Empty Link Skip to Content

AML – What’s changed – What’s proposed?

AUTHORs: Joe Beashel, Louise Dobbyn co-author(s): Claire Scannell Services: Financial Institutions DATE: 31/03/2021

On 30 March 2021, the Financial Institutions Group held a webinar entitled “ AML – what’s changed – what’s proposed?”. Professional Support Lawyer, Claire Scannell hosted a panel discussion with partners Joe Beashel, Louise Dobbyn and senior associate, Ian O Mara, covering topics such as the recent Dear CEO Letter to Schedule 2 Firms, some of the key provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2021 and the recently revised European Banking Authority (“EBA”) Risk Guidelines. 

The Matheson team were then joined by Tommy Hannafin, Head of the Anti-Money Laundering Division at the Central Bank of Ireland (“Central Bank”) who delivered a very informative and comprehensive speech on recent and future AML developments at an Irish and European level. Below is an outline of the areas covered in his speech, please note that this is not a transcript of his speech and should not be viewed as such. 

Summary points from Tommy Hannafin’s speech: 

AML / CFT in the Central Bank

Mr Hannafin explained the role of the Central Bank as the competent authority and supervisor of Anti Money Laundering and Countering the Financing of Terrorism (“AML /CFT”). He stressed that since the introduction of Criminal Justice (Money Laundering and Terrorist Financing Act) 2010, the Central Bank has observed “significant improvements in firms’ compliance with their AML/CFT obligations and an increased understanding by firms as to the important role that they play in this arena”.  

However, he explained that the Central Bank continues to identify control deficiencies in AML / CFT frameworks such as in:

  • Risk assessments;
  • Governance and oversight;
  • Customer Due Diligence processes; and 
  • Suspicious Transaction Reporting.

Mr Hannafin went on to explain that the foundation stones of an effective AML / CFT framework are:

  • An appropriate culture; and 
  • A comprehensive ML / TF risk assessment.  


In respect of culture, he explained that same should go beyond mere compliance. He identified that a firm with an appropriate AML/CFT culture ensures that:

  • It's AML/CFT framework is fit for purpose on an ongoing basis, and 
  • Keeps its AML/CFT framework under review.   

Risk Assessment process:

Mr Hannafin also elaborated on the role of the Risk Assessment Framework, confirming that same is not a one off exercise as risks can change. He flagged some of the weaknesses, which the Central Bank has observed in such frameworks. Some of these observations include:

  • Risk Assessments not reviewed regularly to ensure ongoing appropriateness of the risk assessment;
  • Using a generic risk assessment that does not adequately reflect the firm’s specific risks;
  • Using group risk assessments which do not reflect the risks of the individual firm; and
  • Using outsourced arrangements for undertaking the risk assessment.  He flagged that while the Central Bank has no issue with outsourcing the risk assessment, the firm needs to meet the usual requirements.

European AML Developments:

Mr Hannafin provided a comprehensive update on the status of AML / CFT developments at a European level flagging a number of matters.

The first was the European Commission’s AML Action Plan, which is expected to be finalised in the coming months.  He explained that while it is not yet clear as to what the final plan will be “there is no doubt that whatever it contains will be ambitious and will be a significant challenge to  achieve however, it is beholden on all of us involved in the fight against money-laundering and terrorist financing to be brave and ambitious in order to deliver for society as a whole.”

Mr Hannafin went on to elaborate on two particular areas of the Action Plan in more detail:

  • A reinforced single-rulebook; and 
  • A single European supervisor 

On the single rulebook, he explained that while the current EU AML rules are far-reaching and comprehensive in nature, their effectiveness is impacted due to a fragmented approach adopted by Member States. He explained that there would be many benefits from a single rulebook (which would be directly applicable through regulation) such as a level playing field to businesses that operate across the Union. 

On the single supervisor, he confirmed that the Central Bank is supportive of the creation of an EU-level AML / CFT supervisor but believe it alone, will not necessarily improve the fight against ML / TF.  He outlined how the national AML Supervisors must continue to play a key role in the new supervisory framework.

Mr Hannafin then spoke about the consolidation of the AML / CFT mandates of all three European supervisory authorities within the European Banking Authority (“EBA”) in 2019 and highlighted the EBA’s strategy in coordinating AML / CFT policy developments across the EU through the establishment of a permanent AML/CFT Standing Committee (“AMLSC”). He advised that Derville Rowland (Director General) and Seana Cunningham (Director of AML and Enforcement) represent the Central Bank at the AMLSC.

Irish developments:

Mr Hannafin then moved his attention to Irish developments in the AML / CFT space beginning with recent transposition of the 5th Anti-Money Laundering Directive. 

He advised that the transposition will result in some changes, the most significant of which is the extension of the AML/CFT obligations to entities that are providing or intending to provide certain Virtual Asset Services. He detailed the information recently published on the Central Bank website in respect of VASPs. He explained  that “in 2021, we will focus on assessing the AML / CFT frameworks of these firms to ensure that they are minimising their ML / TF risk.  As these firms bring a very different business model to those traditionally supervised by the Central Bank, we are cognisant that they may bring different ML / TF risks and we will work closely with them to ensure that any such risks are identified and mitigated. “

He also outlined some of the other changes which the legislation introduces and confirmed that in light of these, the Central Bank will, where relevant, update and republish its Anti-Money Laundering and Countering the Financing of Terrorism Guidelines for the Financial Sector.

Specific Central Bank Change:

Of particular note, was Mr Hannafin’s update on the Central Bank’s intention to issue the Risk Evaluation Questionnaire (“REQ”) to all firms on an annual basis to facilitate more in-depth analysis of the risks in the financial services sector. He explained that the information required by the REQ is information which is readily available to firms and stressed that the Central Bank expects firms to apply quality control to the completion of the REQ.  Failure to do so will be viewed by the Central Bank “as an indicator of weaknesses in the AML/CFT frameworks of the submitting firm, as the inability to provide accurate data suggests a lack of understanding of your AML/CFT obligations, the non-existence of relevant ML / TF data to your firm or both.”. He indicated that the instruction will issue in early May.  Please click here to view the REQ template.