ARTICLE
10 February 2026

Central Bank Of Ireland Launches New Financial Crime Bulletin

DE
Dillon Eustace

Contributor

Dillon Eustace logo
Dillon Eustace is one of Ireland’s leading law firms focusing on financial services, banking and capital markets, corporate and M&A, litigation and dispute resolution, insurance, real estate and taxation. Headquartered in Dublin, Ireland, the firm’s international practice has seen it establish offices in Tokyo (2000), New York (2009) and the Cayman Islands (2012).
Explore Firm Details
In December 2025, the Central Bank of Ireland (CBI) published the first edition of its biannual Financial Crime Bulletin, which seeks to provide an update...
Ireland Technology
Keith Waine,Karen Jennings, and Brian McGlone
Your Author LinkedIn Connections
Keith Waine’s articles from Dillon Eustace are most popular:
  • within Technology topic(s)
  • with Finance and Tax Executives
  • with readers working within the Banking & Credit industries

For further information on any of the issues discussed in this publication please contact the related contact(s) on this page.

In December 2025, the Central Bank of Ireland (CBI) published the first edition of its biannual Financial Crime Bulletin, which seeks to provide an update on key regulatory developments in the areas of Anti-Money Laundering (AML), Combatting the Financing of Terrorism (CFT), Financial Sanctions (FS), and Fraud. A link to the Bulletin can be found here.

The following topics are addressed within the Bulletin:

  • Risk assessments;
  • Crypto and payments;
  • Fraud and scams;
  • Financial sanctions; and
  • EU AML developments.

The developments in these areas are recorded against the backdrop of a more integrated supervisory approach to risks and supervisory activities at a national and European level.

Risk Assessments

Ireland's National Risk Assessment (NRA) is currently being updated to ensure that the public and private sectors gain an understanding of the main money laundering (ML), terrorist financing (TF) and proliferation financing (PF) threats and vulnerabilities in the country.

The CBI itself assesses inherent risks, such as threats or vulnerabilities within its AML/CFT population, and mitigation measures which can be imposed to counteract such risks. The balance between the two assessments determines the CBI's residual risk score for each sector and each individual firm, and the degree of supervisory activity on a given sector or firm is determined accordingly.

The AML/CFT Risk Evaluation Questionnaire (REQ) is a key tool for assessing risk. The first two sector-specific REQ templates were published in June 2025 for credit institutions and payment institutions/electronic money institutions respectively. Enhanced REQs will be published for other regulated sectors between now and early 2027 and firms will be contacted individually with regard to their submission obligations.

Crypto and Payments

The CBI notes that six firms had been authorised as Crypto-Asset Service Providers (CASPs) by the CBI in 2025 at the time of publication in December and that more are expected in the coming months. The CBI highlights the following regulatory developments:

  • Recast Funds Transfer Regulation1 (FTR): enables relevant authorities to trace transfers of funds and crypto-assets in order to prevent, detect or investigate ML and TF.
  • EBA Travel Rule Guidelines under the FTR2: requires CASPs and Payment Service Providers (PSPs) to take steps to detect missing or incomplete information accompanying a transfer of funds or crypto-assets and have procedures in place to manage such transfers lacking the required information.
  • Updated European Banking Authority (EBA) Guidelines on ML/TF Risk Factors3: sets out factors which may indicate a CASP's exposure to higher or lower ML/TF risk, advises on how to adjust customer due diligence in line with those risks and provides guidance for other regulated firms on how to engage in a business relationship with a CASP.

The new EU AML Authority, AMLA, has emphasised the need for licensing and supervisory authorities to ensure that CASPs have effective AML/CFT systems in place from day one of their authorisation. For further detail, the AMLA Work Programme can be accessed here.

Fraud and Scams

The CBI will work to raise consumer and investor awareness of how to protect oneself against frauds and scams, prioritise reports made to the CBI about illegal content and work to detect and punish unauthorised providers and market abusers. Fraud detection and prevention controls within mobile apps and other payment services will also be assessed in efforts to tackle financial crime and the CBI is calling for a collaborative, national effort among State authorities, bodies and groups to achieve that end.

Financial Sanctions

The CBI highlights the following regulatory developments:

  • FTR: obliges PSPs and CASPs to have preventative measures frameworks in place to comply with the EU Financial Sanctions (Restrictive Measures) regime, introduced following Russia's invasion of Ukraine in 2022.
  • The 1st set of EBA Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures4: these apply to all financial institutions under the EBA's supervisory remit. They establish a framework to ensure that governance structures, internal controls, and risk management systems are robust enough to address risks related to breaches or circumvention of Union and national restrictive measures.
  • The 2nd set of EBA Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures5: these apply to CASPs and PSPs. The Guidelines specify what CASPs and PSPs should do to be able to comply with restrictive measures when performing transfers of funds or crypto assets.

The CBI completed a thematic review in 2024 assessing the efficacy of financial sanctions screening systems. Conducted across forty firms within a wide range of sectors, the review noted certain key findings:

  • All firms had client screening systems but just under half of the firms sampled did not have transaction screening systems in place.
  • While the majority of firms' screening systems met a suitable standard, some did not. The CBI stressed the importance of ongoing regular and appropriate testing of systems to avoid this scenario.
  • In cases where the test data was manipulated to reflect common data quality issues, the effectiveness of customer and transaction screening systems decreased.

The CBI has also noted an increase in breach reports of sanctions circumvention since 2024. It calls upon firms to identify vulnerable areas of their business and to implement and maintain up-to-date policies, procedures and controls which are proportionate to the size, nature and complexity of the financial institution.

A potential sanctions risk arises in relation to the use of non-EU cards for transactions and withdrawals at EU ATMs. Citing an example of US cards issued by a Belarussian bank, the CBI calls for vigilance as it is likely that other designated entities subject to EU restrictive measures have issued products that need to be blocked by Irish banks, PSPs, ATM operators and merchant services. Ultimately the responsibility for compliance with EU sanctions rests fully with EU institutions. The CBI notes that institution-specific controls and due diligence are essential and asks for suspected breaches to be reported to sanctions@centralbank.ie.

EU AML Developments

As mentioned above, the AMLA Work Programme was published in July 2025. The initial focus of AMLA is to work with national competent authorities (NCAs) and Financial Intelligence Units (FIUs) on drafting the regulatory technical standards and implementing standards and guidelines required under the AML Package, which has an implementation deadline of mid-2027.

The CBI is a member of the General Board of AMLA and encourages any insights or feedback on the development of the new regulatory framework and supervisory approach.

More generally, the CBI welcomes any feedback or queries pertaining to the insights provided within the Financial Crime Bulletin itself by contacting FID_Administration@centralbank.ie.

Footnotes:

1. Regulation (EU) 2023/1113.

2. EBA/GL/2024/11.

3. EBA/GL/2024/01.

4. EBA/GL/2024/14.

5. EBA/GL/2024/15.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Keith Waine
Keith Waine
Photo of Karen Jennings
Karen Jennings
Photo of Brian McGlone
Brian McGlone
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More