A Guide to Money Laundering Reporting

Officer Duties and Suspicious

Activity Reporting
Judy de Castro
LCOI/REGSOL CONSULTANT
26th June 2019:

© RegSol 2019
 Session Agenda
✓ Introduction
✓ What is the MLRO?
✓ Who should be the MLRO?
✓ MLRO Role: What should the MLRO Do?
✓ How does the MLRO do it:
Human wit vs technology
✓ Why does the MLRO do it: detection of red flags
✓ Questions?
© RegSol 2018 2
 RegSol Compliance Service Solutions
Combining over 20 years of consultancy experience:
Consultancy
▪ Multi-disciplinary onsite reviews
▪ Policies and Procedures
▪ Risk Management
▪ DPO Services (Data Protection
Officer)
Regulatory Solutions
▪ Authorisations (e.g. CBI)
▪ Regulator visit preparation
▪ Client Interaction
© RegSol 2018
Training
▪ In-person (either inhouse or
offsite)
▪ Self-paced online
▪ Instructor-led Webinars
Areas of Expertise
AML/CTF
Data Protection (GDPR)
Consumer Protection
Insurance Distribution Regulations
3
 What is the MLRO?

What do the Regulations Say?

▪ Fitness & Probity Standards: CF2, PCF15
“CF2: a person who is involved in ensuring, controlling or monitoring compliance with an institution’s
obligations”

CJA 2018: Section 54 & 111

s54“A designated person shall appoint a member of senior management with the primary responsibilities for
the implementation and management of AML measures(...)if directed in writing to do so by the competent
authority.” s111: “an offence under the Act by director, manager, secretary or other officer, that person is
taken to have committed an offence and …punished accordingly”

Enforcement Action: Administrative Sanctions

Procedure?
• Inquiry
• Prescribed Contravention/Settlement Agreement
• Prohibition Notices
•© RegSol
Sanctions
2019 4
CBI Enforcement News: Campbell O’Connor

▪ Fined €280,000
Breaches:
▪ Failed to include Terrorist Financing in
Risk Assessment;
▪ Inadequate policies and procedures;
▪ Failed to provide its staff with
appropriate STR training;
▪ Transaction Monitoring: Placed too
much reliance on personal knowledge
of customer;
▪ Third party reliance inadequate
5

© RegSol 2019
 Who should be the MLRO?
Fit, Proper And….?
▪ Seniority: Influence, authority and experience

▪ Expertise, knowledge and right skillset: know the regulations, understand the risks

▪ Visibility: accessible to staff, known as MLRO

▪ Autonomous and Independent: 2nd line of defence

▪ Adequately Resourced

© RegSol 2019 6
 MLRO Expertise: Know the law

2015
2005 2010 2012 • 4th EU AML
• 3rd EU AML • Criminal Justice ● FATF Directive
(25.06.2015)
Directive Recommenda
(ML & TF) Act
• Criminal Justice 2010
tions 2012 2016
Act 1994 2013 • European Union
• Criminal Justice ● Criminal (AML: Beneficial
(Terrorist Justice Act Ownership of
Offences) Act, 2013 Corporate
2005
Entities) Regs
2016
7
 MLRO Expertise: Know the law

2017 2019
● 2018 contd.. 2020
●
FATF Mutual
Evaluation report:
● EU (AML:
● 5th EU AML
Beneficial
Ireland Directive
Ownership)
2018 ● Criminal Justice
Regs 2019
transposed by
(ML & TF) 10.01.2020
● 5th EU AML (Amendment) ● Criminal Justice ● 6th EU AML
Directive Act 2018 (ML and TF) Directive into
● (Amendment)
Criminal Justice ● 6th EU AML
Bill 2019.
national law by
(Corruption Offences) Directive 3.12.2020.
Act

8
MLRO regulatory updates: 2018 Act
▪ 4th EU AML Directive Changes:
▪ Statutory obligation to carry out Business Risk Assessment
▪ Simplified Due Diligence “rules based approach” effectively
Abolished
▪ Enhanced CDD regime: domestic PEPs and Higher risk country
accounts
▪ Countries of Equivalence List Abolished
CJ(ML&TF)(Amend.) Act 2018 was signed into law in November 2018
Consolidated version of the 2010 Act is available here:
http://revisedacts.lawreform.ie/eli/2010/act/6/revised/en/html
9

