Common Issues Arising on AML Monitoring Visits

Common Issues Arising on AML Monitoring Visits

The various professional bodies are ramping up their anti-money laundering (AML) inspection regime, as there is more and more pressure coming at EU level, on professional bodies, to improve the consistency of the inspection system.

The main issues that are arising for Irish firms on recent AML inspections are:

  1. Lack of written procedures which evidence that firms are complying with AML regulations and legislation. These procedures ideally consist of an up to date AML Policies & Procedures Manual. Many firms have such policies and procedures already in place, but they are often out of date and do not clearly identify the MLRO. The latest changes to legislation came into effect on 23 April 2021 and the up to date AML Policies & Procedures Manual in use in the firm should reflect this.
  2. Client due diligence (CDD) – this consists of the following parts:
    1. Client verification – the ID obtained has not been signed and dated by the firm to evidence that they are ‘Certified Copies of the Originals’.
    2. Details of the client’s business, legal structure, sources of funds and geographic risks are often not properly recorded.
    3. Risk assessment and CDD procedures are not carried out prior to acting for the client.
  3. Firm-Wide Risk Assessment (often referred to as the Business-Wide Risk Assessment) – there is often little evidence that this written assessment (introduced in law since November 2018) has been completed or where it has been completed, the assessment is often not sufficiently detailed or up to date in accordance with Section 30A of the ‘Criminal Justice (Money Laundering and Terrorist Financing) Acts, 2010 to 2021’
  4. AML Compliance ReviewAnnual compliance review not completed or a inadequate review has been carried out. The review findings and implementation plan are extremely important. We carry out such external documented reviews for firms with advice on corrective action.
  5. Training – Appropriate AML training has not been undertaken by all relevant staff. We provide in-house and online AML Training delivered in a format tailored to each firm’s requirements.
  6. Annual Return declarations – Incorrect AML information disclosed on the firm’s Annual Return to its professional body. Attention to detail is important here and this will be reviewed as part of the AML Compliance Review we carry out.


Jurisdictions with Strategic AML Deficiencies

Jurisdictions with Strategic AML Deficiencies

When you are doing your Client Due Diligence on a new client/customer, did you ever wonder where you could obtain a list of sanctioned or high-risk territories/jurisdictions?

Well, a reliable source is near at hand. The Financial Action Task Force (FATF) identifies jurisdictions with weak measures to combat money laundering and counter terrorist financing (AML/CFT) in two FATF public documents. These two reports identify:

These reports are issued three times a year in February, June, and October.

The FATF’s process to publicly list countries with weak AML/CFT regimes has proven to be effective.  For example, as of October 2018, the FATF had by then reviewed over 80 countries and publicly identified 68 of them. Of these 68, over 80% have since made the necessary reforms to address their AML/CFT weaknesses and have been removed from the process.

The first public document, the FATF’s Public Statement, identifies countries or jurisdictions with such serious strategic deficiencies that the FATF calls on its members and non-members to apply counter-measures. These include enhanced due diligence measures proportionate to the risks arising from the deficiencies associated with the country.

The statement “Improving Global AML/CFT Compliance: On-going process” identifies countries or jurisdictions with strategic weaknesses in their AML/CFT measures, but that have provided a high-level commitment to an action plan developed with the FATF. The FATF encourages its members to consider the strategic deficiencies identified for these jurisdictions.

If any country fails to make sufficient or timely progress, the FATF can decide to increase its pressure on the country to make meaningful progress by moving it to the Public Statement.

For more information about the FATF’s process to identify high-risk and non-cooperative jurisdictions and monitor their progress, click here.

Watch out for our 2021 update to the AML Policies & Procedures Manual coming soon.

For a complete list of our time-saving engagement letter templates for FRS 102 audit, FRS 102 audit-exempt, VAT, visit our store here.  All our engagement and representation letter templates are up to date for Brexit and Covid 19.

More than a decade on: why is AML still an issue?

