Central Bank of Ireland: Dear CEO Letter to High-Cost Credit Providers

• HCCPs have not adequately considered their obligations under the CJA 2010 and therefore have not ensured that their business operations and control frameworks are compliant;

• Some HCCPs have not undertaken a business wide risk assessment (“BWRA”) and therefore are not in a position to identify their ML/TF;

• Some HCCPs have not sufficiently tailored the BWRA and/or AML/CFT policies and procedures to the business model, limiting their ability to implement an appropriate control framework;

• Many HCCPs were unable to demonstrate compliance with a number of obligations under the CJA 2010, including adequate customer due diligence, ongoing monitoring and suspicious transaction reporting.

• The importance of complying with all relevant obligations under the CJA 202, regardless of size or structure of the entity.

• Many HCCPs did not have documented AML/CFT frameworks or AML/CFT policies and procedures in place,

• The CBI outlined their concern regarding the level of deficiencies it has observed in relation to the responses via the Risk Evaluation Questionnaire (“REQ”).

• The CBI reminded HCCPs of their obligation to provide accurate, complete and timely information when requested to do so by the CBI.