© RegSol 2019
MLRO Regulatory Updates: 5th Directive

In response to terrorist attacks and high profile ML

Cases: 5th EU Directive Proposed changes:
▪ Crypto-currencies/virtual currencies and Letting Agents
obliged entities
▪ Greater powers for Financial Intelligence Units: transparency
of financial transactions
▪ Centralised Beneficial Ownership Registers
▪ Clarification of PEPs: Member states to produce official lists
▪ Traders in art (galleries and auction houses) <€10,000 or more
obliged entities
10

© RegSol 2019
MLRO Regulatory Updates: 6th Directive

▪ 6th EU AML Directive Changes in response to

6th tttt
legislative discrepancies:
▪ Unified and harmonised list of predicate offences (22 in total incl. cybercrime,
environmental, direct/indirect tax crimes)
▪ More ML Offences to capture enablers: aiding, abetting, attempting to commit
an offence of ML
▪ Extension of liability to legal persons (extended to corporates incl. lack of
supervision/control/directing mind has made possible the offence)
▪ Increased international cooperation for swift prosecution in EU multi-
jurisdictions and centralise prosecution in single member state
▪ Tougher punishments (permanent ban from doing business; conviction increased
from minimum 1 to 4 years prison sentence)
▪ Requirement for dual criminality for specified offences
11

© RegSol 2019
s.7 – Understand the Offence of Money Laundering

12

© RegSol 2019
s.13– Understand the Offence of Terrorist Financing

13

© RegSol 2019
Knowledge of AML Media trends:

International hotel chain 'unwittingly accepted millions of euro

● Kinahan cartel figure held in in Irish drug money'

probe into money laundering

Independent 4th June 2019 : Rolex watches, SUVs
and designer clothes seized in morning raids

Gardaí investigating suspected

terrorist financing arrest four people
in Dublin
● Irish Examiner 22 Jan 2019-
Four people questioned in connection with the
suspected funding of IS groups in Syria in
what senior sources described as a “very
significant” terror financing operation.

14

© RegSol 2019
Knowledge of AML Media Trends

15

© RegSol 2019
 MLRO Role: What should the MLRO DO?
What are the Central Banks
Expectations?
▪ Governance structures : clear roles & reporting line
to Committee/Board
▪ MLRO role clearly defined and documented;

▪ 2nd line of defence-Active MLRO engagement in the

monitoring and management of ML/TF risk: ML/TF
risk assessment; Good quality MI: SMART

▪ Regular assessment and evaluation of regulatory

changes (consideration of industry developments)
© RegSol 2019 16

▪ Perform compliance monitoring reviews to test

controls, agree recommendations with Management
 MLRO Role: What should the MLRO do?
What are the Central Bank’s Findings ?
➢Lack of a permanent MLRO/Head of Compliance with responsibility for AML/CTF
exposes AML/CTF infrastructure to:

● lack of oversight when acquiring a book of business: remediation plans

● lack of process improvement
● pause of existing projects & loss of institutional memory
● lack of training tailored to risk staff face
● issues with compliance/AML staff retention

➢Where an MLRO has not been appointed by the firm, the Central Bank may, under
Section 54 (8), direct the firm to do so.

© RegSol 2019 17
How does the MLRO
Do it?
Human Wit? Technology?

● Board
● Risk Assessment ● Risk Assessment
● Policies ● Record Keeping
● Record Keeping ● Ongoing Monitoring
Training ● Training
● Ongoing Monitoring
● Outsourcing
18
MLRO Duties: MLRO Board Report

▪ At the very least on an annual basis, the Board should commission a

report from its MLRO which:
✔assesses compliance with the Act; and issues recommendations
✔provides regulatory updates and industry developments
✔provides the number of STR reports, sanctions matches made by staff
✔reports on Training statistics and MI on PEPs, High risk accounts linking in with BRA
✔Remediation projects and statistics on legacy businesses

▪ Why? The firm's senior management consider the report; and they
take any necessary action to remedy deficiencies identified by the
report.