More than a decade on: why is AML still an issue?

It would seem fair to assume that after eleven years the profession has got to grips with the anti-money laundering (AML) regulations. However they remain one of the key problem areas encountered on regulatory inspections.

Perhaps the obvious reason for failing to focus on AML procedures is that firms can’t raise a fee note for such work. Some view AML as an unwelcome and onerous regulation that puts barriers in the way of helping clients, and adds no value. Consequently, some firms give scant attention to AML procedures.

However, AML regulations are a global reality, one that firms have to get to grips with. If you establish appropriate procedures, they do not need to be regarded as onerous.

Long-established clients

There was an exemption in the implementation of the Criminal Justice Act, 1994 (that came into effect for accountancy firms in the Republic of Ireland from 15 September, 2003) that meant that customer due diligence (ID checks) were not required for clients in place at that date. However, the subsequent 2010 legislation removed that same exemption. A further piece of legislation called the Criminal Justice Act, 2013 updates certain parts of the 2010 law.

The 2010 law, called the ‘Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010’, came into effect from 15 July 2010 and abolished the 1994 law while it re-implemented most of its requirements and added others.  Firms should now therefore have due diligence for every client and retain that documentation for at least five years after the last business transaction with that client. See the latest guidance from the professional accountancy bodies at the Consultative Committee of Accountancy Bodies – Ireland, (CAAB-I), ‘ Anti-Money Laundering Procedures Republic of Ireland’ dated September 2010. (

In many cases firms will have documentation that will satisfy the due diligence requirements (e.g. a Revenue Commissioners tax demand or Department of Social Protection correspondence and details of a client’s personal bank statement or pension scheme). If this is not the case simply ask to see your client’s photo-driving licence and take a copy, or use some other form of electronic verification to get the evidence you need, using sources like C6 ( or Veriphy  (, provided the client is assessed as ‘low’ risk. Politically Exposed Persons (PEPs) as defined in the legislation (which includes relatives and business associates of such persons) must be specifically identified and treated as high risk, which means additional evidence and explanations must be documented about their financial transactions and sources of wealth. Legislation is expected in 2015 to expand the definition of PEPs to include locally resident persons who are politically exposed.

Risk assessment

The customer due diligence procedures should be risk-based. While most firms complete some form of risk assessment, many go on to ignore it with regards to the amount of AML checking they undertake. This often leads to excessive checking for some clients and insufficient checking for others. Forms need to be completed to document the risk assessment and evidence gathering process and to show its subsequent regular review and action taken, following review.


Beneficial ownership

For most clients, this is not an issue as their structure is simple and ownership is clear. However, it can be a major issue when you have structures involving anonymity, such as trusts or companies in Panama, Delaware BVI and Cayman Islands, or other offshore as well as some onshore territories using ‘bearer shares’ (the latter regarded as ‘high’ risk).

The legislation requires any client using anonymous structures or clients that you have not met face to face, to be treated as high risk. You must have the same level of identification for high risk beneficial shareholders as you do for the client’s principals/directors. Without evidence to support this beneficial ownership you cannot act and continuing to do so may lead not only to breach of the legislation but also to unnecessary professional indemnity risks.

Keeping information up to date

Often firms might have done a blitz when the new laws first came in, in 2003 or 2010, but have done little since. You must regularly review the evidence you have to confirm that it is still accurate and up to date. If there have been changes in ownership, the principals or the nature of the business then you must update your records. If everything is still valid, no updates are necessary.


The regulations require staff to receive training and evidence must be retained that the staff have understood the training (so some form of written quiz is necessary). This should form part of your induction programme for all new staff. You also have to provide ongoing training to staff in recognising and dealing with suspicious transactions and keep records of these regular updates and the names of staff attending.


AML regulations are here to stay and failure to comply can have regulatory consequences. Therefore, it makes sense to implement procedures to ensure compliance, but with the minimum effort required.


For more information contact John at 00 353 86 839 8360 or at