In December 2025, the Central Bank of Ireland (CBI) issued the first edition of its newly launched Financial Crime Bulletin (Bulletin). The Bulletin will be issued biannually and provides updates on key regulatory and supervisory developments in the areas of anti-money laundering and counter terrorist-financing (AML/CFT), financial sanctions and financial fraud. The CBI has a new webpage to host the Bulletins, available here.
The Bulletin is published in the context of a number of developments in this area including the Central Bank’s adoption of an integrated supervisory approach, establishment of the EU Anti-Money Laundering Authority, MiCAR entering into force and continuing work on the EU AML package.
In this client insight, we highlight the topics addressed in the first edition of the Bulletin, including a thematic review of financial sanctions screening systems.
Topics addressed in the first edition of the Bulletin
The first edition of the Bulletin provides updates on:
The CBI’s plans to introduce an enhanced AML/CFT Risk Evaluation Questionnaire (REQ) tailored for particular sectors over a phased period up to early 2027. The CBI issued two sector-specific REQ templates for credit institutions and payment institutions/e-money institutions in 2025, and it will continue to roll out enhanced REQs for other regulated sectors.
Regulatory and supervisory developments for crypto asset service providers regarding AML/CFT obligations and financial sanctions. These developments aim to tackle heightened AML and financial sanctions risks arising from the increased access to cross‑border, pseudonymous crypto-asset transfers.
How the CBI will use its new status as a ‘trusted flagger’ under the Digital Services Act 2024. Online platforms are now legally obliged to ensure that any illegal online content reported by the CBI regarding financial scams and fraud is prioritised and dealt with in a timely manner.
The CBI’s planned work to assess and supervise fraud risk in the financial system and the mitigation measures used by regulated firms. This work will be underpinned by the implementation of the ‘Standards for Business’ in the revised Consumer Protection Code, which prescribe measures to prevent financial abuse. The revised Consumer Protection Code will apply from 24 March 2026.
The CBI’s thematic review of financial sanctions screening systems of firms in a range of sectors. The review assessed the effectiveness of customer and transaction screening systems used by these firms (see below for details).
Potential sanctions risk for Irish banks, payment service providers, ATM operators and merchants services relating to the use of non-EU cards for transactions and withdrawals at EU ATMs. Such Irish service providers and operators face potential sanctions risks in this context because non‑EU cards (including those issued by entities under EU restrictive measures) may still be used at EU ATMs unless their Bank Identification Numbers are specifically blocked. In addition, card schemes that apply their own compliance controls may not fully reflect EU sanctions even if they do reflect other sanctions regimes, creating a heightened risk of inadvertently processing prohibited transactions.
AML/CFT developments at an EU level that are driven by the EU’s AML/CFT legislative package and the establishment of the Anti-Money Laundering Authority (AMLA). The legislative package and AMLA are designed to ensure the consistent application of EU AML/CFT rules across the EU.
Thematic review of financial screening systems
The CBI confirmed the completion of a thematic review that assessed the efficacy of financial sanctions screening systems of 40 firms across a wide range of sectors. The Bulletin outlines the following findings and supervisory expectations from the thematic review:
While all firms had client screening systems, almost half of the client screening systems sampled did not have transaction screening systems. This potentially exposes a firm to a greater risk of breaching sanctions requirements in EU restrictive measures. Where a firm has chosen not to incorporate transaction screening within its client screening system, that decision should be subject to robust governance and be clearly documented.
While many firms’ screening systems were of a satisfactory standard in terms of identifying sanctioned names when undertaking customer and transaction screening, some firms’ screening systems were well below a satisfactory standard. This highlights the importance of on-going, regular and appropriate testing of systems to ensure they are operating effectively and to identify any areas for improvement.
Where firms have outsourced their screening systems, they must ensure that they have appropriate oversight of the outsourced service providers and the screening tool.
When the test data was manipulated to reflect common data quality issues, the effectiveness of customer and transaction screening systems decreased. This highlights the need to test and assess the effectiveness of ‘fuzzy logic’ rules on an on-going basis.
Where a breach of EU restrictive measures arises, immediate action should be taken to address it.
In light of the increase in breach reports, the CBI also set out the following expectations of firms’ sanctions compliance policies, procedures and controls:
Firms should identify and assess which areas of their business are particularly vulnerable, or exposed to, restrictive measures and to potential circumvention of restrictive measures. On this basis, firms should put in place, implement and maintain up-to-date policies, procedures and controls to ensure that they can comply effectively with restrictive measures.
The policies, procedures and controls should be effective and proportionate to the size, nature and complexity of the firm, and to its restrictive measures exposure. They should also be kept under regular review.
Given the risk of relying solely on third-party schemes or networks to manage sanctions risks and that ultimate responsibility for compliance with EU restrictive measures rests with the firm, firm-specific controls and due diligence checks are essential to ensure that no funds or financial services are provided, directly or indirectly, to restricted persons or entities.
Conclusion
With increased supervisory scrutiny on financial sanctions and a growing volume of breach reports, the thematic findings and commentary on sanctions compliance policies, procedures and controls in the Bulletin serve as a timely reminder that sanctions compliance is an evolving risk area. Firms should consider using the Bulletin as a benchmark against which to assess their current policies, procedures, controls, testing methodologies and escalation frameworks, and to identify any gaps before they crystallise into regulatory issues.
For further information on the CBI’s approach and role in relation to financial sanctions or to managing financial crime risk in regulated firms, please contact Dario Dagostino, Partner, Eoin O’Connor, Partner Patrick Brandt, Partner, Mark Devane, Partner, Chloe Culleton, Partner, Eimear O’Brien, Partner, Louise Hogan, Partner, Sarah Lee, Senior Practice Development Lawyer or your usual ALG contact.
