.svg)
The Central Bank of Ireland (CBI) has issued a new bulletin highlighting the weaknesses in virtual asset service provider (VASP) applications.
The CBI has identified recurring issues during the application process among VASPs looking to register in the country, particularly in relation to anti-money laundering and counter-terrorist financing (AML/CTF).
To help firms, the CBI has set out its expectations of crypto companies during this process.
“All firms regulated and supervised by the Central Bank for AML/CFT purposes must be able to demonstrate a robust AML/CFT control framework that complies with the relevant obligations,” said Seana Cunningham, enforcement and AML/CFT director at the central bank. “The Central Bank will only register a firm when it is satisfied that the firm can meet its AML/CFT obligations on an ongoing basis.”
Issues identified by the CBI included incomplete applications. A number of registration applications did not contain the required information and documentation. Consequently, these applications could not progress to the assessment phase of the process, according to the CBI.
For example, some firms had submitted policies but no accompanying procedures, and a number of firms submitted a copy of the firms' internal risk register in place of a documented risk assessment.
Firms have also been called out on their policies and procedures by the CBI.
According to the central bank, several firms submitted AML/CTF policies and procedures that did not meet the Irish legislative and regulatory requirements, in many instances referring to legislative frameworks in other jurisdictions where parent/group entities are situated.
Where firms rely on group policies and procedures, these must be sufficiently detailed, applicable to the Irish entity that is applying for VASP registration and meet the Irish legislative and regulatory requirements, the regulator said.
Applications also revealed problems related to customer due diligence (CDD). A number of applicant firms failed to demonstrate compliance with the legislative obligation to obtain CDD knowledge, the central bank warned, adding that many firms were unable to explain how screening is conducted for politically exposed persons (PEPs).
Several firms failed to document the frequency of financial sanctions screening, how the firm screens, including what, if any, software is used, and the steps the firm would take in the case of a financial sanctions hit.
“All current and potential VASP applicants should review the content of the bulletin and take actions to rectify weaknesses, as relevant,” said Cunningham. “Firms undertaking VASP activities are also reminded that a failure to register may result in significant criminal and/or administrative sanctions.”
Since April 2021, VASPs are required to comply with the relevant AML/CTF obligations in line with the requirements of the EU's 5th Anti-Money Laundering Directive.
The CBI is currently progressing the assessment of registration applications and has provided feedback to 90 percent of applicants on their proposed AML/CTF frameworks.
