Ireland: AML Update: New Irish Act Comes Into Force

Last Updated: 30 November 2018
Article by Orla O'Connor, Robert Cain and Maedhbh Clancy

The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 has been signed, transposing most of the Fourth Money Laundering Directive (MLD4) into Irish law. MLD4, and the Irish Act, represent a continuing shift towards a more risk-based approach to targeting money laundering (ML) and terrorist financing (TF).

This Briefing highlights the key changes introduced by the new Act for regulated financial service providers (RFSPs) and other designated persons operating in the financial services sector.

The Act was signed into law on 14 November 2018, and all but one provision was commenced with effect from 26 November 2018. It transposes the remainder of MLD4 into Irish law by amending the existing Irish Act (the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010).

The key changes are in the areas of risk assessments, due diligence, policies and procedures, and enforcement.

Announcing the commencement of the Act on 23 November, the Minister for Justice and Equality commented that the new Act " really important. Money laundering is a crime that helps serious criminals and terrorists to function, destroying lives in the process. Criminals seek to exploit the EU's open borders and this EU-wide measure is really important for that reason. I and my Government colleagues are committed to systematically tackling corruption and organised crime."


While MLD4 does not create new categories of "designated persons", crucially the Act includes a requirement that certain financial institutions who:

  • act in the State, in the course of business carried on by them in the State; but
  • are not already authorised by, licensed to carry on activities by, or registered with, the Central Bank under other legislation,

register with the Central Bank. The new Act provides that the name, address, and details of activities carried on should be provided to the Central Bank in accordance with a procedure to be specified by it. The Central Bank published its procedure and guidance on 27 November 2018 (see here) and we are publishing a separate briefing on that specific development.


Designated Persons must conduct Business Risk Assessments

A designated person is now under a statutory obligation to carry out a Business Risk Assessment to establish the ML/TF risk involved in its business.

Various factors must be taken into account, such as its customer base, the products and services that it offers, the countries/regions in which it operates, transaction types, delivery channels, and any additional risk factors prescribed by the Minister for Justice from time to time. It must also take account of any guidance issued by the relevant competent authority, the National Risk Assessment (see our briefing on the National Risk Assessment here) and (where it is a bank or a financial institution) any guidelines issued by the European Supervisory Authorities (ESAs).

The Business Risk Assessment must be approved by senior management, must generally be documented, and must be kept up-to-date. A record of the Assessment must be made available on request to the relevant competent authority.


Business Risk Assessments and Customer Due Diligence (CDD)

When carrying out CDD, a designated person must assess the ML/TF risk posed by the customer/transaction by reference to various matters, including its Business Risk Assessment.

It must also take account of competent authority guidance, the National Risk Assessment, and any guidelines issued by the ESAs.

The purpose of the account/relationship must also be considered, together with the volume of assets to be deposited by the customer or the size of the intended transaction, and the frequency of transactions or duration of the business relationship.

The Act sets out, at Schedule 3, a non-exhaustive list of factors that might indicate a lower risk of ML/TF. Schedule 4 contains a non-exhaustive list of factors that might indicate a higher risk. These must also be taken into account.

The designated person is only required to document the above customer assessment where required to do so by its competent authority, however, it would be prudent for an institution to document that assessment even if not strictly required to do so.

Timing of CDD

The Act has introduced an additional timing requirement for CDD – CDD must now be carried out at any time that it is warranted by the risk of ML/TF, including where the customer's circumstances have changed.


If the customer is acting through an agent, the designated person must now verify that the agent is authorised to so act, and apply CDD measures to that agent.

Simplified CDD

Designated persons will be allowed to carry out simplified CDD where the customer or business area presents a lower degree of risk (the threshold is whether a "reasonable person" would make that assessment). As mentioned earlier in this briefing, Schedule 3 to the Act contains a non-exhaustive list of factors that might indicate a lower risk of ML/TF. Any decision must be recorded, and there must be ongoing monitoring of the transactions and the relationship. The concept of "monitoring" is more prescriptive in the Act, covering scrutinising transactions to see if they align with the designated person's knowledge of the customer, and ensuring that documents, data and customer information is kept up-to-date.

Enhanced CDD

The obligation to carry out enhanced CDD now applies to politically-exposed persons (PEPs) resident in Ireland, as well as to PEPs outside of Ireland. Specific steps must also be taken where the PEP is a beneficiary of a life assurance policy. In making an assessment, the threshold will be that of a "reasonable person".

A designated person will have to carry out enhanced CDD when dealing with a customer residing or established in a high-risk third country, or where a relationship or transaction presents a higher degree of risk, unless the customer is part of a designated person's group, where the designated person is established in an EU Member State and the customer complies with group-wide policies and procedures adopted in accordance with MLD4.

Complex Transactions

A designated person will now be required to look into "complex or unusually large" transactions, or "unusual patterns of transactions" in greater detail, and increase monitoring if they appear suspicious. As mentioned above, the concept of "monitoring" is more prescriptive in the Act, covering scrutinising transactions to see if they align with the designated person's knowledge of the customer, and ensuring that documents, data and customer information is kept up-to-date.

Life Assurance Policies

Additional requirements have been imposed regarding the identification of the beneficiaries of life assurance policies and other investment-related assurance policies.

