Address by Derville Rowland, Director of Enforcement to Compliance Ireland

02 December 2016 Speech

2 December 2016

Good morning ladies and gentlemen. I would like to thank Compliance Ireland for inviting me to speak to you this morning.

As the Director of Enforcement, I have responsibility for Enforcement and Anti-Money Laundering, which includes the Central Bank’s dedicated AML supervisory division.

I will discuss recent developments in AML supervision, national developments such as the publication of the National Money Laundering and Terrorist Financing Risk Assessment and the ongoing FATF assessment. I will also talk about some of the current AML challenges faced by supervisors and compliance professionals. I will conclude by briefly talking through the recent Enforcement case against Ulster Bank concerning AML breaches.

The role of the Central Bank in AML supervision is to monitor financial institutions compliance with regulatory obligations set out in the Criminal Justice Act 2010. To fulfil its function, the Central Bank established a dedicated supervisory division, AMLD, in 2010 and has since then continued to develop and enhance its supervisory strategy, operations and approach.

We apply a risk based approach to AML supervision. As a result, we allocate our supervisory resources in keeping with identified money laundering and terrorist financing risk.

To achieve effective risk-based supervision, we bring together a wide range of functions and expertise. We use our understanding of the risks faced by supervised firms to target the higher risk firms, while ensuring that lower risk firms are also subject to proportionate supervisory engagement.

The strategy is implemented through a robust supervisory programme. It is a graduated approach that allows for the nature and scale of engagement to differ depending on risk. For example, onsite inspections are the most intensive engagement, while other supervisory tools such as meetings with MLROs and outreach activities such as speaking events like today’s event are used to ensure that we reach as many of our firms as possible. Supervisors must also have an in depth understanding of the legal framework, and play a role in domestic and international policy developments. Supervisors must also be aware of money laundering and terrorist financing typologies and international trends given the inherently global dimension of money laundering and terrorist financing.

The Central Bank has worked hard at achieving all of these elements and will continue to do so. From a resource allocation in 2014 of 17 staff, AMLD will move to approximately 33 staff by year end. The increase in staff numbers demonstrates the commitment of the Central Bank in preventing money laundering and terrorist financing within the financial sector in Ireland.

Staff in AMLD consist of experienced supervisors who have previously worked in other divisions in the Central Bank, risk and analytic experts, experienced compliance professionals from the main sectors, lawyers and accountants. There is a dedicated risk and analytics team responsible for conducting ongoing risk assessment that has developed a bespoke ML/TF risk assessment model separate from the current PRISM model, recognising that prudential and ML/TF risk are two different things.

We have moved from 2 to 4 supervisory inspection teams. These teams focus on the assessment of risks within firms. The teams range from a high risk team to a reactive supervisory team. The intention is to increase inspections next year in line with the increase in staff numbers.

AMLD also has a dedicated legal and policy team. This team is responsible for interpreting Irish and EU AML legislation. It engages at national and international level on AML/CFT policy formulation. We engage at European Supervisory meetings and attend FATF meetings as part of the Irish delegation. We also have a specialist financial crime team that investigates unauthorised activities and administers international financial sanctions.

The Central Bank does not attempt to “catch-out” firms when identifying deficiencies. Our supervisory approach is to use our resources in a way that will heighten awareness of risks and obligations. Our aim is to ensure that controls are in place that make it unattractive for money launderers or the financiers of terrorism to infiltrate the financial system. A key element of this process is having in place effective reporting procedures. These enable prompt reporting of suspicious transactions to law enforcement agencies. This promotes the detection and investigation of money laundering and terrorist financing.

Of course, the area of AML is multi-faceted. It involves not only the Central Bank but also a wide range of stakeholders from both the public and private sectors. This is reflected in some recent national developments.

The first development is the publication of the National Money Laundering and Terrorist Financing Risk Assessment. The second is the ongoing FATF mutual evaluation review.

For an effective national AML regime, there needs to be a national understanding of money laundering and terrorist financing risks. This involves an assessment of threats from criminal and terrorist activities and the vulnerabilities in the financial and other relevant sectors. The most comprehensive way to understand national risks is to prepare a national risk assessment. This risk assessment assesses the threats and vulnerabilities and considers consequences and mitigants in place that allows for risk ratings to be applied to different sectors.

Ireland prepared its first National ML/TF Risk Assessment this year. It was published jointly by the Department of Finance and Department of Justice and Equality in October. The Central Bank was involved in inputting into the NRA on vulnerabilities in the financial sector. This input was based on the work we had done when we conducted our standalone risk assessment.

The NRA and the Central Bank’s risk assessment have some commonalities but they are two different models. The Central Bank’s risk assessment focuses on its supervisory population at sector and firm level. It is the tool that informs and drives our supervisory programme. The NRA is much more high-level and takes into consideration a range of other factors.

