the customers of that designated business up to date,
- measures to be taken to keep documents and information relating to risk assessments by that designated business up to date,
- internal systems and controls to identify emerging risks and keep business-wide risk assessments up to date, and
- monitoring and managing compliance with and the internal communication of these policies, controls and procedures.
Instruction of Staff & Others
A designated business must ensure that persons involved in the conduct of the designated business’s business are
- instructed on the law relating to money laundering and terrorist financing, and
- provided with ongoing training on identifying a transaction or other activity that may be related to money laundering or terrorist financing and on how to proceed once such a transaction or activity is identified.
A designated business must have in place appropriate procedures for their employees, or persons in a comparable position, to report a contravention internally through a specific, independent and anonymous channel proportionate to the nature and size of the designated business concerned.
Compliance Officer
A designated business shall appoint an individual at management level, (to be called a ‘compliance officer’) to monitor and manage compliance with, and the internal communication of, internal policies, controls and procedures adopted by the designated business under this section if directed in writing to do so by the regulator for that designated business.
A designated business shall appoint a member of senior management with primary responsibility for the implementation and management of anti-money laundering measures if directed in writing to do so by the regulator for that designated business.
Direction to Audit
A designated business shall undertake an independent, external audit to test the effectiveness of the internal policies, controls and procedures if directed in writing to do so by the regulator for that designated business.
A regulator shall not issue a direction unless it is satisfied that, having regard to the size and nature of the designated business, it is appropriate to do so. Â A regulator may make a direction to a class of designated businesses for whom it is the regulator.
A credit or financial institution that is a designated business, must have systems in place to enable it to respond efficiently to enquiries from An Garda Siochana in relation to its business relationships, and the nature of such relationships, with a person specified by An Garda Siochana. There are penalties for failing to comply.
Group Issues
There must be group-wide policies and procedures for the prevention and detection of money laundering and terrorist financing to be implemented by any designated business that is part of a group. A designated business incorporated in the State that operates a branch, majority-owned subsidiary or establishment must ensure that it adopts and applies the group-wide policies and procedures.
Where the law of a place that is not a Member State does not allow the application of those policies and procedures, the designated business must ensure that additional measures are applied and inform the regulator. Â Designated businesses with branches and subsidiaries in other Member States apply the law of those Member States, which transposes the Fourth Money Laundering Directive.
Designated businesses with branches and subsidiaries in third countries which have less strict money laundering laws than those of the State are to apply the requirements of the State. Suspicious transaction reports are to be shared within a group,). Failure to comply is an offence.