Central Bank of Ireland: Dear CEO Letter to High-Cost Credit ProvidersJuly 2023
On 30th June 2023, the Central Bank of Ireland (“CBI”) issued a Dear CEO Letter to High-Cost Credit Providers (“HCCPs”). The aim of the letter was to give an insight into the findings from CBI supervisory engagements with HCPPs and to set out their expectations in relation to HCCPs compliance with their AML/CFT & Financial Sanction obligations.
The CBI highlighted a lack of compliance with legislative obligations in the following areas:
- HCCPs have not adequately considered their obligations under the CJA 2010 and therefore have not ensured that their business operations and control frameworks are compliant;
- Some HCCPs have not undertaken a business wide risk assessment (“BWRA”) and therefore are not in a position to identify their ML/TF;
- Some HCCPs have not sufficiently tailored the BWRA and/or AML/CFT policies and procedures to the business model, limiting their ability to implement an appropriate control framework;
- Many HCCPs were unable to demonstrate compliance with a number of obligations under the CJA 2010, including adequate customer due diligence, ongoing monitoring and suspicious transaction reporting.
Further points noted by the CBI in the letter include:
- The importance of complying with all relevant obligations under the CJA 202, regardless of size or structure of the entity.
- Many HCCPs did not have documented AML/CFT frameworks or AML/CFT policies and procedures in place,
- The CBI outlined their concern regarding the level of deficiencies it has observed in relation to the responses via the Risk Evaluation Questionnaire (“REQ”).
- The CBI reminded HCCPs of their obligation to provide accurate, complete and timely information when requested to do so by the CBI.
All HCCPs are required to review the findings and expectations in the letter and where gaps/weaknesses are identified by the HCCP, they are required to take steps to remediate the identified gaps/weaknesses in a timely manner.
The full Dear CEO Letter can be accessed here