​I am glad to see that my data and that of the FIU matches for the years 2000, 2001, 2003 & 2004. For 2002 I have 4,390 v FIU figure of 4,397 and in for 2005 I have 10,735 v FIU figure of 9,698 (hardly material). Still I find this strange as my figures were sourced from Garda & FATF reports at the time.   When I published the 2020 figure of 28,865, that was based on the above Irish Times article which was published at least 10 days before the FIU publication which reported 29,631 (2.5% difference - or a rounding error!).

Summary
Virtual Asset Service Providers (VASPs) operating in Ireland now need to demonstrate that they are compliant with the provisions of the 5th Money Laundering Directive (AMLD5) which recently came into effect on Friday 23rd April 2021.  

Preceding that date CompliReg, together with Fintech Ireland, hosted a webinar for VASPs, e-money and payments firms.  Details of that event here.  Given the demand from the audience, CompliReg and Fintech Ireland are hosting another Roundtable on the topic on Thursday 6th May - ROUNDTABLE: So, you want to be a Virtual Asset Service Provider?

Background
AMLD5 aims to remove the anonymity from the process of providing virtual asset based services.  This applies to any organisation which provides exchange services between fiat and virtual currencies, as well between virtual assets or custodian wallet providers; bringing them into the scope of the EU’s anti-money laundering and counter-terrorist financing (‘AML/CFT’) framework.

The 2021 Act
The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the "Act") amends the current Irish AML/CTF legislation, which started life a decade ago through the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended).

New Definitions relating to Virtual Assets
The Act contains the following new definitions:

Designated Persons
The Act brings VASPs within the meaning of "designated person" (equivalent to an "obliged entity" under EU anti-money laundering law). The relevant obligations (Relevant Obligations) of designated persons under the Irish AML regime can be summarised as follows:

• Business Risk Assessment

Must carry out regular business risk assessments to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person's business activities.

• Carry out Customer Due Diligence

An obligation to carry out due diligence to verify its customer's identity.

• Apply Business Risk Assessment when carrying out customer due diligence

Must apply the business risk assessment when deciding what level of due diligence is necessary for any given customer.  In certain circumstances, a designated person will be required to carry out enhanced due diligence.

• Suspicious Transaction Reporting

An obligation to report to the FIU, Ireland and the Revenue Commissioners, any suspicious transaction, (or suspicious activities which may be covering up, or preparing for suspicious transactions).

• Adopt internal policies

Must adopt internal policies, controls and procedures in relation to the designated person's business to prevent and detect the commission of money laundering and terrorist financing.

Requirement to Register
The Act requires that a person shall not carry-on business as a Virtual Asset Service Provider unless the person has successfully registered with the Central Bank of Ireland (Central Bank). This is a registration for AML/CFT purposes only. A firm currently authorised by the Central Bank under a different regime which is also acting as a Virtual Asset Service Provider will still be required to register as a VASP.

Whilst there is a three-month transitional period for VASPs to conclude the registration process the Act, which commenced operation on Friday 23rd April (commencement date), other than section 8 of the Act which commenced on Saturday 24th April, applies as of the commencement date.  This means that regardless of an existing VASP having three months to register, the VASP must comply with the Act on and from the commencement date. This means that VASPs availing of the transition period must comply on and from 23rd April with the Relevant Obligations listed above.

The Act sets out the high-level details of the registration process, and the grounds under which the Central Bank may refuse to register a VASP. These grounds include:

• the Central Bank has reasonable grounds to be satisfied that the applicant’s principal officers or beneficial owners are not fit and proper persons to run a business of this nature;
• the applicant has failed to satisfy the Central Bank that its business risk assessment, policies and procedures are adequate or fit for purpose;
• the applicant has failed to satisfy the Central Bank that it has in place the resources, procedures and arrangements for the provision of the business of a virtual asset service provider and the performance of activities, taking into account the nature, scale and complexity of its business and all the obligations that the provider has to comply with as a designated person; and
• the applicant has failed to demonstrate, that it can manage and mitigate the risks of engaging in activities that involve the use of anonymity-enhancing technologies or mechanisms and other technologies that obfuscate the identity of the sender, recipient, holder or beneficial owner of a virtual asset.

Preparation
The Central Bank’s website contains useful information for those requiring registration as a VASP, including the Criminal Justice Act* (as at commencement date), Guidelines on Fitness & Probity of Principal Officers/Beneficial Owners, and links to the AML/CFT Registration Form.  The Central Bank will not accept a registration application until the applicant has been through the pre-registration and has obtained a Central Bank Institution Number.

