Industry representatives and the Central Bank are working towards finalising AML Guidance Notes in respect of implementing the provisions of the Criminal Justice (Money Laundering and Terrorist Financing Act 2010) by the end of October 2010. With this date fast approaching, we have set out a reminder of the main provisions of the Act and the implications for investment funds. 

The Act was signed into law on 15 July 2010 and amends and strengthens the current anti-money laundering (“AML”) and counter terrorism regime and transposes the Third EU Anti-Money Laundering Directive (2005/60/EC) (the “Directive”) and the associated implementing Directive (2006/70/EC) into national law. The Act also incorporates the recommendations of the Financial Action Task Force.  The Act repeals and re-enacts the AML provisions contained in the Criminal Justice Act 1994 (the “1994 Act”). 

The provisions of the Act apply to “designated bodies”, which include investment funds, that market or otherwise offer their shares or units for sale.  The industry, working with the Central Bank, has been engaged in the preparation of revised Guidance. Part I of the Guidance contains generic guidance cross cutting all financial services sectors, while Part II of the draft Guidance sets out funds industry specific guidelines. 

Risk-Based Approach

Section 33 of the Act introduces a new risk-based approach to the client identification rules, which rules underpinned AML compliance under the 1994 Act and represents a move away from the current ‘one size fits all’ approach. It is hoped that the risk-based model will permit more targeted allocation of resources to fighting money laundering and terrorist financing.

The essence of the risk-based approach is that additional information over and above identification information should be obtained and used by a designated body to help it assess the risk of money laundering at the outset of a business relationship. The Act also provides that continuous assessment of the risk be conducted during the course of the relationship. Ongoing monitoring is a key part of the approach and is referred to in the Act as ‘customer due diligence’ (“CDD”). CDD envisages going beyond initial identification and verification of identity. It requires designated bodies to obtain information relating to the purpose and intended nature of the business relationship and to conduct ongoing monitoring of this relationship for suspicions of money laundering and terrorist financing.

Under the old regime there was no requirement to identify and verify beneficial owners.  The Act changes this, and now requires in certain circumstances, that beneficial owners be identified and verified. Section 30(3) of the Act defines a beneficial owner as any individual who ultimately owns or controls a customer or on whose behalf a transaction is conducted. In relation to a body corporate or trust, a beneficial owner is any individual having ultimate entitlement to or control over more than 25% of the entity or where they otherwise exercise control over the management of the entity. For example, an investment fund’s administrator may have to apply a look through approach to investors who invest in an investment fund through a trust structure.

This risk-based approach and CDD underpin the concepts of simplified due diligence (“SDD”) and enhanced due diligence (“EDD”) outlined in the Act.

Simplified Due Diligence

SDD applies to customers/investors who are thought of as being “blue-chip” or regulated businesses such as credit and financial institutions and listed companies in the EU, EEA, and equivalent third countries (with equivalent regulatory and disclosure requirements); public bodies; pensions; small life insurance businesses and certain types of electronic money. Where an investor falls under the SDD category it is deemed to be a low risk for the purposes of money laundering and the normal customer identification requirements will not apply. However, sufficient information about the customer should be obtained to ensure they meet the SDD criteria.

Enhanced Due Diligence

EDD applies more onerous due diligence procedures for customers who present a higher risk of money laundering or terrorist financing. Non-face-to-face business may fall into this category as well as transactions with Politically Exposed Persons (PEPs) residing in another Member State or third country. PEPs are persons holding prominent public positions such as government ministers or judges of the superior courts. Close family members and associates of such persons may also be subject to EDD. These two instances are prescribed in Sections 37 and 38 of the Act. Where the investment fund identifies other high risk situations, then EDD must also be applied.

The Guidance outlines examples of the additional measures that an investment fund may take to comply with EDD and mitigate risk. These include carrying out communication with the customer at a verified address and requiring the customer to follow verification procedures for any internet sign on using security codes. There are many more examples.