Account Opening

To date, banks have been allowed to open accounts for customers before verifying their identity provided that no transactions are carried out on those accounts until verification has taken place. From now on, this right is extended to financial institutions, and to accounts that permit transactions in transferable securities.

Third Party Reliance

The circumstances in which a designated person can rely on a third party to carry out CDD have been expanded to provide that (if certain conditions are met) a designated person can also rely on a third party established in a third country if it is a branch or majority-owned subsidiary of a designated person established in the EU.

Electronic Money

A designated person will not be required to carry out various CDD measures in respect of electronic money payment instruments if certain conditions are met.


Matters to be included

The Act broadens the list of matters which must be included in a designated person's ML/TF policies, controls and procedures, including measures to be taken to prevent emerging risks, and ongoing updates to Business Risk Assessments. Those policies, controls and procedures must be approved by senior management and must be kept under review. Any guidelines issued by the relevant competent authority must be taken into account. The relevant competent authority may require that a designated person appoint a compliance officer, designate a member of senior management as having overall responsibility for implementing and managing AML measures, and require that an independent external audit be carried out of a designated person's ML/TF policies, controls and procedures.


Groups of companies are now required to have group-wide policies and procedures for preventing and detecting ML/TF which must be implemented by any designated person within the group.

If an Irish company is a designated person and operates a branch, majority-owned subsidiary or establishment outside the State, it must ensure that branch/subsidiary/establishment adopts and applies the group-wide policies and procedures. If that branch/subsidiary/establishment is in another EU Member State, the designated person must ensure that branch/subsidiary/establishment complies with the local laws that transpose MLD4. If the branch/subsidiary/establishment is in a third country with less strict laws that do not enable compliance with the group-wide policies and procedures, it must apply additional measures to effectively manage ML/TF risk, apply Irish ML/TF measures, and notify the competent authority. Suspicious transaction reports must be shared with the group, subject to the restrictions around tipping-off.


Correspondent Relationships

The conditional ban on banks entering into correspondent banking relationships with banks outside the EU has been extended to financial institutions.

Shell Banks

The prohibition on a bank entering into a correspondent relationship with a shell bank has been extended so that it now applies to all financial institutions.


Financial Intelligence Units (FIUs)

The new Act also deals with the role of Ireland’s FIU (which is part of An Garda Síochána), in particular its powers to receive and analyse information, access the central registers of beneficial ownership of corporates and trusts, request information from competent authorities, the Revenue Commissioners, and the Minister for Employment Affairs and Social Protection, and share information with other FIUs across the EU.


Designated persons will be required to report transactions connected with high-risk third countries to the FIU and to the Revenue Commissioners.

Tipping Off

One of the defences (disclosures within an undertaking or group) to the offence of "tipping off" has been broadened to include branches and majority-owned subsidiaries of banks and financial institutions, provided that the institutions in question were complying with group policies and procedures.


An Garda Síochána will be allowed require a designated person to keep CDD records beyond the current 5-year period if they are required for the investigation or prosecution of ML/TF. Thereafter, the designated person must delete those records.

Responding to Queries

Until now, banks and financial institutions were required to have systems in place that enabled them to respond quickly to queries from An Garda Síochána regarding business relationships within the previous 6 years. That requirement has now been extended to all designated persons, but the time period has been reduced to 5 years.

Monetary Penalties

The increased penalties that can be imposed by the Central Bank in respect of AML breaches by RFSPs are as follows:

Breach by designated person (individual): Greater of:
" €1 million
" 2 x amount of benefit derived from breach
Breach by designated person (body corporate or unincorporated body): Greatest of:
" €10 million
" 2 x amount of benefit derived from breach
" 10% of turnover for last complete financial year
Breach by person involved in management of bank or financial institution: Greater of:
" €5 million
" 2 x amount of benefit derived from breach
Breach by person involved in management of RSFP other than bank or financial institution: Greater of:
" €1 million
" 2 x amount of benefit derived from breach

Taking All Reasonable Steps

It will now be a defence to offences under Part 4 (Provisions relating to finance services industry, professional services providers and others) of the 2010 Act as amended by the new Act to show that the person charged with the offence took all reasonable steps to avoid committing the offence.


The provisions of MLD4 dealing with the beneficial ownership of corporates were transposed into Irish law in November 2016. Irish corporates were required to put in place registers of their beneficial ownership from that date. Further Irish regulations dealing with the central register of beneficial ownership (which will be operated by the Companies Registration Office) are expected by the end of 2018. The Fifth Money Laundering Directive (MLD5) amends the requirements regarding the timing for the central register, and access to that register. For further information on the MLD4 and MLD5 rules regarding the beneficial ownership of corporates, please read our briefings:

AML Update: New rules on information about the beneficial ownership of corporates by individuals (November 2016)

AML Update: MLD5 has been agreed (May 2018)

AML Update: MLD5 published in Official Journal; new time-frames confirmed

The provisions of MLD4 and MLD5 dealing with the beneficial ownership of trusts are also being managed separately by the Department of Finance.


Competent authorities are expected to begin to publish guidance for relevant designated persons. We expect the Central Bank to publish its guidance shortly.

In the meantime, designated persons should immediately progress the following:

  • Conducting and documenting a Business Risk Assessment
  • Refreshing internal polices, controls and procedures to reflect the new requirements
  • Updating internal AML training manuals and materials
  • Carrying out Customer Risk Assessments when new products or services are being provided (to new or existing customers)

This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions