AML REQ for Investment Firms
The Risk Evaluation Questionnaire (REQ) for Investment Firms is an annual AML/CFT/FS return issued by the Central Bank of Ireland.
The REQ is used to collect information on:
Inherent ML/TF/FS risks within an institutionâs business model- Customer, product, transaction and geographic exposure
- AML/CFT/FS governance, controls and oversight arrangements
- Compliance with AML/CFT and financial sanctions obligations
The return must be submitted through the Central Bank Portal using the prescribed XML schema. Only XML submissions are accepted.
Whatâs the scope?
Entities in scope
- Investment Firms regulated by the Central Bank of Ireland
- Each regulated institution must submit its own REQ
- Reporting scope depends on the institutionâs legal structure and whether EEA-wide aggregation applies
Activity covered
The REQ captures data across customer and transaction risk; geographic exposure; MiFID investment activities; custody and trading activity; crypto-asset exposure; AML/CFT controls and governance; and, transaction monitoring and sanctions controls.
Reporting dates
Reference date: 31 December of the preceding calendar year
First submission deadline: 30 June 2026
Reporting frequency
Annual reporting
File format
- XML only
- Must conform to the prescribed XSD schema
- Submitted via the Central Bank Portal
- Excel files are provided for reference only and cannot be submitted
Customer / Geographic nexus
Reporting includes:
- EEA customer exposure
- High-risk jurisdictions
- Non-EEA AML/CFT regulated entities
- Cross-border activity
- Geography of funds flows
Key data areas
The REQ captures information relating to:
- Legal structure and business model
- Customer segments and risk ratings
- Transaction volumes and values
- High-risk customers and sectors
- International presence
- Funding methods and intermediaries
- Remote onboarding
- Crypto-asset activity
- BWRA and risk appetite
- AML/CFT policies and procedures
- Transaction monitoring and STR controls
- Governance, audit and training arrangements
Reporting considerations to keep in mind
- All data points are mandatory, including non-applicable fields
- Non-applicable fields must use prescribed default values (e.g. 0, N/A, 2000-01-01)
- XML submissions must follow strict schema, table structure and table ordering requirements
- Files must be validated before submission
- Firms must complete both âFinaliseâ and âSign-Offâ steps within the portal
- All values should be reported in EUR
Steps to submission
A high-level overview of the key stages involved in preparing, validating and submitting the AML REQ return to the Central Bank of Ireland.
Determine reporting scope and applicable legal structure
Identify whether reporting should be completed on an Irish-only or aggregated EEA basis, based on the institutionâs legal structure and operating model.
Gather required AML/CFT, customer and transaction data
Collect the required quantitative and qualitative data across customers, transactions, products, geographies, governance and AML/CFT controls.
Map data to the required XML schema and REF fields
Align all data points to the prescribed XML taxonomy, including the relevant REF identifiers, enumerations and table structures.
Generate and validate the XML file
Create the XML return in line with the XSD schema requirements and validate the file against formatting, structure and mandatory field rules before submission.
Upload the return via the Central Bank Portal
Submit the validated XML file through the Central Bank of Ireland Portal using the required naming convention.
Finalise and sign off the submission
Complete the Portal âFinaliseâ and âSign-Offâ steps to ensure the REQ is formally submitted and transmitted successfully.