Anti-Money Laundering supervision - Derville Rowland, Director of Enforcement

Good morning, ladies and gentlemen. I am very pleased to join you at this event this morning, and would like to thank the Banking Payments Federation of Ireland for inviting me to speak with you.

As the Director of Enforcement in the Central Bank, I am responsible for both enforcement investigations across all regulatory areas and for anti-money laundering (AML) supervision and policy development. These two areas are separate and distinct. There is a dedicated Anti-Money Laundering Division (AMLD) responsible for fulfilling the Central Bank’s AML supervisory mandate with other supervisory directorates also playing a role..

This morning, I will focus on AML supervision. The term “AML” refers to both anti-money laundering and countering the financing of terrorism. These obligations are usually dealt with in a single control framework.

First, I want to state clearly why we undertake AML activities. Against an international background of ever increasing threats of money laundering and terrorist financing, we act to protect the integrity and stability of the Irish financial system and to protect consumers.

Today, I will outline for you the Central Bank’s risk-based AML supervisory framework and our journey to develop and mature that framework. I will speak about the outcomes and expectations arising from our supervisory engagement with the banking sector. I will conclude with some of the opportunities and challenges that arise in AML regulation for both supervisors and the banking sector.

Central Bank AML supervisory framework

The Central Bank’s AML role is to monitor the compliance of financial institutions with their regulatory obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and to take necessary action in circumstances of non-compliance. Financial institutions are obliged to ensure they have appropriate systems and procedures in place to assess, detect and prevent money laundering and to report suspicious transactions. There are approximately 11,000 financial services firms under the Central Bank’s AML supervisory remit.

AMLD was established in 2010 as a separate supervisory division to deliver on the Central Bank’s mandate. Since then, we have continued to enhance our supervisory capacity. In 2014, AMLD had a resource allocation of 17 staff. Today we have a complement of 37 staff. This significant increase in resources clearly demonstrates the commitment of the Central Bank to the prevention of money laundering and terrorist financing within the financial sector in Ireland.

We apply a risk-based approach to supervision. We allocate our supervisory resources in accordance with identified money laundering and terrorist financing risk. Firms considered at higher risk from a money laundering or terrorist financing perspective are subject to more frequent and more intensive supervisory engagement. Lower risk firms are supervised on a targeted and responsive basis that ensures that they too are subject to proportionate supervisory engagement. We have supervision teams dedicated to firms categorised as High Risk, Medium High Risk and Medium Low Risk. We have also established a Responsive Supervision team that carries out random “spot check” inspections right across the risk spectrum. So, any firm in any given year could be subject to supervisory engagement by AMLD.

Our supervisory programme is rigorous and robust. We operate a graduated approach with the nature and scale of engagement varying depending on the risk. For example, on-site inspections are the most intensive form of engagement, while we use other supervisory tools including meetings with firms and outreach activities, such as this morning speaking engagement, to engage with as many of our firms as possible. We work hard to continuously improve this supervisory model and ensure it is effective in monitoring compliance with AML legislation.

Our Supervisory engagement with the banking sector

The review of AML compliance in the banking sector has shown that our banks need to work harder to effectively counter money laundering and terrorist financing. Our review involved inspecting the main retail banks in the Irish banking sector. These inspections focused on AML governance; risk assessment and risk management; systems and controls including customer due diligence; policies and procedures; and the reporting of suspicious transactions.

We identified a number of issues, which were a cause for concern. Some serious findings from the inspections of the retail banks include the following:

• Incomplete risk assessments that did not effectively consider relevant inherent money laundering or terrorist financing risks.
• High-level risk assessments that lacked a thorough analysis of key risks;
• Non-adherence to firms’ own AML/CFT policies.
• Failure to ensure the provision of appropriate and comprehensive training to the Board and committee members, as well as enhanced training for staff in key AML/CFT roles.
• Failure to report suspicious transactions without delay.
• Shortcomings in customer due diligence processes, including the identification of Politically Exposed Persons (PEPs).

Satisfactory processes and controls were in place in some areas and remediation plans were put in place in others. However, the number and nature of issues identified strongly suggested that more work is required by the banks to effectively manage money laundering and terrorist financing risks.

Arising from the inspections conducted, cases against a number of banks were referred to the Central Bank’s Administrative Sanctions Procedure. In the past 8 months, there have been 3 enforcement cases concluded against retail banks for AML breaches. In all cases, we imposed multimillion-euro fine in addition to publicising in detail the facts of the cases which reflects our commitment to transparency.

The cases are:

• In October 2016, Ulster Bank was reprimanded and fined €3,325,000 for significant failings in the firm’s AML/CFT framework and procedures in respect of outsourcing, risk assessment, customer due diligence were identified. There was also non-compliance in respect of trade finance procedure manuals, adherence to internal procedures, training of non-executive directors and reliance on third parties in respect of customer due diligence.
• In April 2017, Allied Irish Bank was reprimanded and fined €2,275,000 for significant failings in the reporting of suspicious transactions, determination of source of wealth and source of funds, customer due diligence, and policies and procedures.
• Last month, Bank of Ireland was reprimanded and fined €3,150,000 for significant weaknesses in the adequacy of the bank’s risk assessment, delays in reporting suspicious transactions and weaknesses in its customer due diligence controls.