© RegSol 2019 19
MLRO Duties -Risk Assessment: Legal Obligation

20

© RegSol 2019
MLRO Duties: Risk Assessment

(a)National Risk Assessment

(b)Guidance from a Competent Authority
(c)EBA, ESMA or EIOPA Guidance, where relevant (EC Supranational Risk
Assessment 2017)

The Business Risk Assessment MUST be:

✓ Documented
✓ Kept up to date with product developments, regulatory change
✓ Approved by Board/SMT and documented in Board Reports on Annual basis
✓ Made available to Competent Authority

FAILURE = OFFENCE
21

© RegSol 2019
 MLRO Duties: Policies & Procedures
MLRO oversight in Partnership with
Business Heads?
● Maintain a detailed suite of AML/CFT policies,
supplemented by guidance and supporting procedures
to demonstrate compliance with legal and regulatory
requirements;

● Evidence of formal review and approval, (at least

annually,) at appropriate levels;

● Policies and procedures reviewed/updated in response

to events or emerging risks;

● Readily available to all staff, staff receive training on

procedures
© RegSol 2019 and procedures are fully implemented and 22

adhered to;
● Independent review and testing.
 MLRO Duties: Training
The Law
Section 54 (6) requires designated persons to ensure staff are instructed on ML/TF
law and provided with ongoing training OFFENCE for failures to
comply
Main CBI Findings?
● Failure to demonstrate effective monitoring Plan in
place to verify all staff are trained:
○ Board
○ Senior Management
○ High Risk Staff
○ New Starters (induction)

● Lack of Tailored, Up to date & Regular Training

● Adequate records & course material readily available on request
© RegSol 2019 23

(completion log)
MLRO Duties: Training Checklist

➢ Training Policy & annual training plan approved by Board

➢ Risk Assessment of Staff
➢ Design Training programmes/courses specific to risk
➢ Consider basic Computer based training for all staff on annual basis, to include
internal SAR form and suspicious reporting internal procedures & TIMELINES
➢ Consider Advanced classroom training for client facing staff
➢ Consider Specific SAR training for staff in vulnerable positions
➢ Consider Corporate AML training for Directors and Senior Management team
➢ Consider Training for Outsourced functions
➢ Implement an induction programme for new starters
➢ Involve staff in review of training material
➢ Tracking attendance rates to completion and escalate statistics to Board
➢ Accurate record keeping of completion dates, types of courses, staff members and
course material
24

© RegSol 2019
MLRO Duties: Record Keeping
▪ Business Risk Assessment
▪ Reliance on Third Parties
▪ CDD documents must be kept for
5 years from date of (i) ceasing of
services or (ii) date of last
transaction (sec 55(4)(a) Act)
▪ Transaction documents/records
must be kept for 5 years following
the date transaction is completed
or terminated (sec 55(4)(c) Act)
© RegSol 2019
▪ Information on whether the Designated
Person has had business relationship
with a person in last 5 years
▪ Training Records
▪ Suspicious Activity Logs and all related
data to evidence timelines and decision-
making processes
▪ Assurance/Audit testing
▪ Board Minutes (PEP, BRA Approval etc )
▪ Ongoing Monitoring
25
 MLRO Duties: Ongoing Monitoring
Key Areas? Monitoring and rationale for setting thresholds

● Examination of background and purpose of certain transactions

● The Act of 2010 is amended by the insertion of the following section after section 36:
“36A. (1) A designated person shall, in accordance with policies and procedures adopted in
accordance with section 54, examine the background and purpose of all complex or unusually
large transactions, and all unusual patterns of transactions, which have no apparent economic
or lawful purpose.
● (2) A designated person shall increase the degree and nature of monitoring of a business
relationship in order to determine whether transactions referred to in subsection (1) appear
suspicious.”
A designated person who fails to comply with this section commits an offence and is liable—
● (a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months (or
both), or
● (b) on conviction on indictment, to a fine or imprisonment for a term not exceeding 5 years (or
both).”.
© RegSol 2019 26
When to apply ongoing monitoring

➔Section 35(3) : reasonably warranted by the risk of ML/TF;

➔Section 37 (c) : apply enhanced monitoring of PEPs
➔Section 38 (f) : apply measures to certain correspondent
banking relationships
➔Section 38 A: high risk third countries
➔Section 39 : cases of heightened risk per Risk Assessment

DO triggers identify suspicious activity?