Reporting Obligations

Designated bodies and their directors and personnel, who know, suspect or have reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted must report that suspicion to the Garda Síochána (Police) and the Revenue Commissioners. Reportable instances should become apparent under the risk based CDD procedures implemented by the investment fund and/or its administrator. For example, where an investor has failed to satisfy the CDD (including EDD) and is considered a higher than normal risk then the relevant person (e.g. Money Laundering Reporting Officer “MLRO”) should consider making a report on behalf of the designated body. It is an offence for the designated body to inform or warn the investor that a report has been or is about to be made to the authorities or to make any disclosure that may prejudice an investigation into money laundering or terrorist financing. This offence is known as ‘tipping off’.

Apart from these external reporting requirements, an investment fund must also have in place its own internal reporting and escalation procedures.

Sections 6 and 7 of the Act provide for a broad range of criminal offences to be reported along with attempts to commit such offences.

Directors’ Responsibilities

The board of an investment fund has ultimate responsibility for the implementation of adequate and proportionate ‘policies and procedures’ for the investment fund’s business, to prevent and detect the commission of money laundering and terrorist financing. In terms of implementing the risk-based approach, certain strategic decisions will need to be taken and it is recommended that designated bodies, including investment funds, document these policies and procedures and how and why particular decisions are made.

Section 54 of the Act requires each firm to adopt policies and procedures to prevent money laundering and terrorist financing including the following:

• assessment and management of risks of money laundering or terrorist financing;
• the internal controls, including internal reporting procedures for suspicious transactions;
• procedures to identify large/complex transactions and unusual patterns and any other activity that is likely to be related to money laundering or terrorist financing;
• measures to be taken to prevent transactions that favour or facilitate anonymity;
• monitoring, communication and management of compliance with the policy and procedures; and
• ongoing training for all personnel.

The policies and procedures should be reviewed on an annual basis.

Section 54(6) of the Act requires the board to ensure that all relevant personnel are aware of the law regarding anti-money laundering and combating terrorist financing. This includes providing ongoing training programmes to help personnel follow the internal CDD procedures and other policies adopted by investment funds.

Investment funds generally rely on third party delegates to fulfil this function (see below) and in order to comply with the provisions of the Act, the Board should have a full engagement with the administrator and MLRO.  The policy adopted should be clearly set out and documented. Ultimately, the Board is accountable if the risk based policy adopted is inadequate.

Directors found to have committed an offence under the Act may be disqualified from acting in a directorship capacity by the Office of the Director of Corporate Enforcement, under the Companies Acts.

Reliance on Third Parties (including Distributors)

The Act proposes to introduce a clear statutory basis for a designated body wishing to rely on third parties to carry out CDD on its behalf. The Act makes a distinction between reliance on other designated parties to carry out CDD and a complete outsourcing arrangement.  investment fund’s relationship with its administrator or investment manager (as applicable) in this regard would fall under the latter category. S.40(7) of the Act permits such outsourcing arrangements provided that the designated person (i.e. the investment fund) shall remain liable for any failure to apply AML measures. It is therefore necessary for the investment fund and its board to fully engage with the administrator and/or investment manager to ensure they have implemented CDD and training procedures in compliance with Act.

Where distributors are appointed and are relied upon by an investment fund to carry out AML due diligence, the investment fund should receive from such party written confirmation:

(i)that the third party is aware that the investment fund is relying on it to carry out AML due diligence on its behalf;

(ii)the investors for whom confirmation is being given;

(iii)that it will retain all relevant records for a period of at least five years after a business relationship with the investment fund has ended;

(iv)that it will make copies of its records available to the investment funds or its delegate on reasonable request;

(v)of the AML regulations to which it adheres to.

This confirmation letter is similar to the current ‘letter of adherence’ that is commonly requested of distributors to confirm compliance with its AML obligations.

