AuthorPeter Oakes is an experienced anti-financial crime, fintech and board director professional. Archives
April 2024
Categories
All
|
Back to Blog
* UPDATE: In response to emails I've uploaded a slideshow of our consolidation - available here. Clients will receive a free amendable/searchable copy *
Comments on the updated Irish #moneylaundering & #terroristfinancing legislation. What: Ireland signed into law the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the “2021 Act”). The 2021 Act (No. 3 of 2021) makes a number of changes to the 2010 Act (No. 6 of 2010) When: 18 March 2021. Legislation passed by Oireachtas (signed into Law by the President of Ireland). The 2021 Act takes effect on Friday 23 April 2021 with remaining legal provisions taking effect on the following day (23 April 2021). A copy of the commencement order is available here. Action: Time to update your #Compliance & #FinancialCrime Risk Frameworks, Risk Assessments, Policies, Manuals & Procedures. What areas of the 2010 Act are impacted that you need to know and take into account to update your compliance documents? See the comments section below where I've listed the areas from the 2010 Act impacted by the 2021 Act. How: Contact the team at CompliReg. We are undertaking several reviews of policies, procedures and manuals in light of the recent changes made to Irish AML/CTF law. We have tracked the changes in our consolidation of the 2010 Act up until and including Act No 3 of 2021. Contact the team at office@complireg.com with your business contact details for a discussion of a review. Further Reading: Money Laundering - Amendments to implement 5th AMLD into Ireland (18 March 2021)
0 Comments
Read More
Back to Blog
UPDATE: The law commenced operation on Friday 23rd April 2021. See Stephen Fletcher's blog of Saturday 1 May 2021 for further details Below is my linkedin post of 16 April 2021. I have been asked to put a copy of the consolidation online. We spent a lot of time preparing the consolidation and are happy to share the below slideshow. If you would like a copy of the document in pdf which you can copy, paste and search within, please email office@complireg.com and we will inform of the costs and email. "Some comments on the updated Irish #moneylaundering and #terroristfinancing legislation. Linkedin Post: What: Ireland signed into law the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the “2021 Act”). The 2021 Act (No. 3 of 2021) makes a number of changes to the 2010 Act (No. 6 of 2010) When: 18 March 2021. Legislation passed by Oireachtas & signed into Law by the President of Ireland Action: It’s time to update your #Compliance & #FinancialCrime Risk Frameworks, Risk Assessments, Policies, Manuals & Procedures. So what areas of the the 2010 Act impacted by the changes in March do you need to know and consider taking into account to update your compliance documents? See the comments section below where I've listed the areas from the 2010 Act impacted by the 2021 Act. How: Contact the team at CompliReg. We are undertaking several reviews of policies, procedures and manuals in light of the recent changes made to Irish AML/CTF law. We have tracked the changes in our consolidation of the 2010 Act up until and including Act No 3 of 2021. Contact the team at office@complireg.com with your business contact details for a discussion of a review. We'll be sending a copy of our up-to-date consolidated version of the 2010 Act to our clients this week." Post at https://www.linkedin.com/feed/update/urn:li:activity:6788600737791303680/
Back to Blog
CompliReg's Peter Oakes has again being recognised as a leading fintech consultant for 2021 following his listing in 2020.
Chambers and Partners released its Fintech Rankings for Ireland in January 2021. Peter is the only individual / boutique professional services firm (CompliReg) to be ranked along side some of Ireland's largest consulting firms. In research carried out by Chambers and Partners, Peter's clients and fintech industry experts informed the researchers that:
Reach to Peter for assistance and advice via the details on our contact page. Further reading:
Back to Blog
Ireland's Minister of State for Financial Services, Credit Unions, and Insurance Seán Fleming TD today (Thursday 11th February) launches the Ireland for Finance Action Plan for 2021 following Cabinet approval.
