Irish stockbroker enforcement action: What were the issues and why do they matter?

Written by Holly Whitehead on Wednesday May 22, 2019

On 8 May 2019, the Central Bank of Ireland found Campbell O’Connor & Company, a private client stockbrokers, guilty of five breaches of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010) between July 2010 and November 2016.

These breaches comprised of failings in the firm’s anti money laundering and combating the financing of terrorism (AML/CFT) framework. The investigation into the company was instigated following a themed supervisory inspection, as part of the Central Bank’s ongoing engagement with the investment firm sector.

The stockbrokers admitted the breaches and were fined €280,000.

Following this enforcement action, Seána Cunningham, the Director of Enforcement and Anti Money Laundering at the Central Bank, stated:

This is the first enforcement action taken against a stockbroker for breaches of the CJA 2010, and is a timely reminder to the wider financial services sector that AML/CFT compliance is, and will remain, a key priority for the Central Bank.

Interestingly, and not entirely unrelated to this enforcement action, Campbell O’Connor & Company is closing down in June 2019 citing ‘the ever increasing complexity of doing business in a changing regulatory landscape which does not favour smaller firms’ as the reason.

Let’s now take a look in more detail at the five breaches of the CJA 2010 that the Central Bank identified, and discuss why these issues are so important.

  1. Risk assessment

It was found that Campbell O’Connor failed to conduct any risk assessment of money laundering/terrorist financing (ML/TF) risks for over three years following the introduction of the CJA in 2010. Subsequently, the risk assessments conducted between November 2013 and November 2016 neglected to consider a number of key risks. For example, they failed to carry out:

  • an adequate assessment of the customer and geographic risks facing its business
  • any assessment of the risk of terrorist financing facing its business.

Why is this so important? A thorough risk assessment of a customer profile, the type of services offered to those customers and the jurisdictions in which those customers live or conduct business are vital to ensuring that all relevant ML/TF risks are mitigated.

  1. Policies and procedures

The Central Bank reported that the stockbroker firm did not have documented AML/CFT policies and procedures in place for over three years following the introduction of the CJA 2010. The policies and procedures employed between November 2013 and November 2016 were lacking in a number of respects, mirroring their issues with risk assessment. These deficiencies included:

  • when third-party payments were identified as high-risk customer activity, adequate policies and procedures to mitigate the risk were not adopted
  • policies and procedures which were not adopted for preventing and detecting TF or mitigating the risk that its customers could be involved in these activities
  • policies and procedures which were not adopted to ensure that the firm’s board of directors formally reviewed and, where appropriate, revised the AML/CFT policies and procedures on an ongoing basis.

Why is this important? Robust and effective policies and procedures are critical in protecting financial institutions from financial crime risk, as well as the integrity of the financial system as a whole. There should be regular compliance monitoring of the application of any organisation’s AML/CFT policies and procedures. Or, in the words of the FCA:

A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.

  1. Transaction monitoring

This relates to the company’s transaction monitoring process and the fact that it failed to consider the customer’s source of wealth, business activities and previous account activity. Instead, it assumed that its staff had sufficient personal knowledge of its customers to be able to mitigate ML/TF risk.

Why is this important? Firms are expected to implement robust transaction monitoring processes to be able to determine whether a transaction(s) could be suspicious. In order for these robust processes to function as well as they should, risk-based customer due diligence (CDD) must be conducted. This should always be documented and not just stored ‘in the heads’ of employees. Remember, as far as regulators are concerned, if it’s not documented, it didn’t happen.

  1. Third party reliance

In line with the CJA 2010, only third parties that have an ‘appropriate arrangement’ with a firm can be relied upon to conduct CDD on their customers.

However, the Central Bank reported that the stockbroker relied on a number of third parties without ensuring that all the necessary arrangements were in place.

Consequently, they could not guarantee that the third parties had conducted the required CDD on their customers. Furthermore, they could not guarantee that the third parties could provide the CDD documents or other relevant customer information if requested.

Why is this important? FATF Recommendation 17 states that third parties can be relied upon to perform elements of CDD provided that certain criteria are met. These criteria include ensuring that copies of the CDD documentation are made available from the third party upon request, and that the financial institution (FI) must immediately obtain the information gathered. In addition, the FI must ensure that the third party is regulated and has measures in place to comply with CDD requirements.

Ensuring that all of the above takes place is vital. Having the required and correct CDD means that not only will you know who your customer is and ensure that money launderers and terrorist financiers (or even sanctioned individuals) are not gaining access to the banking system, but you will be able to identify suspicious/unusual activity on the account, as you will already have knowledge of what is ‘normal’.

  1. Staff training

Between July 2010 and September 2015, Campbell O’Connor failed to demonstrate that its staff training met the required standard. In addition, the firm failed to provide ongoing training regarding the identification of suspicious transactions.

Why is this important? Failure to provide effective AML/CFT training increases the risk that staff fail to fully comprehend key ML/TF risks and will therefore fail to identify suspicious transactions. If this is the case, ML/TF could end up going undetected.

Interested in an Anti Money Laundering qualification? ICA courses in Ireland are available through our partner La Touche Training. Download the syllabus and learn more about our courses.

Stay current on your favourite topics. Explore more recommended reading:

Top 5 fines of 2018: Lessons Learned from Enforcement Action

Standard Chartered $1.1 billion enforcement action: what lessons can we learn?

Monetary Authority of Singapore Launches Debut Enforcement Report


This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at


Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author