These AML deficiencies have now been remediated by the banks in question. I want to acknowledge that the banks have significantly improved their AML control frameworks. However, there is no room for complacency. The Central Bank requires that robust AML controls must continue to be in place and maintained by all firms under our supervisory remit so that they are well placed to respond to the ever-changing threats.

Expectations of the banking sector

Protecting the financial system from money laundering and terrorist financing is of the utmost importance to the Central Bank. It is for this reason that compliance with AML requirements is and will remain a key Central Bank priority and we will take action in circumstances where firms fail to comply.

Banks are the main gateway for most people to access the financial system, providing a diverse range of products and services to a wide range of customers.

The complexity and interconnectivity of the international financial system increases the risks of criminals using the system to carry out money laundering or terrorist financing. Financial firms must invest in and maintain strong AML compliance frameworks to help protect the integrity of the financial system and prevent it being used for money laundering and terrorist financing.

The extent of the remedial actions that we directed banks to take to improve their controls and the enforcement actions taken by the Central Bank demonstrate the importance of investing in and maintaining strong AML compliance frameworks to protect the financial system, consumers and the wider public from money laundering and terrorist financing.

One of the Central Bank’s key expectations for an effective AML control framework is that it is based on a money laundering and terrorist financing risk assessment specific to the firm’s business and that it has robust controls in place to mitigate and manage the risks identified. We continue to stress to firms and the industry at large that a “tick box” or rules-based approach is not fit for purpose and will not meet regulatory expectations. We will not accept this approach from supervised firms.

Opportunities and challenges

There are a number of opportunities and challenges faced by supervisors and the banking sector in the area of AML. The introduction of a 4th EU AML Directive in 2015 brings the biggest change to the area of EU AML since 2005. This is now followed by a number of proposed changes to this Directive in the form of a 5th EU AML Directive which is currently being negotiated at a political level. These changes are being driven by the recognition of the need for heightened vigilance in this area, in the aftermath of persistent terrorist attacks. Implementing these required changes presents both opportunities and challenges for supervisors and firms.

Implementing a risk based approach specific to the individual firm’s business and assessing higher and lower risk scenarios is one of the key changes required. There is an extension of the meaning of what constitutes a politically exposed person to include domestic politically exposed persons. This means that domestic politicians and their families will be subject to enhanced customer due diligence measures. There is also the introduction of a register of beneficial owners that will require information on beneficial owners of companies and trusts to be stored in a central register. A statutory instrument has already been introduced setting out the requirement to collect this information and further legislation will be introduced to set up a central register.

We recognise the challenges faced by changing AML regulation. As steps are taken by government to transpose the 4th EU Directive, we are providing technical assistance into that process to assist in ensuring that it will be implemented effectively. We are also considering ways in which to incorporate the regulatory changes into our supervisory processes and the most effective way we can provide AML guidance to firms. Over the past number of years, we have increased our outreach and engagement programme at industry and Central Bank events to increase awareness of AML obligations and the forthcoming changes. We will continue to carry out this work.

There are opportunities and challenges for supervisors arising out of the AML supervisory framework. As part of the new EU AML laws, the European Supervisory Authorities are mandated to provide guidelines and technical standards in a number of areas and we are an active participant in this work as one of the 28 member states. This presents an opportunity for us to have direct involvement in the influencing of AML implementation measures at EU level. It also presents a challenge given the number of new guidelines and standards required to be implemented on a comply or explain or on a mandatory basis meaning that once they are adopted supervisors must incorporate the guidelines into their supervisory processes.

A recent key AML challenge for Ireland and the Central Bank has been the mutual evaluation review (MER) of Ireland conducted by the Financial Action Task Force (FATF), which is the international AML standard setting body. It is a peer review that involves an evaluation of both technical and effectiveness across a country’s entire AML framework including supervision and compliance measures. The review process provides an opportunity to assess a country’s own framework and to devise and implement improvements to the system but is also quite challenging. The Report is scheduled to be discussed for adoption at the FATF Plenary later this month. It is not possible to discuss what is contained in the Report but I can say that there has been positive engagement with the FATF assessment team, including from representatives from the banking sector. The current draft of the Report contains constructive findings and recommended actions that should lead to the further strengthening of the Irish AML system. It is very important that Ireland is a strong link in the international chain in preventing money laundering and the financing of terrorism.

Conclusion

I want to conclude by stressing that protecting the financial system from money laundering and terrorist financing is of the utmost importance to the Central Bank. I want to reiterate that the banking sector has responded positively to our concerns and is taking steps to remediate the shortcomings identified.

However, the investment in AML controls and focus on a risk-based approach to compliance must continue to be a priority for firms. The banking sector is particularly vulnerable to money laundering and terrorist financing given that it is a main gateway for consumers to the financial system that provides a wide range of services and products. Weaknesses in AML controls expose the financial system to abuse that not only damages the financial system but is also detrimental for society as it may facilitate crime and terrorism.

The Central Bank’s risk based supervision of compliance with AML legislation will remain a key priority. We will continue to apply supervisory measures on a risk sensitive basis using a range of measures to supervise firms’ compliance. From a regulatory perspective, the objective is to secure compliance with AML legislation and we will continue to take all necessary steps, including enforcement action, to achieve that objective.