CBI issues update on VASP registration applications

Earlier this month, the Central Bank of Ireland (CBI) issued an Anti-Money Laundering Bulletin focussing on Virtual Asset Service Providers (VASPs) coming within the CBI’s registration and supervisory remit. In an effort to assist future applicants for VASP registration, the CBI outlined a number of recurring weaknesses identified in applications received to date.

Incomplete applications

• A number of applications did not contain the required information or documentation.

Money laundering and terrorist financing risk assessment

• Applicants failed to assess or document the money laundering (ML) and terrorist financing (TF) risks pertaining to their customers and business activities.
• Applicants failed to document the inherent ML/TF risks pertaining to their firm.
• Applicants failed to document determinations as to the residual risk rating for each of the risk factors set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (CJA 2010).
• A number of applicants did not consider relevant information contained in the National Risk Assessment, CJA 2010 and/or guidance on risk issued by the CBI, when documenting their risk assessment.

Policies and procedures

• Several firms submitted anti-money laundering and counter terrorist financing policies and procedures that did not meet the Irish legislative and regulatory requirements.
• Applications included their policies but not the procedures documenting how legislative obligations are met.

Customer due diligence

• Applicants failed to demonstrate compliance with the obligation to obtain information reasonably warranted by the ML/TF risk on the purpose and intended nature of the business relationship with a customer prior to the establishment of the relationship.
• Applicants failed to demonstrate how screening is conducted for PEPs, and document how PEP customers are managed.
• Applicants failed to document policies and procedures relating to the refresh of CDD documentation.

Financial sanctions

• Applicants failed to document the frequency of financial sanctions screening, their screening process, and the steps to be taken in the case of financial sanctions.

Outsourcing

• Applicants did not provide their policies around outsourcing or service level agreements.
• Applicants failed to demonstrate sufficient oversight of outsourced activities or evidence that appropriate regular assurance testing takes place.

Individual questionnaires

• Applicants failed or delayed in submitting Individual Questionnaires for each of their proposed Pre-Approval Controlled Function role holders.

The CBI Anti-Money Laundering Bulletin can be found here.