The 2021 Action Plan has four priority areas; Sustainable Finance, Diversity, Regionalisation, and Digital Finance. It contains 16 new measures to build on the resilience shown by the IFS sector over the last year. Read Fintech Ireland's Blog here
Back to Blog
What does Tesla's and Elon Musk's investments in bitcoin mean for digital assets? (RTE News)11/2/2021 CompliReg's Peter Oakes talks on the hot topic of #bitcoin and #cryptoassets / #digitalassets for Fintech Ireland with Will Goodbody of RTE - Video and Post here
Back to Blog
Central Bank publishes “Dear CEO” letter to Schedule 2 firms on low level of compliance with Anti-Money Laundering and Counter Financing of Terrorism obligations
The Central Bank has today (16 December 2020) published the outcome of supervisory engagements undertaken in respect of Schedule 2 Firms to assess compliance with their obligations under Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010). The "Dear CEO" letter*, outlines the Central Bank’s expectations of firms in relation to Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) and Financial Sanctions (FS) requirements and details follow-up actions to be taken by CEOs and Boards in response to the findings outlined. The examination, which comprised of both inspections and review meetings, found an overall lack of compliance across all areas of the AML/CFT control framework. There is also poor understanding of the requirements from Board and senior management levels, including at those firms who outsourced their AML/CFT and FS activities to third parties. The examination identified a number of failings across Schedule 2 Firms, including:
Director of Enforcement & Anti-Money Laundering, Seána Cunningham said: “The Central Bank expects all firms to be alert to the risks that money laundering and criminal financial activities may pose to their customers and business, and the wider integrity of the Irish financial system. This requires CEOs and Boards to have in-depth knowledge and understanding of their Anti-Money Laundering and Counter Financing of Terrorism obligations. It is also essential to have the necessary control framework in place to ensure protection of their business and customers. “Our supervisory engagements revealed a low level of compliance with the AML/CFT control framework requirements. The culture and tone of any organisation is set from the top. It therefore rests with the Board of these firms to ensure that the necessary AML/CFT governance, risk assessment, policies and procedures, training and awareness are embedded throughout the organisation. While some firms may choose to outsource AML/CFT activities to third party service providers, Boards cannot outsource the responsibility for compliance. “We will continue to engage directly with those firms where compliance weaknesses and failures have been identified to ensure that they are addressed. We also require all firms to review the content of this letter to ensure that they assess their own compliance with the issues identified. “We are also taking this opportunity to remind all firms to assess their activities to determine if they are required to register with us under Schedule 2. Firms who fail to register are at risk of significant criminal and/or administrative sanctions. In 2021, the Central Bank will use all means available to identify those firms not registered and take appropriate action.” ENDS Notes to Editor
Further information Media Relations: media@centralbank.ie / 01 224 6299 Ewan Kelly: ewan.kelly@centralbank.ie / 01 224 6269
Back to Blog
Some choice headlines in the papers about Brexit in the past week as we - according to Brexit Ireland's countdown to Brexit clock - just little more than 33 days before 11p.m. (UK time) on Thursday 31st December 2020 when the Brexit transition period ends with no deal on financial services in sight. This week sees the EU negotiating team returning to London after face-to-face talks came to end more than a week ago after Mr Bariner's team was hit by a case of Covid. They will be greeted by headiness such as: UK dismisses ‘derisory’ EU fishing offer ahead of last-ditch trade talks; Europe’s finance sector hits ‘peak uncertainty’ over Brexit; and The City braces for Brexit. There is no equivalence regime provided for within either EMD2 (electronic money institutions) or PSD2 (payments services institutions)! One thing we are still very surprised by is the many in #fintech, #techfin and indeed #finserv (and scarily their advisers) who think that recent news on 'equivalence' deals are applicable to all UK #finserv which passport across the European Union / EEA. The announcement on Monday 23rd November by the European Commission was simply and specifically about European regulators finalising a late change seeking to avoid chaos in £15tn of derivatives contracts held between UK and EU counterparties. Then on Wednesday 25th, they insisted outposts of EU banks in London would have to trade certain derivatives in the EU. Back in August 2020 the European Parliament reminded that "Equivalence decisions are a unilateral decision by the Commission. The Commission ultimately exercises its discretion as conferred upon it by the “empowerment” given in EU sectoral legislation.'' BUT MORE IMPORTANTLY "The Commission also enjoys discretion to withdraw equivalence decision. The equivalence frameworks in force do not provide as such specific procedures for monitoring, reviewing or amending equivalence decisions." There are no equivalence provisions in EU bank, payments nor electronic money directives, and the equivalence provision in MiFiD doesn't apply to retail investment services. See the below table on the 'Role of equivalence in key EU banking and financial services legislation' for confirmation. The upshot is that if you are a UK authorised payments institution or electronic money intuition, come Thursday 31st December 2020 when your ability to passport across the whole of European Economic Area comes to an end, so too does your business model unless you have obtained an authorisation in an EU/EEA state. There are are other options available but we'll leave that for another article. If you are a regulated fintech looking for a home post #brexit contact https://complireg.com/authorisations.html. Read our Fintech Authorisation Guides published jointly by CompliReg and Fintech Ireland on the authorisation process. And check out the 'Why Ireland for Fintech' brochure. Why Ireland for your regulated fintech?