27
 Ongoing Monitoring Triggers Events:
Non-transactional trigger events:
• Material change in ownership and/or management structure;
• Re-classification of the jurisdiction where the respondent institution is located;
Identification of a PEP relationship;
• Identification of adverse media on the respondent institution.

Transaction trigger events:

• Transaction Monitoring rules and parameters specific and tailored to risk
profile
• Transaction monitoring rules set my Compliance/MLRO and approved by Board
• Consider customer profile, including income and investment amounts vs actual
activity, patterns, source of wealth etc
• Consider data capture and data quality
28
Central Bank Findings

• Inadequate controls to ensure all customers are subject to

regular screening or monitoring on a regular basis
• Inadequate assurance testing around criteria used for triggers
to ensure transaction monitoring process identifies suspicious
activity
• Failure to use known information regarding customers to
identify potential suspicious activity
• Failure to place risk assessment output into triggers

29
Financial Sanctions Regime

Legal obligations:

● Prohibit making funds available, directly or indirectly to or for the benefit of

individuals or entities listed on a Sanctions List

● Prohibit specific trade / financial transactions with certain countries

● Freeze all funds and economic resources of persons and entities on sanctions
lists
● Report to the relevant competent authority (the Central Bank of Ireland) in
respect of financial sanctions matches and any freezing of accounts or
transactions*
*In the event that a customer is matched to either the EU terrorist lists or UN terrorist lists, MLRO should file an
STR immediately with the Financial Intelligence Unit in the Garda National Economic Crime Bureau and not
carry out any service or transaction in respect of the account until the report has been made.
30

© RegSol 2019
 Financial Sanctions
Frequency of Screening and Investigation/Escalation:
▪ Designated senior person/MLRO responsibility for Sanctions investigation
and Escalation
▪ Include in BRA
▪ Beware of processing USD transactions- OFAC US sanctions apply
▪ Screening system appropriate to size, scale and complexity
▪ Screening new customers, their transactions/payments, beneficial owners
at onboarding and then on a regular basis
▪ Determine procedures for matches, false positives, investigation and
reporting to MLRO

© RegSol 2018 31
Suspicious Activity Reporting: Legal Obligation
S.41 & s.42 CJ, S. 54 (3)(ML&TFO) ACT 2010 as amended

▪ You MUST report to the Gardai and Revenue Commissioners ‘As soon
as Practicable’ where you:

■ Know, suspect or have reasonable grounds to suspect

■ on the basis of information obtained in the course of carrying on business as
a designated person
■ that another person has been or is engaged in an offence of money
laundering or terrorist financing

32

© RegSol 2019
Internal Controls for STRs/SARs

Timing:
➔“As soon as practicable”- Delays in reporting a suspicions may
result in the loss of evidence and assist the person who is alleged to
have committed the offence
MLRO Controls:
➔Maintain Internal SAR/STR Register or log & evidence/rationale of
reporting/investigation process
➔Internal SAR/STR Form/procedures available to all staff
➔SAR/STR Training for all staff
➔Consider automated transaction monitoring systems to identify Red
Flags
33

© RegSol 2019
Suspicious Activity/Transaction Reporting: goAML
● Section 42 of the CJA 2010, provides that reports in relation to money
laundering and terrorist financing suspicions should be made to FIU Ireland
and to the Revenue Commissioners.

● From June 2017, reporting to the FInancial Intelligence Unit (FIU) must be
made via goAML

● Firms should ensure that they are registered with goAML as STRs cannot be
submitted via goAML unless the firm has previously registered.

● The Revenue Commissioners will accept a printed copy of the STR submitted
on goAML which should be posted to the relevant address.