The Central Bank has also indicated that its current graduated approach to AML/CFT supervision will apply equally to VASPs, meaning that firms which present a higher risk of money laundering and/or terrorist financing will be subject to higher intensity and intrusive supervisory measures than those presenting a lower risk.

Next Steps
As many VASPs shall become designated persons for the first time, they should review their AML/CTF frameworks, their Relevant Obligations, legislation and guidance now.  Given that the Act has now commenced in operation, applicants should submit a Pre-Registration Information Form to the Central Bank to request a Central Bank Institution Number as soon as possible.

Being within the AML/CTF framework will surely bring benefits such as greater confidence to end-users (i.e., customers – individuals and corporates) of VASPs and hopefully, more banking partners will consider opening up their services to VASPs particularly ahead of the proposed Markets in Crypto Assets Regulation 2020/0265.

Support Available
As with any new process, it can appear complex and daunting until you have been through it a few times.  Thankfully help is at hand through CompliReg.  If you would like to setup an initial discussion to discuss your requirements, please check out our page and complete the enquiry form at  https://complireg.com/vasp.html. Stephen Fletcher or Peter Oakes will get back to you ASAP.  Our details at https://complireg.com/team.html.
 
This document (and any information accessed through links in this document) is for guidance purposes only and does not constitute legal advice.  CompliReg does not provide legal services.  Where legal services are required, CompliReg works with a select number of law firms.  If you are a law firm and wish to be considered for our panel, please contact [email protected].

Not long after the European Union’s top court ordered Ireland on 16 July 2020 to pay a lump sum of €2 million to the European Commission for Ireland's failure to implement regulations aimed to prevent money laundering and terrorist financing, a new law aimed at strengthening existing Irish anti-money laundering legislation and giving effect to provisions of the 5th EU Money Laundering Directive has been approved by the Cabinet of the Irish Government.

On Monday 10th August 2020, the Cabinet has approved the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020.  This follows the signing into law by the President of Ireland on 5th May 2020 of the earlier Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Act 6 of 2010) [previously known as the Criminal Justice (Money Laundering and Terrorist Financing) Bill 2009 (Bill 55 of 2009)].

If you need advice on the new Bill or your existing regulatory compliance obligations, get i touch with Peter Oakes here at at CompliReg.  

Useful Links: 

• 10th August 2020, Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020 [will insert link once copy of new Bill located]
• 10th August 2020, Announcement of 2020 Bill receiving Cabinet Approval
• 16th July 2020, EU court fines Ireland €2m over delay in anti-money laundering rules
• 5th May 2020, Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Act 6 of 2010)
• 5th May 2020, History of Act 6 of 2020
• 13th August 2020, LinkedIN post 
• Central Bank of Ireland AML/CFT Regulation Page

The Minister for Justice and Equality, Helen McEntee T.D., has received Cabinet approval for the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020. The Bill transposes the criminal justice elements of the 5th EU Money Laundering Directive and strengthens existing legislation.

Upon announcing the new Bill, the Minister McEntee said, "I look forward to bringing this legislation before my colleagues in both Houses, and anticipate that this Bill will receive broad, cross-party support."

What does the Bill contain?

The Bill includes provisions to:

• improve the safeguards for financial transactions to and from high-risk third countries and sets new limits on the use of anonymous pre-paid cards;
• bring a number of new ‘designated bodies’ under the existing legislation, this includes virtual currency providers and associated online ‘wallet providers’ for virtual currencies as well as dealers and intermediaries in the art trade;
• prevents credit and financial institutions from creating anonymous safe-deposit boxes;
• enhance the customer due diligence (CDD) requirements of the existing legislation;
• provide for Ministerial guidance which will clarify domestic “prominent public functions.

 
The Minister also noted that: "This Bill is an important piece of legislation for tackling money-laundering. The reality is that money laundering is a crime that helps serious criminals and terrorists to function, destroying lives in the process. Criminals seek to exploit the EU’s open borders, and EU-wide measures are vital for that reason.

This new legislation also includes a number of technical amendments to other provisions of Acts already in force."

While the Bill transposes certain elements of the 5th Anti-Money Laundering Directive, the Department of Finance is also engaged in giving effect to certain provisions of the Directive, including those relating to:

• facilitating increasing transparency on who really owns corporate entities, financial vehicles and trusts by establishing beneficial ownership registers;
• ensure the creation of, and access to, centralised national bank and payment account registers or central data retrieval

The Minister for Finance (Paschal Donohue, T.D.) has also secured Government Approval to bring forward amendments in respect of the regulation of Virtual Asset Service Providers (VASPs). The amendments will ensure that the necessary registration and fitness and probity regime, required by 5AMLD for virtual asset service providers, become statutory requirements. Amendments will also address Ireland’s international obligations, relating to a robust regulatory framework for new technologies, new products and new practices, as identified by the Financial Action Task Force (FATF).