“From January 1st, EU rules will apply to UK firms wishing to operate in the EU. UK firms will lose their financial passport: it’ll be anything but business as usual for them. This means they will have to adhere to individual home-state rules in each and every member state,” the official said. Further reading:
26 November 2020 - Move to EU or face disruption, City of London is warned
27 August 2019 - "Third country equivalence in EU banking and financial regulation"
29 July 2019 - Financial services: Commission sets out its equivalence policy with non-EU countries 12 July 2017 - "Third-country equivalence in EU banking legislation"
Back to Blog
Today, 17th November 2020, the Central Bank of Ireland released a Dear CEO Letter on "Thematic Inspections of Compliance by Regulated Financial Service Providers with their Obligations under the Fitness and Probity Regime". Readers are probably aware that the Central Bank issued a previous Dear CEO Letter on 8th April 2019 on "Compliance by Regulated Financial Service Providers with their Obligations under the Fitness and Probity Regime".
If you need assistance with understanding or implementing the requirements, please contact the Team at CompliReg.
What does the Dear CEO Letter of 17th November 2020 say? Background: The Central Bank undertook thematic onsite inspections across a sample of firms in the insurance and banking sectors [Ed- No reference to MiFID, payments, emoney, intermediaries nor the funds industry] in order to assess the level of compliance with the Fintess and Probity (F&P) requirements. This was on foot of its Dear CEO Letter on the topic of F&P back in April 2019. The inspections did not examine the fitness and probity of particular individuals, but rather evaluated the processes in place to manage compliance with the requirements of the F&P Regime. The inspections focused on the following areas:
The Central Bank towards the end of the letter reminds that the F&P Regime is a cornerstone of the regulatory framework in Ireland, applying not only to individuals but also firms. Firms must ensure that any individual who is engaged to carry out a CF role has the requisite fitness and probity to do so. The Central Bank’s Dear CEO letter of April 2019 emphasised the importance of compliance by firms and identified areas where compliance was inadequate. As is noted below and in the November 2020 letter, the Central Bank believes that the range of findings from thematic onsite inspections following the April 2009 letter "indicates that many firms do not have due regard to their obligations under the F&P Regime". The Central Bank is also concerned by the number of firms which did not take action, following the April 2019 letter, to perform a formal ‘gap analysis’ of their policies, processes and procedures. Its position seems clear "[i]t is wholly unacceptable that such shortcomings continue to exist in circumstances where the F&P Regime was introduced almost ten years ago." What did the Central Bank find?: In summary, the inspections highlighted a number of common issues and shortcomings, resulting in the release of the Dear CEO letter. The letter sets out key findings and observations from the inspections together with the expectations of the Central Bank, which it believes need to be brought to the attention of the wider financial services industry. Helpfully, the Central Bank also set examples of good practices which had been implemented in a number of firms (see Appendix 1 of the Dear CEO Letter November 2020 and set out below). A significant number of findings were identified in relation to the role of the Board, the conduct of due diligence and the outsourcing of CF roles. While not all of the issues outlined in the Dear CEO November 2020 letter arose in each firm inspected, the Central Bank reckons that they are representative of the findings across the sample of firms. What are the key points arising from the findings?: (a) role of the Board in the F&P Process:
(b) Conducting Due Diligence:
c) Outsourcing of Roles subject to the F&P Regime [Ed- the area of outsourcing is important for large, small, complex and non-complex firms alike]
d) Engagement with the Central Bank
e) Role of the Compliance Function
Conclusion of the Central Bank:
Appendix 1: Key Findings Identified by the Thematic Inspections a) Levels of awareness and understanding of the F&P Regime Role of the Board / Nomination Committee (“NomCo”) in Fitness and Probity Process 1. The level of awareness of fitness and probity obligations was weak throughout many of the firms, with Board awareness of its obligations particularly poor. 2. Board appointment procedures were generally not subject to the same level of scrutiny or formality as other CF and PCF appointments. In most cases, there was a lack of interview notes or suitability assessments available to support Board appointments. 3. In a number of instances there was no evidence of Board approval of the PCF appointment, Board approval of the appointment took place after approval by the Central Bank and/or there was no evidence of discussion or challenge by Board members of the proposed appointment. 4. Instances of the Chief Executive Officer (“CEO”) screening potential Board candidates were noted in a small number of firms. This is inappropriate given the conflict of interests that arise as between the respective responsibilities of directors and the executive. 