Introducing the Irish AML Regime for Crypto Providers
27 Apr 2021
The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 ("2021 Act") which transposes aspects of the EU Fifth Money Laundering Directive EU/2018/843 ("5MLD") brings virtual asset service providers ("VASPs") within the scope of the Irish anti-money laundering and countering the financing of terrorism ("AML / CFT") regime for the first time. This update highlights the key requirements which will apply to VASPs and the new registration requirement.
There has been a lot of debate and discussion about the regulation of "virtual currencies" or "cryptos", both at Irish and European level. Some crypto instruments will fall to be regulated under existing regimes, for example, the Markets in Financial Instruments Directive, depending on their structure. One key question is how regulators might apply oversight of cryptos from an AML / CFT perspective. Similarly, in its most recent guidance the Financial Action Task Force ("FATF") urged for the implementation of AML and CFT obligations on virtual assets and VASPs. 5MLD provided the European solution by introducing a new regime for VASPs.
5MLD has only recently been fully transposed into Irish law by the 2021 Act, which amends the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 ("CJA 2010"). The changes came into effect when the Act was commenced on 23 April 2021.
What Virtual Assets are in Scope?
A "virtual asset" is "a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes but does not include digital representations of fiat currencies, securities or other financial assets".
What is a VASP?
A VASP is a person who, by way of business, carries out one or more of the following activities for, or on behalf of, another person:
(a) An exchange between virtual assets and fiat currencies;
(b) An exchange between one or more forms of virtual assets;
(c) A transfer of virtual assets, that is to say, conducts a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another;
(d) Acts as a custodian wallet provider; or
(e) Participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset or both
but does not include a designated person that is not a financial or credit institution and that provides virtual asset services in an incidental manner and is subject to supervision by a national competent authority, other than the Central Bank of Ireland ("CBI").
What Regulatory Requirements Apply?
VASPs are subject to the detailed AML / CFT requirements set out in the CJA 2010, and associated guidance issued by the CBI or the European Supervisory Authorities. This includes obligations in relation to customer due diligence; ongoing monitoring and reporting; internal governance and training and having robust frameworks in place to detect money laundering and terrorist financing.
The fitness and probity regime, which requires persons performing certain key functions to be "fit and proper", also applies as part of the registration process (see below).
Overview of the Registration Process
The CBI is now in a position to accept applications under the 2021 Act. Firms who wish to apply for VASP registration will need to submit a Pre-Registration Information Form to the CBI by email to VASP@centralbank.ie, to request an Institution Number.
The CBI has published a sample registration form on its website. Further information on the registration process, including the Pre-Registration Information Form, is also available on the CBI's website.
To register as a VASP, the following information will need to be submitted to the CBI with the application form (and supporting documentation):
- The applicant's AML / CFT policies and procedures;
- The applicant's ML / TF risk assessment;
- Details of all direct and indirect ownership and the management of the applicant;
- Individual Questionnaires to assess the fitness and probity of all individuals who are proposed to hold "pre-approval controlled functions" in the applicant;
- A business plan setting out the applicant's proposed activities, transaction flows, projections and any outsourcing arrangements;
- Details of the applicant's proposed organisational structure, AML / CFT reporting lines and staffing arrangements; and
- Details of the applicant's AML / CFT training plan.
Transitional Arrangements for Existing Providers
The 2021 Act provides for transitional arrangements for existing firms who are already engaged in VASP activities in Ireland.
Any person carrying on business as a VASP immediately before the coming into operation of the new Chapter 9A, can initially continue to operate but must apply for registration with the CBI within three months of section 106G (i.e. the registration obligation) coming into operation. For the interim period, the entity can carry on VASP business until the person's VASP registration application has either been granted or refused by the CBI.
What do Firms Need to do Now?
In scope firms should be drafting the relevant documentation to support the AML / CFT framework which they are required to have now that the 2021 Act has come into force and to support their CBI application registration.
The CBI had identified VASPs as a key supervisory priority in 2020 but the legislation transposing this regime was not enacted until this year. So we would expect the CBI to, at some point, focus on VASPs from a supervisory perspective and possibly undertake AML / CFT inspections, similar to those undertaken in 2020 for so-called Schedule 2 Firms.
How we can Help
Our dedicated Financial Services Regulatory Group works closely with clients who are subject to AML / CFT requirements across a number of sectors. We have also advised a number of clients engaged in providing crypto services in Ireland.
We have vast experience in dealing with AML / CFT issues across the spectrum from establishing an AML / CFT framework and preparing policies and procedures; providing annual training; advising on suspicious transaction report filings; advising on governance and outsourcing arrangements related to AML / CFT and guiding clients through themed inspections and supervisory / enforcement engagement on AML / CFT.
If you would like further information, please liaise with your usual Maples Group contact or a member of our Financial Services Regulatory Group.
Our Financial Services Regulatory group in Ireland comprises of leading lawyers and experienced industry professionals with a wealth of experience in advising clients on regulatory requirements and how to manage regulatory risk within their business. Our highly technical team deliver pragmatic and solutions-focused advice to our clients.
T: +353 1 619 2023
T: +353 1 619 2125
T: +353 1 619 2122
Senior Regulatory Executive Dublin
T: +353 1 619 2158