34

© RegSol 2019
Go AML

● Allows for transaction

reports/documentation to be
uploaded
● Requires detailed information on
customer, addresses,
transactions, currencies,
amounts, passport numbers
● Requires details on reasons for
suspicion
● GoAML message board alerts
users if their report has been
accepted or rejected

35

© RegSol 2019
Detection of Red Flags: Suspicious Activity

➔Consider attempted AND completed transactions

➔No minimum monetary threshold for reporting, no amount too low
➔Appropriate to service, product, customer
➔Consider geographic spread
➔Consider transactional history and third party payments
➔High Risk Jurisdictions
➔Refusal to provide customer due diligence documentation or
providing forged documentation

36

© RegSol 2019
Detection of Red Flags: Suspicious Activity

• Level of investment in multiple or single product(s) doesn’t match client's

economic profile

• Client wants to use CASH for a large transaction

• A customer purchases products with termination features without concern for

the product’s investment performance

• Client accepts very unfavourable conditions unrelated to his or her health or age

• A customer purchases a product that appears outside the customer’s normal

range of financial wealth or estate planning needs

37

© RegSol 2019
Detection of Red Flags: Suspicious Activity

• Client has small policies or transactions based on regular payment

structure then makes a sudden request to purchase a substantial
policy with a lump sum premium
• Client proposes to purchase an insurance product using a cheque
drawn on an account other than his or her personal account and no
obvious link to third party account
• Overpayment of a policy premium with a subsequent request to
refund the surplus to a third party

38

© RegSol 2019
Detection of Red Flags: Suspicious Activity

• The first (or single) premium is paid from a bank account outside the
country
• Client shows more interest in the cancellation or surrender of an
insurance/investment contract than in the long-term results of
investments or the costs associated with termination of the contract
• Client cancels investment or insurance soon after purchase
• Early redemption takes place in the absence of a reasonable
explanation or in a significantly uneconomic manner
• Series of small claims below premium amount

39

© RegSol 2019
Confidentiality

▪ Reports made in good faith are freed from all statutory, contractual or
other confidentiality restrictions

▪ But malicious or reckless reports are not

▪ It is very important therefore that reporting procedures and decisions

taken are documented

© RegSol 2019 40
SAR/STR Output: Statistics (2017) - AMLCU

© RegSol 2019 41
SAR/STR Output: Statistics

© RegSol 2019 42
SAR/STR Output: Results (FATF MER 2017)

© RegSol 2019 43
SAR/STR Output:Results?

© RegSol 2019 44
Tipping Off
Ensure staff understand their obligations in this regard and this is present
in training and procedural material:
Section 49 provides for two separate but related offences being where
the firm knows or suspects on the basis of information learned during the
course of carrying on business as a firm:
▪ the firm shall not make any disclosure that would be likely to prejudice
an investigation that may be conducted following the making of a
report under Chapter 4;
▪ investigation is being contemplated or is being carried out into whether
an offence has been committed, the firm shall not make any disclosure
that is likely to prejudice the investigation.

45

© RegSol 2019
CBI Risk Factors
● Inadequate practices in operation around identification and escalation of
suspicious transactions:
● Weaknesses in the processes and procedures associated with STRs,
including: -
■ Deficiencies in internal record keeping;
■ Insufficient or no evidence on files of the assessment and adjudication
performed by the MLRO or MLRO delegate on the rationale for
discounting suspicions or for making an STR to the Authorities;
■ Staff not receiving an acknowledgment of having raised a suspicion to
the MLRO;
■ Lack of detail of report to authorities, dates, amounts, reasons for
suspicions omitted

46

© RegSol 2019
CBI Risk Factors
● Unexplained delays in suspicions being reviewed and determined by the
MLRO or defined timelines not considered “as soon as practicable”; and -
● Case management of STRs conducted manually by firms, without sufficient
audit trails in place to evidence decisions made and actions taken.
● Policies and procedures did not sufficiently outline the internal suspicious
transaction reporting process or tipping off;
● Discrepancies between actual procedures and operational practices e.g. non-
use of internal reporting forms;
● No audit trail or on-going monitoring process in place to assist in identifying
where ML/TF concerns may have arisen in relation to specific policyholders;
● Lack of assurance testing performed on the STR process.
● Lack of training to make staff aware of reporting obligations and procedures

47

© RegSol 2019
Contact Us:

RegSol Ireland
Ph 01 539 4884
info@RegSol.ie

Web: Tweet:
www.RegSol.ie @RegSolIreland

AML | Consumer Protection | Data Protection | Authorisations

48