The Central Bank of Ireland (the "CBI") recently issued an anti-money laundering ("AML") advisory note (the "Bulletin")1 highlighting how Irish regulated firms can improve their monitoring of customer transactions to detect potentially suspicious activity.
Transaction monitoring essentially involves the monitoring of customer transactions in order to identify suspicious transactions. The level of monitoring should increase on a risk-based sliding scale, depending on factors including the scale and complexity of the transaction.
It is a key tool in detecting and preventing money laundering. Having effective transaction monitoring measures is critical for firms in complying with their obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (the "CJA").
Cross-Sectoral Thematic Review and Findings
As part of its supervisory engagement programme for 2020, the Anti-Money Laundering Division of the CBI conducted a number of supervisory engagements with various financial and credit institutions.
The Bulletin sets out the findings from this review that will challenge firms to enhance their operational framework, reporting and oversight functions in the area of transaction monitoring.
Importantly, the CBI notes that "in order for Transaction Monitoring controls to be effective, they must detect what suspicious activity looks like in the context of the designated person’s business activities and also in the context of the designated person’s specific customer profile(s)."
Accordingly, the transaction monitoring process must be developed and specifically tailored for the firm's business.
The Bulletin is critical of generic processes and solutions (for example, automated third party solutions not built in a way that specifically considers the firm's specific risks).
In order to construct a robust anti-money laundering control framework, specific consideration must be given to how the transaction monitoring process is adapted for the firm and the types of customer it has and the types of activity these customers will engage in. Particular regard for the firm's documented business risk assessment and customer risk assessment should be considered.
The CBI also notes that there should be connectivity between the transaction monitoring process and the processes in the area of: (i) customer due diligence; and (ii) suspicious transaction reporting. Without robust transaction monitoring processes and controls, firms will be unable to identify and report suspicious transactions.
On the governance side, the CBI expects a firm's board of directors and senior management to take appropriate action when operational weakness in the AML control framework are identified by compliance and/or internal audit functions.
The Bulletin highlights the CBI's increased focus on compliance with requirements in the area of AML, countering the financing of terrorism ("CFT") and financial sanctions ("FS").
Core Requirements Summary
The CJA requires firms to "monitor any business relationships that it has with a customer to the extent reasonably warrant by the risk of money laundering and terrorist financing" and scrutinise "the purpose of all complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or lawful purpose".
In order to do this, the CBI expects firms to develop and maintain a transaction monitoring programme that:
- is prepared using a risk-based approach, which is driven by the firm's business wide risk assessment and gives consideration to the risks presented by different customer/product types;
- includes controls and parameters which are supported by detailed quantitative data and qualitative analysis;
- ensures controls and parameters are reviewed periodically;
- incorporates detailed operational procedures for staff members;
- reflects the output of the business wide risk assessment;
- is subject to periodic assurance testing; and
- forms part of the firm's overall AML policy and procedures framework.
How can the Maples Group help?
We are assisting clients in considering measures that regulated firms should take to ensure compliance with the CJA and the CBI's expectations as outlined in the Bulletin.
In most cases, this will include:
- a review of the existing written AML/CFT/FS policies and the documented business risk assessment; and
- a review of internal controls and the AML/CFT/FS procedures framework (particularly in the area of transaction monitoring) and advising on process enhancements.
Annual AML training for staff, senior management and directors in 2020 should include a briefing on the findings as outlined in the Bulletin.
If you would like further information, please liaise with the below or your usual Maples Group contact.