On July 11, the Central Bank of Ireland published a bulletin for Virtual Asset Service Providers (VASPs), pointing out key deficiencies in their applications for registration and their Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Frameworks.
“The Central Bank identified, in the vast majority of applications, a lack of understanding and compliance with key AML/CFT obligations, in addition to significant control weaknesses. The lack of compliance, coupled with control weaknesses, resulted in a significant number of the applicant firms not being able to demonstrate to the Central Bank that they could meet their AML/CFT obligations.”
The bulletin outlines the following key deficiencies:
- Incomplete Applications – documents missing required information fields
- Insufficient Money Laundering Risk Assessment – in particular not linking their risk assessment to their inherent risk/client and products base as well as not considering national risk assessments
- Insufficient Policies and Procedures – in particular referring to global regulatory frameworks instead of specifically to the Irish one or elaborating on policies, but failing to explain procedures (i.e/ how policies are implemented in practice)
- CDD Related Issues – for example not sufficient PEP screening or failing to cover the requirement to refresh CDD information
- Sanctions Screening – failing to document sanctions screening (how screening is done and what actions take place in case of a positive hit)
- Outsourcing – a reminder that in case of outsourcing a documented agreement defining the obligations is needed, also evidence that sufficient oversight is conducted on the outsourced activity
Looking to comply with crypto AML compliance stipulations?
Contact Coinfirm or sign up/log in to the AML Platform to experience the most flexible crypto RegTech platform powered by more than 350 proprietary risk analysis algorithms.