Saying that, the findings in the NRA and the Central Bank’s risk assessment have similar conclusions. Retail Banks, Bureau-de-Change and Money Remitters are rated as high risk given the nature of the businesses that they operate. Non-retail banks and the funds industry are medium-high risk. Credit Unions, Money Lenders, Life Assurance, Asset Managers and Retail Intermediaries are identified as either medium-low or low risk from a money laundering/terrorist financing perspective.

As set out in the NRA, it is important to note that the ratings given to each sector is a residual rating. That is residual risk after taking mitigants and other factors into account. Importantly a higher rating does not indicate that there is low compliance in a particular sector. Some sectors will, simply by their very nature or scale, remain higher risk even with robust AML compliance measures in place.

Ireland is currently undergoing a mutual evaluation review by the FATF. As most of you are probably aware, the FATF is the international standard setting body for AML and CFT. Ireland is one of its 37 members and as such is subject to periodic peer review. We were last reviewed in 2006 and we are currently undergoing our Fourth Round Review.

The current Round of MERs is quite involved. The process typically takes 14 months. It involves an assessment of technical compliance with the 40 FATF standards and recommendations and also involves an assessment of effectiveness. That is, how effective or how well is a country meeting 11 defined outcomes. The Central Bank is primarily involved in 3 of the 11 outcome areas along with other supervisors. They are IO1 – understanding of Risk, IO3 – effective supervision and IO4 preventative measures which focuses on industry.

The Central Bank, various State Authorities and even some of the Financial Services firms have been involved in the process. The interaction with the assessors has been good. We are now mid-way through the process. We expect Ireland to be evaluated at the FAFT Plenary next June, so we will just have to await the outcome. In actual fact, going through the MER process is very beneficial as it prompts a review of approach and leads to enhancement of the AML approach including the industry supervisory process.

The introduction of the 4th EU AML Directive is the biggest change to EU AML regulation since 2005. It is required to be transposed into Irish law by June 2017. There are a number of changes in the Directive that will need to be brought into domestic law. Further changes to the 4th EU Directive are being considered at the political level in the aftermath of recent terrorist attacks. Examples of these include a proposal for a register of bank accounts and virtual currency exchanges becoming regulated for AML purposes.

Examples of legislative change that will be required which impacts on financial institutions includes the extension of the meaning of PEPs to include domestic PEPs, the introduction of a register of beneficial owners, the removal of a “white list” of Third Country Equivalents and the need to consider risk factors before applying simplified or enhanced customer due diligence.

The Central Bank is involved in providing technical assistance on transposition to government departments. We are considering ways in which we will incorporate the regulatory changes into our supervisory processes. We are also considering the most effective way to provide guidance to financial institutions about new and existing AML obligations.

It is important that firms adopt a risk based approach not only to AML but also to CFT. Firms need to recognise the risks of money laundering and terrorist financing can be quite different. Suspicion of money laundering is tied to suspicion that funds are linked to illegal activity. The financing of terrorism however, may arise from legitimate funds and consequently there should be a heightened focus on the destination of the funds. To operate a comprehensive compliance regime, a firm should assess both its ML and TF risks individually and put in controls that meet each of those risks. Failure to do this, may lead to a real risk of terrorist financing occurring because of a lack of understanding of the distinctive nature of terrorist financing risks.

In October 2016, an Enforcement case was widely reported on. Ulster Bank was fined €3,325,000 and reprimanded for breaches of AML legislation. The breaches occurred over a 6-year period and were admitted by the firm. The breaches involved significant failings in the firms AML/CFT framework and procedures in respect of outsourcing, risk assessment, customer due diligence and also areas of non-compliance in respect of trade finance procedure manuals, adherence to internal procedures, training of non-executive directors and reliance on third parties in respect of customer due diligence.

In the public statement about the case, it says:

Robust frameworks, systems and controls must be the cornerstone of credit and financial institutions’ compliance with anti-money laundering legislation. Weaknesses in anti-money laundering controls expose the Irish and global financial system to abuse and threaten to undermine its stability…

Our main AML supervisory objective is to bring about compliance. Enforcement will be used as a tool to support supervision where it is right to do so. The enforcement of anti-money laundering governance and controls is and will continue to be a priority for the Central Bank.

In conclusion, the area of AML and CFT regulation is expanding with increasing demands on supervisors and compliance professionals. The supervisory approach has evolved in recent years.

We will continue to focus on ensuring that there is compliance with AML/CFT obligations. We will seek to ensure that the measures in place are effective to mitigate the money laundering and terrorist financing risks.

In AML and CFT, we are most effective when industry compliance professionals and supervisors have a shared understanding of the risks and the regulations. The Central Bank’s interest is in ensuring that there is effective supervision and that compliance takes place. Compliance professionals and supervisors must work in a way to ensure that our shared goal of preventing money laundering and terrorist financing is fulfilled.