AML REQ for Credit Unions
The Risk Evaluation Questionnaire (REQ) for Credit Unions is an annual AML/CFT/FS return issued by the Central Bank of Ireland.
The REQ collects information on:
A credit union’s inherent ML/TF/FS risk exposure- How the credit union assesses ML, TF and financial sanctions risk within its business model
- The AML/CFT/FS framework, governance and controls in place
- Customer, product, transaction and geographic risk data
The return must be submitted through the Central Bank Portal in XML format using the prescribed XSD schema. Excel files are provided for reference only and cannot be submitted.
What's the scope?
Entities in scope
The AML REQ applies to credit unions regulated by the Central Bank of Ireland. Each credit union must use the sector-specific XSD schema for Credit Unions.
Activities covered
The REQ captures information across customer segments, high-risk customer activity, cash transactions, currency cash exchange, lending, money remittance, payment transactions, remote onboarding and AML/CFT controls.
Reporting dates
Standard reference date: 31 December of the preceding calendar year
First submission deadline: 18 September 2026
Reporting frequency
Annual reporting
File format
XML format only, aligned with the prescribed XSD schema and required XML wrapper. The XML file must be validated before upload to the Central Bank Portal.
Key data areas
The Credit Unions REQ requires information across:
- Physical presence and branch numbers
- Statement of compliance
- Customer segments and customer risk exposure
- High-risk customer activity
- Cash deposits, withdrawals and high-value cash activity
- Currency cash exchange
- Lending and loan repayments
- Money remittance activity where acting as agent of money remitters
- Payment accounts and payment transactions
- Remote onboarding
- BWRA, risk appetite and AML/CFT controls
- Policies, procedures, governance, audit and training
- Customer due diligence and periodic review backlogs
- Sanctions screening and transaction monitoring
- Residence and establishment
- Beneficial owners
- Politically exposed persons
- Geography of funds flow
Reporting considerations to keep in mind
- All questions are mandatory, even where a data point is not applicable
- Non-applicable fields must use the prescribed default values, such as 0, N/A, 2000-01-01 or the required default enumeration
- All values should be reported in euro unit value
- Customer risk ratings may be based on the rating as at the reference date, even if the rating changed during the year
- For the first REQ return, firms are not expected to retrospectively source certain customer segment or cash differentiation data where it was not captured
- XML submissions must follow the required table structures and strict table ordering
- Incorrect XML structure or table order may result in rejection
- The file name must follow the required format: CXXXXX_YYYYMMDD_A07.xml
- Firms must complete both the “Finalise” and “Sign-Off” steps in the Portal
- Material issues should still be raised through normal supervisory channels, not solely through the REQ
Steps to submission
A high-level overview of the key stages involved in preparing, validating and submitting the Credit Union AML REQ return to the Central Bank of Ireland.
Gather required AML/CFT, customer and transaction data
Collect the required data across customers, transactions, products, lending, payments, geographies and AML/CFT controls.
Map data to the required XML schema and REF fields
Align each data point to the prescribed XML taxonomy, including REF identifiers, enumerations, table structures and field formats.
Generate and validate the XML file
Create the XML return in line with the XSD schema and validate it against mandatory fields, formatting rules and table ordering requirements.
Upload the return via the Central Bank Portal
Submit the validated XML file through the Central Bank Portal and resolve any validation issues raised during upload.
Finalise and sign off the submission
Complete the Portal “Finalise” and “Sign-Off” steps to ensure the REQ is successfully completed and transmitted.