Last updated 15 April 2026. Written by the Harrington Compliance content team and reviewed by an Irish-qualified MLRO practising in a Central Bank-supervised firm.
If you run compliance at an Irish regulated firm, your anti money laundering training programme is one of the most tested parts of your whole framework. In every Central Bank inspection since 2022, training documentation has been flagged as the single most common gap β not policies, not CDD files, not STR processes. Training.
This guide sets out, in plain English, exactly what Irish law and supervisors expect from anti money laundering training in 2026, how often you need to deliver it, what it needs to contain, and what audit evidence you need to keep.
Quick take
Every designated person in Ireland must deliver AML training at onboarding and at least annually afterwards. The programme must be specific to the Criminal Justice Act, not generic, and evidence must be retained for six years. The best way to fail an inspection is to rely on a PDF and a signed attendance sheet.
Why AML training matters in Ireland
Ireland's primary AML legislation is the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended). Section 54 of that Act imposes a direct training obligation on every designated person:
"A designated person shall ensure that persons involved in the conduct of the designated person's business are instructed on the law relating to money laundering and terrorist financing⦠and are provided with ongoing training."
That wording is deliberately broad. Irish supervisors β the Central Bank of Ireland, the CRO AMLCU for accountancy firms, the Department of Justice for solicitors, the PSRA for estate agents β have used it to set steadily higher expectations about what actually qualifies as "ongoing training."
Who has to do AML training?
Section 25 of the CJA defines "designated persons." In practice, this captures nearly every Irish regulated professional services firm, including:
- Credit and financial institutions (banks, credit unions, MiFID firms, payment and e-money institutions)
- Auditors, external accountants, and tax advisers
- Trust or company service providers (TCSPs)
- Solicitors (in certain defined activities)
- Property service providers (estate agents and auctioneers)
- Insurance intermediaries in relation to life assurance and certain investment products
- High-value dealers and virtual asset service providers
If your firm falls into any of those categories, every single person involved in the conduct of the firm's business needs AML training β not just the MLRO, not just client-facing staff. That includes admin, IT, finance, and often directors who aren't "operational."
How often must anti money laundering training be delivered?
The CJA requires training to be "ongoing." In practice, Irish supervisors have settled on a clear expectation:
- At onboarding β before a new starter has access to client files
- At least annually β full refresh with updated content
- On any material legal change β e.g., a CJA amendment or Central Bank guideline
- On any firm-specific change β e.g., new product, new jurisdiction, new client type
Firms that deliver training once and rely on it for multiple years are a standing red flag in inspection reports.
What should your AML training cover?
The Central Bank's Anti-Money Laundering Guidelines for the Financial Sector and related sectoral guidance set out what good content looks like. At a minimum, your anti money laundering training programme should cover:
- The law β the CJA, EU AML Directives, sanctions regimes
- Money laundering and terrorist financing typologies relevant to your sector
- Customer Due Diligence β standard, simplified, and enhanced
- Beneficial ownership and the Central Register of Beneficial Ownership (RBO)
- PEP identification and ongoing monitoring
- Internal reporting to the MLRO and external reporting to FIU Ireland / Revenue
- Tipping-off prohibitions and related offences
- Record keeping and the six-year retention rule
- Role-specific responsibilities (what I have to do, today)
- Firm-specific policies, procedures, and escalation routes
What counts as acceptable evidence?
This is where most firms underperform. A signed attendance sheet is not enough. The Central Bank increasingly looks for:
- Proof of completion β timestamped, per learner, per module
- Proof of comprehension β an end-of-module exam with a meaningful pass mark
- Proof of integrity β randomised questions so that learners can't simply share answers
- Proof of content currency β version history showing when modules were last updated
- Proof of coverage β one dashboard showing every designated person and their training status
- Six-year retention β certificates, scores, and dashboard snapshots stored for six years
Inspector's favourite question
"Show me the most recent training completion record for a member of staff of your choice, and tell me why they completed that specific version." If you can't answer it in under 60 seconds, your programme is probably not audit-ready.
Classroom vs. e-learning
The CJA is technology-neutral β it doesn't prescribe a delivery mode. For most Irish firms in 2026, a well-structured e-learning programme is significantly stronger evidence than a half-day classroom session, because it produces the audit trail supervisors now expect.
That said, e-learning quality varies wildly. Generic "global" AML modules that gesture vaguely at international standards are not a defence. Your programme has to reference Irish law, Irish cases, and your sector.
Common audit findings in 2024β2026
Based on published Central Bank inspection outcomes and enforcement decisions, the top AML training findings are:
- No evidence of onboarding training before client contact
- Annual refresh missed for some staff (often senior partners)
- Training content not updated after a CJA amendment
- No end-of-module assessment β just attendance
- No sector-specific content despite operating in a regulated sector
- No evidence of content review or version control
Each of these is avoidable with a modern training platform. None of them is avoidable with a PDF and a sign-in sheet.
What 'audit-ready' actually looks like
When the Central Bank arrives, an audit-ready AML training file contains, as a minimum:
- Training policy with governance, ownership, and review cycle
- Programme outline showing how it maps to Section 54 and sectoral guidance
- Evidence of content review (dated, signed off)
- Completion records per learner, per module, per year, for the last six years
- Exam scores and a record of any fails and retakes
- Exception log β who missed a deadline, when, why, and what happened
- Board-level management information showing training completion is tracked
Getting there in one week
If your current programme doesn't look like that, the quickest way to close the gap is to move to a purpose-built, Irish-first compliance training platform. Harrington Compliance's AML course is built entirely around the CJA, includes randomised assessment and audit-ready reporting, and typically takes a firm from "policy PDF and sign-in sheet" to "audit-ready" in under a week.
Book a 15-minute walkthrough β