SCSI AML Guidance 2026: Where the Guidance Ends and the Act Begins

Identification Standard

The Two-Source Verification Requirement

SCSI guidance describes a single-document identification approach in some contexts. The Act does not permit a single document to satisfy both the identity and the address verification obligation where a reliable and independent source is required.

Under section 33(2) of the CJ(MLTF)A 2010, identification must be verified using documents, data, or information obtained from a reliable and independent source. For individual clients, a driving licence establishes photographic identity. It does not independently verify current residential address — a driving licence address is self-declared and not verified by the issuing authority. A second document from an independent source is required.

Acceptable supplementary address verification includes a utility bill, a bank statement, a Revenue Commissioners correspondence, or a document issued by a Government body within the previous three months. A document issued by the client, or by an entity the client controls, does not satisfy the independence requirement.

Corporate Clients

The RBO Register Does Not Satisfy UBO Verification

SCSI guidance references the Register of Beneficial Owners as a source for UBO identification. This is correct — but guidance sometimes implies that a search of the RBO register is sufficient for UBO verification. It is not.

The RBO register is self-reported. Its information is only as reliable as what was filed. The CJ(MLTF)A 2010 requires verification of UBO identity using a reliable and independent source. An RBO search tells you what was filed. It does not verify that what was filed is accurate or current.

For corporate clients, the verification file should include: a CRO search confirming current directors and shareholders, constitutional documents (Memorandum and Articles or equivalent), an RBO search as a starting point, and independent verification of each UBO with more than 25% ownership using individual identification documents — the same standard applied to natural persons — from an independent source.

Ongoing Monitoring

Annual Review Is the Minimum — Not the Default

SCSI guidance suggests annual review of CDD records as a general standard. Section 33(4) of the Act requires ongoing monitoring appropriate to the risk rating of the client. For a high-risk client — which includes all EDD clients, PEP clients, and clients from high-risk jurisdictions — annual monitoring is insufficient. The obligation is to monitor at a frequency commensurate with the risk.

An approach that sets all clients to annual review regardless of risk rating will not satisfy s.33(4) for high-risk clients. Practices should stratify their monitoring schedule by risk rating: six-monthly for high-risk clients including PEPs, annual for medium-risk, biennial where the risk assessment supports it for low-risk engagements with no transaction activity.

The 2027 Audit Obligation

What EU Regulation 2024/1624 Requires That SCSI Guidance Does Not Address

EU Regulation 2024/1624 (the AML Single Rulebook) applies directly in Ireland from 1 July 2027. It will require all designated persons — including construction professionals — to maintain a written AML framework that includes an independent audit function regardless of firm size.

SCSI guidance, published before the Regulation was finalised, does not address this requirement. Practices that are building their AML framework to the SCSI standard alone will need to retrofit the independent audit function in 2027. Those building to the statutory standard now will not.