Know Your Risk: What Ireland’s 2026 AML/CFT/PF National Risk Assessment and Action Plan Mean for Firms
Ireland’s third National Risk Assessment (“NRA”) was recently published by the Department of Finance (“DoF”). Developed by the Anti-Money Laundering Steering Committee (AMLSC), the NRA provides a consolidated assessment of Ireland’s money-laundering (“ML”), terrorist financing (“TF”) and proliferation financing (“PF”) risks. By assigning risk ratings to sectors and activities across Ireland, it helps regulators, law enforcement agencies and businesses in identifying the areas of greatest risk. The NRA supports the implementation of effective and proportionate anti-money laundering (“AML”), countering the financing of terrorism (“CFT”) and countering proliferation financing (“CPF”) measures to safeguard the integrity of the financial system.
The NRA is of importance to all firms operating in Ireland but is key for designated persons under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the “CJA 2010”). This is because designated persons are required to have regard to the NRA in the context of carrying out their business risk assessment (“BRA”) in accordance with Section 30A of the CJA 2010. Therefore, designated persons should ensure that they are familiar with the NRA and assess whether updates are required to their BRAs.
The NRA updates and expands on all previous national risk assessments for Ireland, including the last one published in 2019 and the information in the NRA was finalised in December 2025. It considers several developments impacting Ireland from an AML/CFT perspective, including the EU AML package (including the establishment of the EU-wide Anti-Money Laundering Authority (AMLA)), the EU Instant Payment Regulation and the Markets in Crypto-Assets Regulation (MiCAR). It also reflects ongoing legislative reforms including the Proceeds of Crime and Related Matters Bill.
Key Findings Overview
Ireland’s open and internationally connected economy make it an attractive location for trade and investment but also create opportunities for criminals to conceal illicit funds. The NRA assesses risk using four ratings: low, moderate, significant and very significant.
Overall, Ireland’s ML risk is rated moderate, driven primarily by drug trafficking and fraud. TF is rated as low, although evolving technologies including AI continue to present emerging risks. A standalone TF threat assessment was published in March 2025 and provides analysis from 2022 to 2024. Ireland’s PF risk is also rated as low, consistent with Ireland’s low level of direct exposure to jurisdictions associated with PF risks.
Due to each sectors’ size, complexity and exposure to financial crime, detailed ML, TF and PF assessments were conducted for retail banks, non-retail banks (“NRBs”), funds, virtual-asset service providers (“VASPs”) and payment/electronic money institutions (“PI/EMIs”). A further seven financial services sectors, including MiFID firms, retail credit firms, life insurance, retail intermediaries and high-cost credit providers, were reviewed at a high level to identify key risks and vulnerabilities to inform future supervisory priorities. Non-financial services providers including gambling service providers and trust and company service providers (“TCSPs”) were also assessed.
Notable Sectoral Findings Include:
- retail banks (traditional and digital) are rated very significant for ML and TF risk, due to their scale, diverse customer base and central role in the financial system. They are the main gateway to the domestic and international financial system and therefore are particularly vulnerable to the movement and integration of illicit funds.
- NRBs are rated significant for ML and TF risk in higher-risk business activities, reflecting the complexity and cross-border nature of transactions.
- crypto-assets are rated as very significant for ML and TF risk, particularly due to their use in ransomware payments, drug trafficking and other illicit activities.
- EMIs and money remittance firms are rated very significant for ML risk, reflecting their potential use in the rapid movement and layering of illicit funds.
- MiFID Investment Firms and MiFID Markets Firms, which were not assessed in the 2019 NRA, are now rated as moderate for ML and low for TF and PF risk.
- retail intermediaries were not previously assessed in the 2019 NRA but are rated as low for ML, TF and PF risk.
- gambling service providers present varying levels of risk across different activities, with cash usage identified as a key vulnerability.
- TCSPs are addressed across three supervised categories: supervised by the Central Bank of Ireland (“CBI”) (rated low for ML, TF and PF risk), supervised by designated accountancy bodies (significant for ML, moderate for TF and low for PF risk) and supervised by the Anti-Money Laundering Compliance Unit (“AMLCU”) (moderate for ML, and low for TF and PF risk). Legislation creating a new administrative financial sanctions regime for the AMLCU is expected to enter into force soon. It is expected to apply to, at least, TCSPs not supervised by the CBI or prescribed accountancy bodies.
The 30-Point Action Plan
Alongside the NRA, the DoF also published a 30-point Priority Action Implementation Plan (the “Plan”). The Plan assigns responsibilities across responsible bodies, with clear delivery timelines and outcomes supporting Ireland’s preparation for its 2028 Mutual Evaluation.
The Plan sets out specific actions to be delivered over the next 18 months in response to the NRA findings and outlines measures to strengthen Ireland’s defence against ML, TF and PF. It allocates responsibilities across government departments, law enforcement agencies, regulators and the private sector, setting out expected outcomes and delivery times. For the financial services sector there are a number of key actions set out including:
- by Q3 of 2027: the CBI will enhance data collection and analysis of ML/TF, financial sanctions evasion risks and AML/CFT controls, using this information to target supervisory activity. The CBI will provide regular feedback to firms and sectors and firms will be expected to strengthen their risk assessments and AML/CFT frameworks in light of this feedback;
- by Q1 of 2027: the CBI will continue to use its regulatory and supervisory powers to identify and mitigate ML, TF and financial sanctions evasion risks arising from technological developments and innovation. This includes assessing the impact of emerging technologies and setting clear AML/CFT expectations for regulated firms. Firms will need to keep up to date on risks and incorporate them into their risk assessments;
- by Q1 of 2027: the DoF will seek to improve beneficial ownership data verification across registers and by Q2 of 2027, it will require disclosure of ultimate beneficial owners and controllers of Limited Partnerships; and
- by Q4 of 2026: the DoF will consider the possibility of introducing mandatory FIU Ireland registration for persons with reporting obligations.
How can McCann FitzGerald LLP help?
McCann FitzGerald LLP is a premier law firm in Ireland with deep expertise in relation to financial services regulation. If you would like to discuss further or require any specific financial services regulatory advice, including in relation to your AML, CFT or CPF requirements, please contact us.
This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.









Select how you would like to share using the options below