As far as accountancy firms go, there is a requirement for each firm to prepare an anti-money laundering (AML) written risk assessment (known as the firm-wide or business risk assessment) examining the business/practice in five key areas (more on this below). The legislation that brought this into place is section 30A of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act, 2018, which became effective on 26 November 2018. The various professional bodies are examining these risk assessments in their recent practice inspections.
The risk assessment must be kept up to date but there is little clarification in the legislation about ‘what up to date’ means. If your practice has essentially not changed in structure/number of offices or the services it offers since you prepared your first risk assessment in 2018, now is a good time to give it a brief refresh. If there have been more fundamental changes, including new Partners/services, then a more detailed refresh is required.
More guidance on this topic has been prepared by the Consultative Committee of Accountancy Bodies–Ireland (CCAB-I) and is available here as CAI Technical Release 01/2019. The five key areas that must receive attention in the document are:
- clients – locally based are generally less risky than overseas clients;
- the products and services provided – bookkeeping is generally less risky than liquidation work;
- the countries the clients operate in – clients based in sanctioned territories, or Irish clients doing business with such countries are usually prone to more money laundering (ML) risk;
- the transactions the firm is involved in – decision making on behalf of clients is usually a higher trigger point for risk; and
- the delivery channels – with remote delivery seen as more prone to ML risk.
There will sometimes be overlap between these risk factors, and this is explained in more detail in the guidance and in the template available below.