Summary
Virtual Asset Service Providers (VASPs) operating in Ireland now need to demonstrate that they are compliant with the provisions of the 5th Money Laundering Directive (AMLD5) which recently came into effect on Friday 23rd April 2021.  

Preceding that date CompliReg, together with Fintech Ireland, hosted a webinar for VASPs, e-money and payments firms.  Details of that event here.  Given the demand from the audience, CompliReg and Fintech Ireland are hosting another Roundtable on the topic on Thursday 6th May - ROUNDTABLE: So, you want to be a Virtual Asset Service Provider?

Background
AMLD5 aims to remove the anonymity from the process of providing virtual asset based services.  This applies to any organisation which provides exchange services between fiat and virtual currencies, as well between virtual assets or custodian wallet providers; bringing them into the scope of the EU’s anti-money laundering and counter-terrorist financing (‘AML/CFT’) framework.

The 2021 Act
The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the "Act") amends the current Irish AML/CTF legislation, which started life a decade ago through the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended).

New Definitions relating to Virtual Assets
The Act contains the following new definitions:

Designated Persons
The Act brings VASPs within the meaning of "designated person" (equivalent to an "obliged entity" under EU anti-money laundering law). The relevant obligations (Relevant Obligations) of designated persons under the Irish AML regime can be summarised as follows:

• Business Risk Assessment

Must carry out regular business risk assessments to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person's business activities.

• Carry out Customer Due Diligence

An obligation to carry out due diligence to verify its customer's identity.

• Apply Business Risk Assessment when carrying out customer due diligence

Must apply the business risk assessment when deciding what level of due diligence is necessary for any given customer.  In certain circumstances, a designated person will be required to carry out enhanced due diligence.

• Suspicious Transaction Reporting

An obligation to report to the FIU, Ireland and the Revenue Commissioners, any suspicious transaction, (or suspicious activities which may be covering up, or preparing for suspicious transactions).

• Adopt internal policies

Must adopt internal policies, controls and procedures in relation to the designated person's business to prevent and detect the commission of money laundering and terrorist financing.

Requirement to Register
The Act requires that a person shall not carry-on business as a Virtual Asset Service Provider unless the person has successfully registered with the Central Bank of Ireland (Central Bank). This is a registration for AML/CFT purposes only. A firm currently authorised by the Central Bank under a different regime which is also acting as a Virtual Asset Service Provider will still be required to register as a VASP.

Whilst there is a three-month transitional period for VASPs to conclude the registration process the Act, which commenced operation on Friday 23rd April (commencement date), other than section 8 of the Act which commenced on Saturday 24th April, applies as of the commencement date.  This means that regardless of an existing VASP having three months to register, the VASP must comply with the Act on and from the commencement date. This means that VASPs availing of the transition period must comply on and from 23rd April with the Relevant Obligations listed above.

The Act sets out the high-level details of the registration process, and the grounds under which the Central Bank may refuse to register a VASP. These grounds include:

• the Central Bank has reasonable grounds to be satisfied that the applicant’s principal officers or beneficial owners are not fit and proper persons to run a business of this nature;
• the applicant has failed to satisfy the Central Bank that its business risk assessment, policies and procedures are adequate or fit for purpose;
• the applicant has failed to satisfy the Central Bank that it has in place the resources, procedures and arrangements for the provision of the business of a virtual asset service provider and the performance of activities, taking into account the nature, scale and complexity of its business and all the obligations that the provider has to comply with as a designated person; and
• the applicant has failed to demonstrate, that it can manage and mitigate the risks of engaging in activities that involve the use of anonymity-enhancing technologies or mechanisms and other technologies that obfuscate the identity of the sender, recipient, holder or beneficial owner of a virtual asset.

Preparation
The Central Bank’s website contains useful information for those requiring registration as a VASP, including the Criminal Justice Act* (as at commencement date), Guidelines on Fitness & Probity of Principal Officers/Beneficial Owners, and links to the AML/CFT Registration Form.  The Central Bank will not accept a registration application until the applicant has been through the pre-registration and has obtained a Central Bank Institution Number.

The Central Bank has also indicated that its current graduated approach to AML/CFT supervision will apply equally to VASPs, meaning that firms which present a higher risk of money laundering and/or terrorist financing will be subject to higher intensity and intrusive supervisory measures than those presenting a lower risk.

Next Steps
As many VASPs shall become designated persons for the first time, they should review their AML/CTF frameworks, their Relevant Obligations, legislation and guidance now.  Given that the Act has now commenced in operation, applicants should submit a Pre-Registration Information Form to the Central Bank to request a Central Bank Institution Number as soon as possible.

Being within the AML/CTF framework will surely bring benefits such as greater confidence to end-users (i.e., customers – individuals and corporates) of VASPs and hopefully, more banking partners will consider opening up their services to VASPs particularly ahead of the proposed Markets in Crypto Assets Regulation 2020/0265.

Support Available
As with any new process, it can appear complex and daunting until you have been through it a few times.  Thankfully help is at hand through CompliReg.  If you would like to setup an initial discussion to discuss your requirements, please check out our page and complete the enquiry form at  https://complireg.com/vasp.html. Stephen Fletcher or Peter Oakes will get back to you ASAP.  Our details at https://complireg.com/team.html.
 
This document (and any information accessed through links in this document) is for guidance purposes only and does not constitute legal advice.  CompliReg does not provide legal services.  Where legal services are required, CompliReg works with a select number of law firms.  If you are a law firm and wish to be considered for our panel, please contact [email protected].

UPDATE: The law commenced operation on Friday 23rd April 2021. See Stephen Fletcher's blog of Saturday 1 May 2021 for further details

Below is my linkedin post of 16 April 2021.

​I have been asked to put a copy of the consolidation online.  We spent a lot of time preparing the consolidation and are happy to share the below slideshow.  If you would like a copy of the document in pdf which you can copy, paste and search within, please email [email protected] and we will inform of the costs and email. 

"Some comments on the updated Irish #moneylaundering and #terroristfinancing legislation.

Linkedin Post:

What: Ireland signed into law the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the “2021 Act”). The 2021 Act (No. 3 of 2021) makes a number of changes to the 2010 Act (No. 6 of 2010)

When: 18 March 2021. Legislation passed by Oireachtas & signed into Law by the President of Ireland

Action: It’s time to update your #Compliance & #FinancialCrime Risk Frameworks, Risk Assessments, Policies, Manuals & Procedures. So what areas of the the 2010 Act impacted by the changes in March do you need to know and consider taking into account to update your compliance documents? See the comments section below where I've listed the areas from the 2010 Act impacted by the 2021 Act.

How: Contact the team at CompliReg. We are undertaking several reviews of policies, procedures and manuals in light of the recent changes made to Irish AML/CTF law. We have tracked the changes in our consolidation of the 2010 Act up until and including Act No 3 of 2021. Contact the team at [email protected] with your business contact details for a discussion of a review.

We'll be sending a copy of our up-to-date consolidated version of the 2010 Act to our clients this week."  Post at https://www.linkedin.com/feed/update/urn:li:activity:6788600737791303680/