Risk Based approach to AML Supervision

The Central Bank implements a risk-based approach to anti-money laundering (‘AML’) and countering the financing of terrorism (‘CFT’) supervision of credit and financial institutions (‘firms’). Effective risk based supervision entails identifying money laundering (‘ML’) and terrorist financing (‘TF’) risks and supervising firms commensurate with the risks identified and taking necessary action to bring about compliance.

There are two elements of the Central Bank’s risk-based approach to AML/CFT supervision: (a) Identification and Assessment of ML/TF Risk; and (b) AML/CFT Supervisory Engagement to monitor and bring about compliance by firms.

(a) Identification and Assessment of ML/TF Risk

The Central Bank maintains a Money Laundering/Terrorist Financing Risk Assessment (‘ML/TF Risk Assessment’) which identifies and assesses ML/TF risk in the financial sector in Ireland from a supervisory perspective.

Risk Assessment Process

The ML/TF Risk Assessment includes;

  • the ML/TF risks associated with the firms’ business models; and
  • the overall quality of the firms’ AML/CFT control framework

Factors considered during the ML/TF assessment include:

  • nature, scale and complexity;
  • types of customers;
  • distribution channels;
  • products and services; and
  • any other relevant factors

The ML/TF Risk Assessment is an iterative process, given the evolving and changing nature of ML/TF risk in the financial sectors supervised by the Central Bank. The Central Bank reviews and revises its understanding of ML/TF risk from a number of sources, including:

  • output from supervisory engagement;
  • its outreach programme; and
  • intelligence gathering and sharing with law enforcement agencies, financial intelligence units, revenue and customs agencies, national & international policy makers and other supervisors (national and international).

ML/TF Risk Assessment Ratings

The ML/TF Risk Assessment model assigns four ML/TF sectoral ratings - High; Medium High; Medium Low; and Low risk.  The overall risk rating for each sector is set out in the table below.

Table: Financial Sector Risk Ratings 

Risk Based Table

Firm Specific ML/TF Risk Ratings

Firms that are designated persons are categorised by sector and the ML/TF risk rating applicable to that sector will be applied to the firm.  Individual firms’ ML/TF risk ratings are applied on the basis of supervisory engagements such as inspections, submission of Risk Evaluation Questionnaires and other interactions in relation to the firm.  An individual firm’s ML/TF risk rating may differ from the risk rating applied to its sector, depending on the specific ML/TF risk associated with its business model and the quality of its AML/CFT control framework. 

It is important to note that an assessment of a firm as being of a higher ML/TF risk does not necessarily indicate that there is low level of AML/CFT compliance in that firm. Some firms will by the very nature or scale of their business model, remain higher ML/TF risk even with robust AML/CFT compliance frameworks in place.

(b) AML/CFT Supervisory Engagement Model

Firms should note that the AML/CFT supervisory engagement model is separate and distinct from the Prudential and Consumer supervisory engagement models.

The Central Bank implements a graduated approach to AML/CFT risk-based supervision. What this means is that higher intensity supervisory measures (e.g. onsite inspections) are used to monitor firms that are higher risk. Other less intensive supervisory measures such as AML/CFT Risk Evaluation Questionnaires and outreach activities (e.g. presentations and seminars) are also used as part of the Central Bank’s AML/CFT supervisory programme.

The frequency and intensity of AML/CFT supervisory engagement model for an individual firm is dependent on its ML/TF risk rating as set out in the table below:


Table: AML/CFT Minimum Supervisory Engagement Model



ML/TF Risk[1]

Medium High ML/TF Risk

Medium Low

ML/TF Risk


ML/TF Risk

Inspection Cycle

3 years

5 years

Strategic, spot check & responsive

Strategic, spot check & responsive

AML/CFT review meetings


5 years

Strategic, spot check & responsive

As required.

AML/CFT Risk Evaluation Questionnaires


2 years

3 years

Strategic, spot check & responsive

[1] Certain firms with the highest level of ML/TF risk associated with the nature and scale and complexity of their business model and/or operations have been assigned an “Ultra High” ML/TF risk rating. Such firms are subject to a more intensive/frequent level of supervisory engagement


It should be noted that the engagement levels set out above are the minimum that firms in the different categories are subject.  The Central Bank may apply additional supervisory measures to firms and sectors in circumstances where it further mitigates against the risk of the financial services industry being exploited for money laundering and/or terrorist financing purposes. For example, the Central Bank has appointed Relationship Managers to certain firms and sectors in order to ensure appropriate responses and timely interventions to matters that arise. In addition, the Central Bank may meet with key control functions within firms e.g. CEO, CRO, Internal Audit, Independ Non-Executive Directors, as well as attending board meetings in order to determine that firms are aware of ML/TF risks and that appropriate measures are being taken to mitigate those risks. The Central Bank conducts supervisory engagement (including onsite inspections) of firms rated medium low and low on an ongoing basis. This supervisory engagement results in firms being strategically targeted in order to optimise our supervisory reach in a particular sector; selected randomly on a spot check basis; or being selected on a responsive basis, arising from information brought to the attention of the Central Bank by a firm, or by another party.

National Risk Assessment for Ireland - Money Laundering and Terrorist Financing

The Department of Finance and the Department of Justice and Equality have jointly published Ireland's first Money Laundering and Terrorist Financing National Risk Assessment (NRA).  Further information regarding the NRA can be found on the Guidance on Risk.