AML Compliance in Ireland: What Your Firm Is Being Inspected Against Today, and What Changes in 14 Months
The unified European Anti-Money Laundering Regulation — Regulation (EU) 2024/1624 — applies directly across all Member States from 10 July 2027. That is 14 months away. The Law Society of Ireland and the Central Bank are not waiting. Field inspections conducted today apply modernised criteria against the existing Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 framework. The gap between what inspectors expect and what most boutique practices have on file is widening.
This is the current enforcement position by profession, followed by what the 2027 transition requires you to build before the deadline arrives.
Solicitors & Legal Practices
What Is Being Inspected Now
The Risk Assessment Narrative
The Law Society's AML Unit has made unsupported risk scoring the primary inspection failure point across 2025 and into 2026. A client file that records a risk rating — Low, Medium, or High — without a written narrative explaining the basis for that rating does not meet current inspection standards.
The Law Society's own published guidance states directly that firms must retain their risk assessment with their documented thought process on the client file. That documentation must address geographic variables, the nature and complexity of the transaction, corporate structures involved, and source of wealth indicators. A checkbox or dropdown field without accompanying text is insufficient. The Law Society's structured Customer Risk Assessment forms provide the required framework. Their use is not optional for firms that have been through inspection.
Multi-Source Identification
Current Law Society enforcement guidelines require solicitors to verify more than one independent source of client identification before delivering any AML-regulated legal service — with particular emphasis on property and conveyancing transactions. Inspectors are examining whether nationality and place of birth have been explicitly verified and recorded on the file as discrete data points.
A conveyancing file opened on a single verification source is a non-compliant file under current inspection criteria.
The 90-Day Proof of Address Wall
A proof of address document used to satisfy client due diligence must be dated within 90 days of matter intake. In Irish property transactions, where chains routinely stall, this creates an active exposure: if a transaction pauses and a document crosses the 90-day boundary without being refreshed, the file is immediately non-compliant. Review all open matters where proof of address documentation is approaching or has exceeded 90 days. Request updated documentation before the matter progresses further.
The Aborted Transaction Exposure
The Law Society's published case studies identify aborted retainer patterns as the highest concentration of defensive Suspicious Transaction Reports currently being filed through the GoAML portal. The pattern: a client introduces funds into the client account, allows them to sit, then cancels the instruction and requests return of funds to an alternative account or payee.
Returning those funds without conducting secondary verification and filing an STR where suspicion exists exposes the firm to direct criminal liability under the 2010 Act. The Law Society's anonymised case studies document active attempts targeting Irish boutique practices.
Accountancy Practices
The TA 05/2025 Structural Requirements
Technical Alert 05/2025 was issued in December 2025 by the Consultative Committee of Accountancy Bodies Ireland as one of its final authoritative publications before dissolving at year-end 2025. Its guidance is now actively maintained by the surviving constituent bodies, including Chartered Accountants Ireland. The Alert sets out the structural gaps independent practices must close ahead of the 2027 transition.
Independent Audit Function — Incoming July 2027
The AMLR requires firms to maintain an independent audit function to test internal AML policies, controls, and file standards. The Alert is explicit on the consequence for smaller practices: where the structure of the firm does not permit internal independence — where the compliance partner is also a managing partner — the firm must contract an external expert to conduct this testing.
This requirement applies from July 2027. Firms that have not begun scoping this arrangement have 14 months. Given the lead time required to identify a competent external reviewer, document their appointment, and build the review into the annual compliance calendar, that window is shorter than it appears.
Staff Integrity Assessments — Incoming July 2027
Article 13 of Regulation (EU) 2024/1624 will require firms to maintain documented assessments of the skills, legal knowledge, and regulatory competency of any employee, agent, or subcontractor participating in AML functions. This is an incoming obligation — it becomes enforceable in July 2027. The time to design the assessment framework and integrate it into your onboarding and annual review process is now, not in June 2027.
QFAs & Financial Brokers
Source of Wealth Documentation
The Central Bank's inspection findings consistently identify source of wealth documentation as the primary failure point in financial broker files.
The account from which a payment originates — the bank account used to pay a life policy premium or property deposit.
The historical narrative of how the client accumulated their net worth — a business exit, an inheritance, accumulated equity over a working career, rental income over decades.
Writing “savings” in the source of wealth field on a high-value client file is not a documented source of wealth. It is an unanswered question. Inspectors treat it as such. The file must contain a narrative supported by documentary evidence: wage summaries, inheritance documentation, audited company accounts, pension encashment records, or equivalent. Every high-value file must carry this narrative before the next inspection cycle.
Immediate Action Checklist
Three infrastructure changes must be completed before your next regulatory engagement.
- 1Narrative-Based CDD on Every File. Every client file must carry a written text record explaining why the client was rated Low, Medium, or High risk. A checkbox without accompanying text is non-compliant today.
- 2Updated Client Care Materials. Deploy the Law Society's revised AML Client Care Leaflet at the point of client intake. For accountancy practices, equivalent intake documentation explaining why multi-source identification and source of wealth verification is required. This reduces client friction and creates a documented evidence trail that the client was informed.
- 3Independent File Review. If your internal AML controls have not been reviewed by an independent party within the last 12 months, schedule that review now. The 2027 obligation to maintain a permanent independent audit function makes this doubly useful — it catches current file gaps and begins establishing the review relationship your firm will need to maintain as a permanent fixture from July 2027.
The 2027 Single Rulebook does not replace your current obligations — it builds on them. Firms that wait for July 2027 to begin building compliant infrastructure will find the inspection cycle has already moved on.
Oibrio publishes verified regulatory intelligence for Irish legal, accounting and financial practices.