5. The quality of succession plans for the Board and executive team generally did not meet expectations. Anumber of these succession plans did not set out the skills, competencies and experience required for the various roles and/or how the proposed successor would demonstrate/acquire those. However, some firms had developed their own Board Skills Matrix, which set out the key areas of experience required. This matrix was used to identify gaps in the combined experience of the Board. Functional Responsibility for the F&P Regime 6. Management of the fitness and probity process varied significantly across the firms. Where there were clear, prescribed roles and responsibilities along with appropriate segregation of duties, the due diligence conducted in these firms was of a higher standard than those without clearly articulated and assigned responsibilities. 7. The quality of policies and procedures in relation to fitness and probity varied from firm to firm. Elements of good practice were observed in the form of ‘How To’ guides, establishment of Fitness & Probity Steering Committees, checklists, and clearly documented roles and responsibilities in relation to the fitness and probity process in the firm. However, good practice was not evident in most firms; the majority had disjointed processes that did not clearly outline the roles and responsibilities of the various functions performing fitness and probity related tasks. Analysis and Mapping of Roles 8. There were instances where no register of employees performing PCF or CF roles was maintained. In addition, the process of regular review of individuals whose role changed, resulting in their coming within the remit of the F&P Regime, was lacking. Good practices identified included a documented requirement to review the job description when a vacancy arises to determine if the role is CF or PCF in nature, and guidelines setting out the key principles and rationale for the general interpretation of the CFs across the firm. b) Conducting Due Diligence Initial Due Diligence 9. In the majority of the firms inspected, the initial due diligence undertaken was not sufficiently robust to evidence compliance with the requirements of the F&P Standards. Issues highlighted by the inspections included: a lack of evidence of academic qualifications; lack of references from previous employers; a notable absence of interview notes across the majority of firms inspected; and no evidence of a documented assessment as to the suitability of the candidate. 10. Issues were also identified in a number of instances with a lack of judgement searches, regulatory searches, directorship searches and adverse media searches, including adverse media searches regarding previous employers that could assist with identifying potential fitness and probity concerns to be examined further. 11. Firms assessed as performing better had defined processes in place for conducting initial due diligence, including documented policies and procedures; an understanding of the allocation of responsibilities among the various functions (e.g. Human Resources, Company Secretary and Compliance Function); performed due diligence searches and conducted and retained interview notes. Ongoing Due Diligence 12. Under Section 21 of the 2010 Act, firms are required to conduct due diligence on an ongoing basis to ensure that employees performing CFs continue to comply with the F&P Standards. 13. All firms had in place a requirement for each PCF and CF role holder to annually certify their compliance with the F&P Standards and their agreement to abide by the F&P Standards. An annual self-declaration by PCF and CF role holders is the minimum expected by the Central Bank. 14. However, the ongoing due diligence process in most firms is limited to the annual self-declaration. Firms should proactively conduct ongoing due diligence screening of staff to ensure there has been no change in circumstance that may affect the fitness or probity of the individual. In one firm they conducted ongoing due diligence searches on an annual basis for all PCF role holders and on a sample basis for CFs. c) Outsourcing of Roles subject to the F&P Regime 15. Where CF roles are outsourced to unregulated OSPs, the majority of firms had not, as part of their due diligence in appointing CF role holders, obtained the required documentation nor made any inquiries as to the OSP’s process for assessing fitness and probity. 16. Firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed. This gives rise to the risk that relevant individuals at OSPs may not be identified and subjected to the F&P Standards. 