by John McCarthy Consulting Ltd. | Jul 27, 2018 | News
In a recent sanction by the Central Bank, attention is being drawn to the fact that anti-money laundering (AML) training needs to be focused, specific and ongoing. In the sanction report, a financial services firm was fined €443,000 in June 2018 for failures that included lack of appropriate AML training.
The sanctions report reads: ‘it had inadequate policies and procedures to monitor transactions, detect and report money laundering and provide its staff with appropriate training’.
In addition, the Central Bank found that the company:
- failed in many areas to provide the appropriate amount, level, and accuracy of training for its staff;
- training was not focused on the specific roles and responsibilities of staff (especially at Money Laundering Reporting Officer (MLRO) level;
- training did not amount to a sufficient amount of time to train them on how to identify suspicious activity;
- the entity failed to provide training to all client facing staff; and
- there was a failure to ensure staff were instructed on AML and counter financing of terrorism (CFT)-related law, and a failure to provide ongoing training.
From 15 July 2010 to 10 September 2012, the firm breached section 54(6) of the Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010, because it failed to train anyone involved in the conduct of its business in AML/CFT law or provide on-going instruction on identifying suspicious activity.
Over a three-year period, the firm had held one-hour annual AML/CFT training session for staff. The Central Bank stated the ‘training was sufficient to introduce staff to AML/CFT law but in further breach of section 54(6), it was insufficient to train them to identify suspicious activity. In addition, the scope of the training was not tailored to specific roles, including the Firm’s MLRO’.
To hear more about the AML requirements that must be applied by accounting firms, including a suggested spreadsheet to control all the main topics, come to our next AML seminar on Tuesday 25 September 2018 at the Talbot Hotel Stillorgan, County Dublin.
Booking is here via our website. Cost is €105 per delegate or €280 for three delegates from the same office.
by John McCarthy Consulting Ltd. | Jan 24, 2018 | News
A lot of generic information has been written about the GDPR and the fact that it comes into effect across the EU on Friday 25 May 2018.
According to the Economist newspaper website ‘GDPR is not a matter of fix it and forget it. The new regulations mandate organisation-wide personal data awareness from data protection officers down to database administrators. GDPR will require ongoing governance of data as organisations migrate to new systems or apply their consumer data to new markets and consumer trends. Initial compliance is the first heavy lift. Ongoing governance is the long-term reality.’ Elsewhere Ludwig Siegele, IT Technology Editor of the Economist writes that the GDPR ‘will be one of the most important pieces of legislation brought into force in 2018’.
It’s important to recognise that the legislation applies only to personal data of living EU citizens (living anywhere in the world) and not to data about non-EU citizens, EU corporate entities or other types of non-human EU entity, like trusts.
What about GDPR for accountants? We are busy preparing checklists and updates to typical required terms and conditions in client letters of engagement and these will be available later on this website.
In the meantime, as Step 1 to help in your preparation, you need to analyse the types of personal data that your accounting firm handles, as it is to this type of data that the GDPR rules will apply.
There are probably fifteen categories of people for whom accountants may hold personal data:
1. Business Partners/Directors in the firm who are living natural persons
2. Current clients and their family members who are living natural persons including their Anti- Money Laundering data
3. Employees of clients for whom we may process payroll etc.
4. Former -clients and their former employees for whom we may have processed payroll etc. in the past
5. Prospective clients (on a mailing list for example)
6. Prospects not yet on a mailing list – perhaps on business cards, sitting in the drawer of your desk
7. Introducers of potential clients e.g. local law firm/estate agent
8. Suppliers such as recruitment agencies
9. Outsourced providers of services to your business e.g. payroll, bookkeeping businesses with which we may share client data
10. Associates e.g. through accounting and other Networks like BNI
11. Sub-Contractors
12. Existing staff
13. Former staff
14. Job applicants
15. Other ‘Contacts’ not already included on the above lists including complainants, correspondents, enquirers.
Once the above list is complete, the next step will be to identify the location(s) where that data is held, whether in paper or electronic format, and how secure that location is.
by John McCarthy Consulting Ltd. | Nov 15, 2017 | News
Not paying attention to the UK’s AML legislation has cost a UK accountant at least £8,000.
In a decision published in December 2016 an ICAEW member, in practice for 26 years, who was earlier fined £5,000 by Leeds Crown Court, was severely reprimanded by his Institute and ordered to pay costs of over £3,278 and pay for training in the operation of the Money Laundering Regulations.
In late 2013 the accountant’s client (Ms A) disclosed to him that she had falsely inflated expense claims to her client, the NHS. She said she was asking a new firm of tax specialists to negotiate a settlement with HMRC on her behalf. The accountant resigned as her agent, but did nothing to notify the authorities of any money laundering suspicions. What he did not know was that there was a lot more to the story than his former client, Ms A, was telling him.
In July 2014, the accountant was interviewed by the Police under criminal caution. It was disclosed to him that Ms ‘A’ had been involved in a large fraud against the NHS utilising her company to generate fake orders for training provided by her husband, who worked within the NHS. There was no evidence the defendant had any involvement or knowledge of the fraud, but he was charged with failing to disclose to the authorities his knowledge of the over-claim for expenses which Ms ‘A’ had disclosed in November 2013.
The Judge indicated his view that the defendant ought to have been aware of his professional obligations concerning disclosures of this type and thus a belief that those disclosures would be taken up by the newly instructed tax specialists for Ms ‘A’ was not a meaningful excuse.
