Central Bank highlights weaknesses in Virtual Asset Service Providers’ AML/CFT Frameworks

11 July 2022 Press Release

Central Bank of Ireland

  • Central Bank seeks to anticipate and support innovation in the financial services industry
  • Firms in novel areas must ensure their businesses will not be used to launder the proceeds of crime or to finance terrorism
  • Central Bank issues a bulletin to virtual asset service providers (VASPs) to assist them in strengthening their applications and frameworks

The Central Bank of Ireland has today, 11 July 2022, published a bulletin in relation to Virtual Asset Service Providers (VASPs), seeking to assist applicant firms to strengthen both their applications for registration and their Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Frameworks.

Effective regulation to prevent financial crime supports innovation in new markets such as virtual assets. The Central Bank plays an important gatekeeper role in Ireland’s fight against money laundering and terrorist financing (ML/TF). It seeks to ensure that regulated financial service providers have the necessary risk culture, and risk and control frameworks in place, to minimise the risk of the use of their products or services by criminals for the purposes of ML/TF.

Since 23 April 2021, VASPs are required to comply with the relevant AML/CFT obligations under the Criminal Justice Act 2010 to 2021. Firms that wish to conduct business as a VASP must apply to the Central Bank for registration. The Central Bank is currently progressing the assessment of registration applications, and has provided feedback to 90% of applicants on their proposed AML/CFT frameworks.

Today’s bulletin outlines key issues identified through the assessment process, sets out the Central Bank’s expectations in relation to key AML/CFT requirements, and advises firms that registered VASPs, as with all supervised entities, will be subject to a supervisory levy.

The Central Bank identified, in the vast majority of applications, a lack of understanding and compliance with key AML/CFT obligations, in addition to significant control weaknesses. The lack of compliance, coupled with control weaknesses, resulted in a significant number of the applicant firms not being able to demonstrate to the Central Bank that they could meet their AML/CFT obligations.

Director of Enforcement & Anti-Money Laundering, Seána Cunningham said “All firms regulated and supervised by the Central Bank for AML/CFT purposes must be able to demonstrate a robust AML/CFT control framework that complies with the relevant obligations. The Central Bank will only register a firm when it is satisfied that the firm can meet its AML/CFT obligations on an ongoing basis.

“All current and potential VASP applicants should review the content of the bulletin and take actions to rectify weaknesses, as relevant. Firms undertaking VASP activities are also reminded that a failure to register may result in significant criminal and/or administrative sanctions.

“VASPs are supervised by the Central Bank for AML/CFT purposes only. The Central Bank’s mandate with respect to VASPs does not extend to consumer protection.”


Notes to Editor

  • The Central Bank of Ireland is the competent authority for monitoring the compliance of credit and financial institutions with Part 4 of the CJA 2010 to 2021, and with taking measures that are reasonably necessary to secure such compliance. Entities engaged in activities outlined under Section 106 of the CJA 2020 have been obliged to comply with Part 4 of the CJA 2010 to 2021 since 23 April 2021. Section 106 of the CJA 2010 introduced a statutory requirement for VASPs to register with the Central Bank. Details on the registration process is available on the Central Bank website.
  • VASPs established in Ireland and carrying on business as a VASP immediately prior to the CJA 2021  coming into force, who applied to the Central Bank for registration before 23 July 2021 are permitted to continue to offer VASP services pending the outcome of their application.
  • The Central Bank’s mandate with respect to VASPs does not extend to consumer protection and in this regard the Central Bank on 22 March 2022, warned consumers about the risks of buying or investing in virtual assets and cryptocurrencies. Further information is available here.