17. In addition to obligations under the Central Bank’s F&P Regime, the Solvency II Regulations impose requirements on insurance firms with respect to the outsourcing of critical or important functions. Under these Regulations, firms are obliged to verify that all staff of the service provider who will be involved in providing the outsourced functions or activities are sufficiently qualified and reliable. There was generally a low awareness of Solvency II obligations in this regard and these had not been included in applicable policies and procedures. d) Engagement with the Central Bank 18. Firms did not have clearly defined procedures covering the various stages of the IQ process including initiation, compilation, completion, review, approval and submission of the IQ application. In addition, there was a lack of clarity in relation to what could be regarded as a material fact for inclusion in the IQ. 19. Firms did not have robust processes in place to identify, escalate and notify an appropriate individual or function, within the firm in a timely manner, of potential concerns regarding the fitness and probity of a CF or PCF holder. Additionally, there was a distinct lack of policies or procedures to support these escalations (i.e. investigation of concerns and the taking of timely action as appropriate) or to ensure timely notification of actions taken to the Central Bank. 20. Overall, the processes related to engagement with the Central Bank on fitness and probity issues, including IQ submission process, have not been adequately developed, documented or embedded. e) Role of the Compliance Function 21. The majority of firms had compliance frameworks, policies and procedures in place. There was a good understanding of fitness and probity obligations by the Compliance Function in a number of the firms inspected. However, in some cases there was an over reliance placed on the Compliance Function, thereby creating potential key person risk. 22. Many firms are not undertaking robust compliance testing of their fitness and probity processes and procedures. The fitness and probity process should be subject to periodic independent review by the third line of defence. If you need assistance with understanding or implementing the requirements, please contact the Team at CompliReg.
Back to Blog
Here's one for the #moneylaundering typology case studies for #MLROs as part of regulatory training requirements!
Relates to the collapse of major investigation into the Kinahan cartel and more than half a billion euros- particularly €500,000,000 stash of cars, properties & cash handed back to the accused by a Spanish judge after collapse of money laundering case. Can understand that staff and MLROs at financial institutions and other obliged entities which do a lot of the initial legwork in identifying suspicious transactions may feel underwhelmed (to say the least) when a case like this collapses. We should train on all types of cases, regardless if there is a criminal outcome or not. Staff (and boards) need to appreciate that not all suspicious transactions reports will 'result' in a criminal outcome, but that doesn't excuse obliged entities and their staff from complying with the legal requirement to report suspicious transactions. A skill MLROs and trainers need to focus upon is motivating staff, themselves and the senior executive to stay the course. https://www.linkedin.com/posts/peteroakes_moneylaundering-mlros-financialcrime-activity-6719937607700135936-jZUH #antimoneylaundering #financialcrime #mlros #suspicioustransactions #lawenforcement Check out the linkedin post with link to news article.
Back to Blog
ECB confident it can create a digital euro. With ECB officials concerned that the Chinese central bank is potentially a couple of years away from launching its own digital renminbi after it conducted large-scale experiments, it has identified several scenarios that would require it to launch a digital euro. Two scenarios are:
Either way, some serious #regtech and #suptech will be required. Despite a 55-PAGE REPORT, the question is whether the ECB can stay ahead of the rapidly changing world of #digitalcurrencies and #payments. Central bankers are increasingly interested in the relatively new world of digital currencies, particularly since Facebook announced a plan to launch one called Libra that has the potential to overhaul the way money works. ECB officials believe the Chinese central bank is potentially a couple of years ‘ away from launching its own digital renminbi after it conducted large-scale experiments. In an interesting development, Bloomberg reported on 1 October 2020, that the European Central Bank has applied to trademark the term “digital euro” as officials prepare to release an assessment of the benefits and drawbacks of creating a digital version of the currency. The application was filed on 22 September by the ECB’s legal representatives Bock Legal, according to the website of the European Union Intellectual Property Office. An ECB spokesman confirmed the filing. The ECB outlined potential scenarios “that would require the issuance of a digital euro”. These include higher demand for electronic payments that creates a greater need for a “risk-free digital means of payment”, as well as the potential that a cyber attack or pandemic disrupts the existing payment system and requires a digital euro to serve as a back-up. Another scenario is a further sharp drop in cash usage that leaves some people financially excluded. Finally, it examined the potential rapid adoption of other private or public digital currencies including those issued by foreign central banks that ‘could “threaten European financial, economic and, ultimately, political sovereignty”. The ECB said a digital euro “also poses challenges, but by following appropriate strategies in the design of the digital euro the Eurosystem can address these”. My Linkedin Post here Sources: |