Posted by Eimear O'Brien and Clodagh Butler on 1 July 2021

Ireland's financial technology (FinTech) sector is facing regulatory change. On 23 April 2021 (the Commencement Date), the Criminal Justice (Money Laundering and Terrorist financing) (Amendment) Act 2021 (2021 Act) was commenced, implementing the provisions of the European Union's Fifth Anti-Money Laundering Directive (5AMLD).

Amongst other things, the 2021 Act introduces the concept of a Virtual Asset Service Provider (VASP) and the requirement for VASP’s to register with the Central Bank of Ireland (CBI) for anti-money laundering (AML) and counter financing or terrorism (CFT) purposes.

What is a Virtual Asset Service Provider

Under the 2021 Act, a VASP is a person who by way of business carries out one or more of the following activities for, or on behalf of, another person:

  • exchange between virtual assets and fiat currencies; 
  • exchange between one or more forms of virtual assets;
  • transfer of virtual assets, that is to say, conduct a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another;
  • custodian wallet provider;
  • participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset or both;

If a person, or business, provides any of these services, they will be considered a VASP and will therefore be a “designated person” under the Criminal Justice (Anti-Money Laundering and Terrorist Financing) Act 2010 (the 2010 Act), and must therefore register with the CBI for AML/CTF purposes. The VASP will also be subject to regulation by the CBI for AML/CTF purposes as a “designated person” and will be required to comply with the AML/CFT obligations contained under Part 4 of the 2010 Act which include:

  • carrying out an ML/TF risk assessment of their business;
  • undertaking customer due diligence (CDD) of their customers;
  • carrying out ongoing monitoring of customers and customer transactions;
  • filing Suspicious Transaction Reports (STRs) with Financial Intelligence Unit (FIU) Ireland and the Revenue Commissioner in instances where money laundering or terrorist financing is known or suspected;
  • maintaining and implementing AML/CFT policies, procedures and controls;
  •  retaining appropriate records; and
  • providing AML/CFT training to all staff on an ongoing basis.

When is a VASP required to register with the CBI?

The 2021 Act provides for a transitional period for VASPs operating in Ireland immediately before the coming into operation of the relevant sections which provide for registration. The 2021 Act provides for a transition period of three months from the Commencement Date. A VASP operating in Ireland prior to the Commencement Date must therefore register with the CBI in advance of 23 July 2021.

VASPs wishing to enter the Irish market cannot avail of the transitional provisions and must secure registration before they can operate in Ireland.

Is a VASP required to be incorporated in Ireland in order to successfully register with the CBI?

The 2021 Act requires registration of operators “carrying on business” as a VASP in Ireland. The CBI has issued guidance which provides that a firm seeking registration as a VASP must be acting in the State, and confirms that it generally interprets “acting in the State” to mean a corporate body constituted under Irish law, or a branch, or agent, or a sole trader, which is operating its virtual asset services from an establishment, or via a physical presence, in Ireland.

The CBI has clarified that it expects to see “a physical presence located in Ireland and for there to be at least one employee in a senior management role located physically in Ireland, to act as the contact person for engagement with the Central Bank."

The onus of meeting the statutory requirements and satisfying the CBI that an applicant is being operated from Ireland (and not abroad) lies with the applicant firm.

Registration   

Registration with the CBI as a VASP requires completion of (i) a pre-registration form and (ii) a registration form. The CBI also offers to facilitate a pre-application meeting, during which further questions concerning the registration process can be addressed. The CBI recommends taking advantage of this option to prevent any deficiencies when it comes to submitting an application for registration.

The VASP must provide details, including its proposed VASP activities, a business model, business structure, its regulatory history and details of shareholders and senior management. The company must also provide information on the fitness and probity of the beneficial owners and controllers of the company. This includes principal officers and individual with certain management functions.

In addition to the organisational and structural requirements, the firm must provide an existing AML/CFT governance and risk assessment to the CBI.

If registration is successful, the CBI will list the VASP on a public register. A VASP can be removed of the register if the CBI discovers that the VASP is conducting a business which does not mirror the activities described in the registration form.

Penalties

It is a criminal offence to carry on the business of a VASP without registration. It is also a criminal offence for failure to comply with the AML/CTF obligations set out under Part 4 of the 2010 Act, which may result in a fine, imprisonment or both.

Registration – next steps

The CBI is now accepting applications for registration as a VASP. DLA Piper can assist your business in preparing for registration, as well as provide ongoing AML/CTF advice and support.

Horizon scanning – MiCA Regulation

Another FinTech development to be aware of is the European Commission’s (“Commission”) proposal for a Regulation on Markets in Crypto Assets (MiCA). This proposal is part of the Commission’s “Digital Finance” package, a package of measures to further enable and support the potential of digital finance in terms of innovation and competition while mitigating the risk”.[1]  

The MiCA Regulation intends to provide a harmonised regime to enable European-wide, cross-border passporting of crypto-asset services. Following an examination by the Commission of the opportunities and challenges raised by crypto-assets, it mandated the EBA and ESMA to assess the applicability and suitability of the existing EU financial services regulatory framework to crypto-assets. The EBA and ESMA found that most crypto-assets fall outside of the scope of EU financial services regulation (except for AML and CFT legislation). As a result, crypto-assets are not subject to consumer and investor protection measures, despite giving rise to related risks. In addition, a number of EU Member States have introduced legislation aimed at regulating crypto-assets which will ultimately lead to market fragmentation and legal uncertainties across the EU. The MiCA Regulation aims to provide a regulatory regime for crypto-assets while ensuring that the EU financial services regulatory framework is innovation-friendly and does not pose obstacles to the application of new technologies.

[1] https://eur-lex.europa.eu/resource.html?uri=cellar:f69f89bb-fe54-11ea-b44f-01aa75ed71a1.0001.02/DOC_1&format=PDF 

Add to home screen

To add this site to your home screen open the browser option menu and tap on Add to home screen.

To add this site to your home screen tap arrow and then plus