Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018

Risk assessment by designated persons

10. The following Chapter is inserted after Chapter 1 of Part 4 of the Act of 2010:

“Chapter 1A

Risk assessment by designated persons

Business risk assessment by designated persons

30A. (1) A designated person shall carry out an assessment (in this Act referred to as a ‘business risk assessment’) to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person’s business activities taking into account at least the following risk factors:

(a) the type of customer that the designated person has;

(b) the products and services that the designated person provides;

(c) the countries or geographical areas in which the designated person operates;

(d) the type of transactions that the designated person carries out;

(e) the delivery channels that the designated person uses;

(f) other prescribed additional risk factors.

(2) A designated person carrying out a business risk assessment shall have regard to the following:

(a) any information in the national risk assessment which is of relevance to all designated persons or a particular class of designated persons of which the designated person is a member;

(b) any guidance on risk issued by the competent authority for the designated person;

(c) where the designated person is a credit institution or financial institution, any guidelines addressed to credit institutions and financial institutions issued by the European Banking Authority, the European Securities and Markets Authority or the European Insurance and Occupational Pensions Authority in accordance with the Fourth Money Laundering Directive.

(3) A business risk assessment shall be documented unless a competent authority for a designated person decides under Article 8 of the Fourth Money Laundering Directive that an individual documented risk assessment is not required and notifies the designated person.

(4) A designated person shall keep the business risk assessment, and any related documents, up to date in accordance with its internal policies, controls and procedures adopted in accordance with section 54.

(5) A business risk assessment shall be approved by senior management.

(6) A designated person shall make records of a business risk assessment available, on request, to the competent authority for that designated person.

(7) The Minister may prescribe additional risk factors to be taken into account in a risk assessment under subsection (1) only where he or she is satisfied that it is appropriate to consider such matters in order to accurately identify and assess the risks of money laundering or terrorist financing.

(8) A designated person who fails to comply with this section commits an offence and is liable—

(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months (or both), or

(b) on conviction on indictment to a fine or imprisonment not exceeding 5 years (or both).

Application of risk assessment in applying customer due diligence

30B. (1) For the purposes of determining the extent of measures to be taken under subsections (2) and (2A) of section 33 and subsections (1) and (3) of section 35 a designated person shall identify and assess the risk of money laundering and terrorist financing in relation to the customer or transaction concerned, having regard to—

(a) the relevant business risk assessment,

(b) the matters specified in section 30A(2),

(c) any relevant risk variables, including at least the following:

(i) the purpose of an account or relationship;

(ii) the level of assets to be deposited by a customer or the size of transactions undertaken;

(iii) the regularity of transactions or duration of the business relationship;

(iv) any additional prescribed risk variable,

(d) the presence of any factor specified in Schedule 3 or prescribed under section 34A suggesting potentially lower risk,

(e) the presence of any factor specified in Schedule 4, and

(f) any additional prescribed factor suggesting potentially higher risk.

(2) A determination by a designated person under subsection (1) shall be documented where the competent authority for the designated person, having regard to the size and nature of the designated person and the need to accurately identify and assess the risks of money laundering or terrorist financing, so directs.

(3) For the purposes of subsection (2), a State competent authority may direct a class of designated persons for whom it is the competent authority to document a determination in writing.

(4) The Minister may prescribe additional risk variables to which regard is to be had under subsection (1)(c)(iv) only where he or she is satisfied that it is appropriate to consider such matters in order to accurately identify and assess the risks of money laundering or terrorist financing.

(5) A designated person who fails to document a determination in accordance with a direction under subsection (2) commits an offence and is liable—

(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months (or both), or

(b) on conviction on indictment to a fine or imprisonment not exceeding 5 years (or both).”.