MLRO

The Act itself does not require a firm to appoint an MLRO however, most credit and financial institutions (including investment funds) supervised by the Central Bank are obliged to appoint a sufficiently senior person as MLRO. It would be in the Directors’ interests to specify and document the role and obligations of the MLRO as part of the designated body’s overall AML policy. This should specify the content of any reports to the Board and the frequency of reporting.

The Guidance provides that responsibility for receiving, assessing and passing to the relevant authorities of reports of suspicions of possible money laundering must be assigned to one person, the MLRO.  This remains the case.  The MLRO’s role is essentially one of assessment and reporting.  He/she does not have to be the head of the AML chain but must be at a senior level and have a comprehensive understanding of the AML regime and the investment fund’s AML policies.

There can be a degree of confusion as to the role of an MLRO, particularly in relation to investment funds.  Some appear to be of the view that the MLRO’s role is to ensure that the investment fund is in compliance with its requirements as a designated body.  However, the MLRO’s role is primarily one of assessment and reporting and responsibility for an investment fund’s AML policies and their implementation remains with the Board of the investment fund.

It is therefore important that the MLRO should have direct access to the Board to report and escalate incidents or procedures.  In the case of a UCITS investment fund, the escalation procedures and policies should be set out in its business plan, which will be reviewed by the Central Bank.  The MLRO must act with a degree of independence and is obliged to report suspicious transactions to the Garda Síochána (Police) remains. Increasingly, service providers, and particularly administrators, have moved away from providing this service principally because of the potential liabilities.  Therefore, the MLRO is often located outside Ireland. This does pose challenges for both the investment fund and MLRO as he/she must become familiar with the Irish AML regime and now the Act.  The MLRO of an investment fund must also have good communication with the administrator or person carrying on the AML function on the investment fund’s behalf and must have visibility over inflows and outflows from the investment fund in order to carry out their duties.

Enforcement Sanction

The “administrative sanctions” regime established by the Central Bank and Financial Services Authority of Ireland Act 2004 (the “2004 Act”) did not apply to breaches of AML legislation under the 1994 Act and therefore the role of the Central Bank, in the case of AML, was one of oversight.

This perceived gap has been addressed by the Act and breaches under the Act now fall within the Central Bank’s administrative sanctions regime, providing the Central Bank with greater enforcement powers.

A person who fails to comply with its obligations under the Act commits a criminal offence and is liable: (a) on summary conviction, to a fine of up to €5,000 and/or imprisonment for up to 12 months; (b) on conviction on indictment, to an (unlimited) fine and/or imprisonment for up to 5 years.  The offence is an “arrestable offence”, enabling members of the Garda Síochána (Police) to arrest a suspect without court warrant for questioning.

Section 111 of the Act provides that directors may be held personally liable. Where an offence under the Act is committed by a body corporate or by a person purporting to act on behalf of a body corporate and it is proved to have been committed with the consent or connivance, or to be attributable to any wilful neglect, of a person who, when the offence is committed is a director, manager, secretary, or other officer or a person purporting to act in that capacity, that person is taken to also have committed the offence and may be proceeded against and punished accordingly. This has serious implications for directors as many of the offences under the Act carry large fines and prison sentences and may result in disqualification.

It is a defence for a defendant to prove that he or she took all reasonable steps and exercised all due diligence to avoid committing the offence. In determining this, a court may have regard to any guidelines approved by the Minister for Justice. 

The extension of the administrative sanctions regime to cover the Act provides the Central Bank with powers to impose a wide range of sanctions against both the designated body and persons involved in its management, including Directors. It may also carry out a range of inspections and site visits to ensure compliance with the new AML regime and the Act.

Conclusion

Ultimately, the AML policy and compliance with the Act is the responsibility of the investment fund and its Board. As outlined above, breaches of the Act may attract severe sanctions, including personal liability and criminal sanction. It is therefore important that boards ensure that the other designated bodies on whom they rely (e.g. the administrator, investment manager, distributors) for the investment fund’s compliance with AML requirements, have implemented proper CDD procedures, training policies and are otherwise compliant with the Directive.

For further details please contact any of our Partners.