The Judge stated that at the point when the knowledge came to the accountant another firm of accountants was instructed to deal with HMRC in respect of the mileage claims. The accountant therefore, having recognised that this information should be notified, considered that this information would reach the HMRC through the newly instructed firm of accountants. That did happen, but it may have been the case that earlier notification might have enabled a larger fraud to have been discovered sooner.
This case is a lesson to us all and a reminder if one was needed that the Money Laundering legislation needs to be followed to the letter.
To hear more about the latest in AML legislation and procedures and to benefit from our up to date training, come to our next CPD Seminar on Anti-Money Laundering at the Talbot Hotel Stillorgan, County Dublin on Tuesday 28 November 2017.
More details of all our courses are on Ticket Tailor here.
by John McCarthy Consulting Ltd. | Oct 25, 2017 | News
A landmark EU data protection judgment in 2014 on the ‘right to be forgotten’, has affected the ability to use Google and other well-known search engines to carry out anti-money laundering (AML) due diligence.
On its own, Google is not a sufficient anti-money laundering (AML) risk screening tool, as some search results could be incorrect or out of date. But now considering the 2014 ‘right to be forgotten’ case (see more below), Google may no longer reliably tell you if your customer is a known criminal, who could pose a risk to your business.
If your customer is determined to find a way round due diligence checks, they can easily do so. With websites like www.replaceyourdoc.com where fake ID may be purchased, at least the same amount of resources need focused on ongoing monitoring, and on training staff to recognise ‘red flags’, as you do on initial AML screening.
The ‘right to be forgotten’ case relates to Mario Costeja González, a Spanish citizen who in 2010, lodged a complaint against Catalonia’s leading daily La Vanguardia. In 1998 the paper printed an auction notice relating to the forced repossesion of his home. González argued that since the issue had been completely resolved in the intervening twelve years, the information was now irrelevant and should be removed, both from the paper’s digital archives and from the search results of Google Spain or Google Inc. The ruling by the European Court of Justice (ECJ) followed a referral from the Spanish courts.
The judgement found that even if the physical server of a company processing the data is located outside Europe, EU data protection rules apply to search engine operators if they have a branch or a subsidiary in a Member State. Search engines are deemed to be controllers of ‘personal data’ (data about living human beings).
Following this judgement, individuals have the right, based on certain conditions, to ask search engines to remove links with personal information about them. This applies where the information is inaccurate, inadequate, irrelevant, or excessive for the purposes of the data processing.
In this case, the court found that González’s right to data protection was not trumped by Google’s economic interests, and so the ‘right to be forgotten’ (or, technically, ‘the right to erasure’) was born in its modern form. (It should be noted that the court also stressed that the right to be forgotten is not absolute and must be balanced against other rights like the freedom of expression.)
This has obvious implications for entities conducting adverse media searches as part of their AML customer due diligence process, although the rules don’t apply to politically exposed person (PEP), sanctions and watch lists, where they are maintained by independent providers and authorities.
Most AML legislation relating to customer due diligence, allows entities the defence of have followed proper procedures and lack of reasonable grounds for suspicion. There is no case law yet, but the likelihood is that if an entity found itself under investigation by a regulator for providing services to a money launderer, but could demonstrate that it had conducted thorough due diligence and missed information only because it had been removed from search results under the right to be forgotten, this would be sufficient to avoid prosecution.
To hear more about the latest in AML legislation and procedures and to benefit from our up to date training, come to our next CPD Seminar on Anti-Money Laundering at the Talbot Hotel Stillorgan, County Dublin on Tuesday 28 November 2017.
More details of all our courses are on Ticket Tailor here.
by John McCarthy Consulting Ltd. | Jul 27, 2017 | News
AML legislation in Europe is primarily driven by the European Commission and on 26 June 2017 the Commission published a press release highlighting the urgency of the existing AML rules to be implemented in each Member State by adoption of the Fourth AML Directive.
26 June 2017 was the deadline for implementing this Directive and the Commission has written to Ireland and 16 other EU countries that are late implementing the Directive. The only EU nations to provide full confirmation to Brussels that the measures were implemented on time were the UK, France, Germany, Italy, Spain, Slovenia, Sweden, Austria, Belgium, the Czech Republic and Croatia. Apparently, it is unusual for so many countries to miss the official entry into force of an EU law.
Implementation of this Directive is quite urgent and once in Irish law it will introduce the following changes:
- reinforce the risk assessment obligation for banks, lawyers, and accountants;
- set clear transparency requirements about beneficial ownership for companies (some of this has already commenced). This information will be stored in a central register, such as commercial registers, and will be available to national authorities and obliged entities
- facilitate cooperation and exchange of information between Financial Intelligence Units from different Member States to identify and follow suspicious transfers of money to prevent and detect crime or terrorist activities;
- establish a coherent policy towards non-EU countries that have deficient anti-money laundering and counter-terrorist financing rules, and
- reinforce the sanctioning powers of competent authorities.
A separate June 2017 report from the European Commission, identified 40 products and services that are particularly vulnerable to targeting by terrorists and other criminals seeking to launder money. They include crowdfunding platforms, virtual currencies, online gambling, real estate and charities/non-profit organisations.
To hear more about the latest AML developments and how to be on the alert for suspicions of money laundering and terrorist financing under the Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010, come to our next Anti-Money Laundering course on Tuesday 28 November 2017.
All of our upcoming courses are listed here