If you use all or any part of this blog, please ensure you cite and credit CompliReg and Peter Oakes in your re-use of this blog.


Another electronic money institution (EMI) fined and sanctioned in Lithuania for anti-money laundering regulatory requirements and in this case also for an equity capital requirement failure. 
 
While the case is worth noting for both aspects, it is particularly so because across Europe, following the collapse of Wirecard, there will be continuing heightened awareness of both safeguarding and capitalisation of regulated EMIs and payment institutions (PIs). The case also makes known that the BoL is conducting targeted inspections of EMIs across a range of themes.
 
In our previous blog, 2 June 2020, on the Lithuanian Central Bank (Bank of Lithuania / BoL) giving banks guidelines on opening accounts for electronic money institutions (EMIs) and payment institutions (PIs) Peter Oakes noted recent examples of fines against EMIs/PIs including failures to comply with requirements for: (i) anti-money laundering; (ii) safeguarding of customer funds; and (iii) segregation of customer funds and; execution of payment transactions. 
 
The Bank of Lithuania, which supervises 71 EMIs - which is the largest number of EMIs supervised by an EU financial regulator national competent authority* - has announced that it has taken regulatory action against Via Payments UAB for both:
 
(1) violations of the requirements for prevention of money laundering and terrorist financing (sanctioned with a fine of €120,000 and publicity); and
(2) failure to meet the equity capital requirement (sanctioned with publicity only).
 
Via Payments UAB holds an electronic money institution licence, issued on 10 October 2017.

As you will see from the graphic below, in addition to BoL supervising 71 EMIs we also learn that Q1 2020 income from EMI and payment services amounted to €17.3 million.

Keep reading below for the background to the facts of the Via Payments UAB enforcement action. 

(1) Background to the money laundering law violations:

The regulatory actions were taken on foot of a "targeted inspection of the electronic money institution Via Payments UAB". During the course of the inspection, the Supervision Service of the BoL identified breaches of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing. In addition to a fine of €120,000, the BoL obligated Via Payments to remedy the deficiencies.

BoL says that Via Payments has confirmed that all deficiencies have been remediated.
 
With respect to the money laundering violations, the inspection revealed that:

• customer risk assessment procedures applied by the institution did not allow for the ensuring of proper allocation of customers into risk groups.
• customer’s beneficiary’s information was not, in all cases, checked against reliable and independent sources.
• information about the purpose and nature of the customer’s business relationship was not received.
• there were shortcomings in procedures to determine whether the customer was a politically exposed person.
• Via Payments did not take the appropriate measures to identify the source of the funds of high-risk customers.
• there were deficiencies found in the mandatory ongoing monitoring of business relationships and transactions.

 
BoL imposed a fine of €120,000 on Via Payments UAB.  As part of its mitigation Via Payments informed the BoL’s Supervision Service that it had already taken measures to strengthen its AML compliance by increasing the number of specialists and improving technological solutions.
 
 (2) background to the equity capital requirement failure
​
This regulatory failure came to the attention of the BoL through a separate analysis of the activities of EMIs.  Here the Supervision Service of the BoL recorded that Via Payments violated legal acts because as at 31 March 2020 the company “failed to meet the equity capital requirement”.  The BoL appears to have place a lot of reliance on the institution having “eliminated the indicated shortcomings without further delay, no interests of their clients have been violated” and therefore BoL “decided to impose a mild enforcement measure by making these infringements public”.
 
 
* Note that notwithstanding that the UK is in a post-Brexit transition period, it left the European Union on 31 January 2020.  Accordingly, Lithuania although it may have fewer EMIs than the UK, it records the largest number of EMIs in the European Union.
 
Sources:

• https://www.lb.lt/en/news/view_item/id.11484
• https://complireg.com/blogs--insights/lithuanian-central-bank-gives-banks-guidelines-on-opening-accounts-for-electronic-money-and-payment-institutions-some-examples-of-fines-against-emoneypayments-firms

 
This blog written by Peter Oakes.  Peter  advises on Lithuanian EMI/PI issues and advised on the authorisation of one Lithuania's first special bank authorisations.  If you require a licence to operate in Lithuania, Ireland, Cyprus, Malta or the UK, see our Authorisation Page.  We have a great network of experts in each country too, from lawyers, to accountants to technical experts. And get in contact if you have a question about this blog.