Central Bank publishes “Dear CEO” letter to Schedule 2 firms on low level of compliance with Anti-Money Laundering and Counter Financing of Terrorism obligations

16 December 2020 Press Release

Central Bank of Ireland

  • Findings include overall lack of compliance by Schedule 2 Firms with AML/CFT obligations
  • Boards fail to demonstrate responsibility for ensuring the implementation and ongoing oversight of AML/CFT control framework
  • Central Bank will use all means to identify unregistered firms and take appropriate action

The Central Bank has today (16 December 2020) published the outcome of supervisory engagements undertaken in respect of Schedule 2 Firms to assess compliance with their obligations under Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010).

The “Dear CEO” letter, outlines the Central Bank’s expectations of firms in relation to Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) and Financial Sanctions (FS) requirements and details follow-up actions to be taken by CEOs and Boards in response to the findings outlined.

The examination, which consisted of both inspections and review meetings, found an overall lack of compliance across all areas of the AML/CFT control framework. There is also poor understanding of the requirements from Board and senior management levels, including at those firms who outsourced their AML/CFT and FS activities to third parties.

The examination identified a number of failings across Schedule 2 Firms, including:

  1. Board Oversight and Governance - failure to demonstrate Boards had taken responsibility for the implementation and ongoing oversight of AML/CFT and FS in a number of firms. In many instances, AML/CFT and FS was only included on the Board’s agenda following notification from the Central Bank of the upcoming supervisory engagement exercise.
  2. Money Laundering/Terrorist Financing Risk Assessment - lack of ongoing and comprehensive assessment and documentation of ML/TF risks that are specific to each firm’s consumers and business activities. In a number of instances, this was exacerbated by reliance on ‘off the shelf’ risk assessment frameworks.
  3. Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures - failure to put in place and implement firm-specific AML/CFT and FS policies and procedures, and failure to review and update these on an ongoing basis.

Director of Enforcement & Anti-Money Laundering, Seána Cunningham said: “The Central Bank expects all firms to be alert to the risks that money laundering and criminal financial activities may pose to their customers and business, and the wider integrity of the Irish financial system. This requires CEOs and Boards to have in-depth knowledge and understanding of their Anti-Money Laundering and Counter Financing of Terrorism obligations. It is also essential to have the necessary control framework in place to ensure protection of their business and customers.

“Our supervisory engagements revealed a low level of compliance with the AML/CFT control framework requirements. The culture and tone of any organisation is set from the top. It therefore rests with the Board of these firms to ensure that the necessary AML/CFT governance, risk assessment, policies and procedures, training and awareness are embedded throughout the organisation. While some firms may choose to outsource AML/CFT activities to third party service providers, Boards cannot outsource the responsibility for compliance.

“We will continue to engage directly with those firms where compliance weaknesses and failures have been identified to ensure that they are addressed. We also require all firms to review the content of this letter to ensure that they assess their own compliance with the issues identified.

“We are also taking this opportunity to remind all firms to assess their activities to determine if they are required to register with us under Schedule 2. Firms who fail to register are at risk of significant criminal and/or administrative sanctions. In 2021, the Central Bank will use all means available to identify those firms not registered and take appropriate action.”


Notes to Editor

  • The Central Bank of Ireland is the competent authority for monitoring the compliance of credit and financial institutions with Part 4 of the CJA 2010, and with taking measures that are reasonably necessary to secure such compliance. Entities engaged in activities outlined under Schedule 2 of the CJA 2020, herein referred to as ‘Schedule 2 Firms’ have been obliged to comply with Part 4 of the CJA 2010 since its implementation in 2010. On 26 November 2018, Section 108A of the CJA 2010 introduced a statutory requirement for Schedule 2 Firms to register with the Central Bank, where such firms are not otherwise authorised or licensed to carry on business by the Central Bank. Details on the registration process is available on the Central Bank website.
  • The definition of “financial institutions” in the CJA 2010 includes entities that carry out one or more of the activities specified in Schedule 2 of the CJA 2010, hereto referred to as Schedule 2 Firms, Subject to limited exceptions as set out in the definition of “financial institution” in s24, and in s25(4) of the CJA 2010. Firms engaged in such activities are required to register with the Central Bank pursuant to section 108A of the CJA 2010.