The Central Bank of Ireland (Central Bank) issued an Anti-Money Laundering (AML) bulletin focussing on the Virtual Asset Service Provider (VASP) sector (Bulletin).
Of particular interest is a section of the Bulletin that deals with key issues with VASP registrations received by the Central Bank, and the Central Bank’s expectations related to VASP applications going forward. This acts as good guidance for any firm currently considering or completing a VASP application. We summarise some of the key points from the Bulletin.
Several VASP registration applications have not contained sufficient information or documentation. This has meant that the applications could not progress to the assessment phase. Generally, firms that failed to reach the assessment phase did not take advantage of the pre-application meeting offered by the Central Bank.
Money Laundering/Terrorist Financing Risk Assessment
Firms should base their Anti Money Laundering/Countering the Financing of Terrorism (AML/CFT ) control framework on an Money Laundering/Terrorist Financing (ML/TF) risk assessment. This risk assessment must be specific to the relevant firm and the specific risks that pertain to the firm’s customers and business activities.
Policies and Procedures
A firm’s policies and procedures should be a part of a documented suite that are supplemented by guidance, accurately reflect operational practices and fully demonstrate consideration of, and compliance with, all legal and regulatory requirements. The Central Bank has found that VASP applicants have often not referred to Irish regulatory obligations, instead only discussing obligations from other jurisdictions. Group policies and procedures should be localised to Ireland.
Consumer Due Diligence
Firms should collect and assess sufficient information to ensure they know their customers, whether a customer is a Politically Exposed Person (PEP), understand the purpose of the account and are alert to any potential ML/TF risks arising from the relationship.
Financial Sanctions Screening
Firms should clearly document the frequency of financial sanctions screening, how screening is undertaken, and the steps taken in the case of a sanctions ‘hit’.
Any outsourcing of AML/CTF functions must be done on the basis of a documented agreement. As part of a VASP registration application, firms are expected to include outsourcing policies and service level agreements. Firms must also demonstrate sufficient oversight of the outsourced activities and must be able to evidence that regular assurance testing of the outsourced activities takes place.
The Central Bank noted that a number of firms have failed or delayed submitting Individual Questionnaires for each of the proposed pre-approval controlled function role holders.
The Central Bank expects firms to have a physical presence located in Ireland and for there to be at least one employee in a senior management role located physically in Ireland to act as the contact person for engagement with the Central Bank.
Applicants seeking registration as a VASP should consider the information contained in the Bulletin and how it pertains to their application. The Bulletin provides key insight into the Central Bank’s opinion on VASP applications and what kind of considerations will form a part of its assessment.
For more information, please contact a member of our Financial Regulation team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.