AuthorPeter Oakes is an experienced anti-financial crime, fintech and board director professional. Archives
April 2024
Categories
All
|
Back to Blog
Peter Oakes, fintech and financial crime expert talks to Gabriel Vedrenne of ACAMS MoneyLaundering.com about European financial institutions that switched to onboarding all new clients remotely at the height of COVID-19 lockdowns should review their customer files to ensure that adequate due diligence was conducted as per the European anti-money laundering standard setter warned.
CLICK HERE
0 Comments
Read More
Back to Blog
"the settlement sends a strong message to industry that AUSTRAC will take action to ensure our financial system remains strong so it cannot be exploited by criminals" AUSTRAC 24 September 2020 Source: AUSTRAC
Press Release 24 September 2020 Westpac and AUSTRAC have today agreed to a AUD$1.3 billion dollar proposed penalty over Westpac’s breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). Westpac and AUSTRAC have agreed that the proposed penalty reflects the seriousness and magnitude of compliance failings by Westpac. The Federal Court of Australia will now consider the proposed settlement and penalty. If the Federal Court determines the proposed penalty is appropriate, the penalty order made will represent the largest ever civil penalty in Australian history. In reaching today’s agreement, Westpac has admitted to contravening the AML/CTF Act on over 23 million occasions, exposing Australia’s financial system to criminal exploitation. In summary, Westpac admitted that it failed to:
In reaching the agreement, Westpac has also admitted to approximately 76,000 additional contraventions which expand the original statement of claim. These new contraventions relate to information that came to light after the civil penalty action was launched last year and relate to additional IFTI reporting failures, failures to reasonably monitor customers for transactions related to possible child exploitation, and two further failures to assess the money laundering and terrorism financing risks associated with correspondent banking relationships. AUSTRAC’s Chief Executive Officer, Nicole Rose PSM said the settlement sends a strong message to industry that AUSTRAC will take action to ensure our financial system remains strong so it cannot be exploited by criminals. “Our role is to harden the financial system against serious crime and terrorism financing and this penalty reflects the serious and systemic nature of Westpac’s non-compliance,” Ms Rose said. “Westpac’s failure to implement effective transaction monitoring programs, and its failure to submit IFTI reports to AUSTRAC and apply enhanced customer due diligence in relation to suspicious transactions, meant AUSTRAC and law enforcement were missing critical intelligence to support police investigations.” Ms Rose said such a large number of breaches over several years was unacceptable and could have been avoided with better assurance and oversight processes to identify ongoing reporting failures. AUSTRAC works in partnership with the businesses we regulate through a comprehensive industry education program. “We have been, and will continue to work collaboratively with Westpac and all businesses we regulate to support them to meet their compliance and reporting obligations to ensure this doesn’t happen again in the future.” Westpac continues to partner with AUSTRAC to assist AUSTRAC and law enforcement agencies to stop financial crime, including as a member of AUSTRAC’s private-public partnership the Fintel Alliance. About AUSTRACAUSTRAC (the Australian Transaction Reports and Analysis Centre) is the Australian Government agency responsible for detecting, deterring and disrupting criminal abuse of the financial system to protect the community from serious and organised crime. Through strong regulation, and enhanced intelligence capabilities, AUSTRAC collects and analyses financial reports and information to generate financial intelligence. Learn more about AUSTRAC: https://www.austrac.gov.au/about-us/austrac-overview Media contactEmail: media@austrac.gov.au Phone: (02) 9950 0488
Back to Blog
KBC Bank Ireland plc fined €18.3mn for regulatory breaches and being 'simply unconscionable.'24/9/2020 "Our investigation found KBC persistently refused to accept its failings despite having multiple opportunities to remedy the detriment that it was causing to its customers over an extended period. KBC’s actions in this regard, including the failure to adequately comply with the Stop the Harm Principles of the TME [Tracker Mortgage Examination], were simply unconscionable." Central Bank of Ireland 24 September 2020 Question: If KBC conducted itself in the manner contended by the Central Bank of Ireland, which KBC arguably agreed with (otherwise why would it have agreed with the view) why did the Central Bank afford KBC a discount of 30% on a fine which would have otherwise been €26,162,857? Source: Central Bank of Ireland
Press release – 24 September 2020 Enforcement Action Notice: KBC Bank Ireland plc reprimanded and fined €18,314,000 by the Central Bank of Ireland for regulatory breaches affecting tracker mortgage customer accounts On 22 September 2020, the Central Bank of Ireland (the “Central Bank”) reprimanded and fined KBC Bank Ireland plc (“KBC” or the “Firm”) €18,314,000 pursuant to its Administrative Sanctions Procedure (“ASP”) in respect of KBC’s serious failings to certain tracker mortgage customers holding 3,741 customer accounts from June 2008 to October 2019. KBC has admitted in full to 12 regulatory breaches. The Central Bank has imposed a fine at the highest end of its sanctioning powers, reflecting the gravity with which the Central Bank views KBC’s failures. The impact of KBC’s failings on its customers, which related to 3,741 accounts, was devastating and included significant overcharging and the loss of 66 properties. Additionally, KBC’s engagement and co-operation with the Central Bank’s Tracker Mortgage Examination (the “TME”) was deeply unsatisfactory. KBC caused avoidable and sustained harm to impacted customers due to the Firm’s unwillingness to acknowledge its failings until December 2017 and to take immediate action to apply the protections of the TME. Had KBC adhered to the TME guidelines sooner, without the need for significant and sustained Central Bank intervention, the harm to its customers – particularly incidences of property loss - would have been significantly reduced. The Central Bank determined that the appropriate fine was €26,162,857, which was reduced by 30% to €18,314,000 in accordance with the settlement discount scheme provided for in the Central Bank’s ASP[1]. This will be paid to the Exchequer[2]. This fine is in addition to the €153,524,363 that KBC has been required to pay to date in redress and compensation and account balance adjustments under the TME to its impacted tracker mortgage customers. The enforcement investigation, which was conducted in parallel with the TME, sought to determine how and why KBC failed to fulfil its obligations to their customers. The investigation also examined KBC’s failure to adhere to the Central Bank’s requirements under the TME. Over the course of 2008, tracker mortgages were becoming increasingly unprofitable for KBC, resulting in the withdrawal of the product by July 2008. The Central Bank’s investigation found that in doing so, KBC failed to treat its existing tracker mortgage customers fairly and put KBC’s financial interests above the protections their customers should have been afforded. In particular, KBC’s failures resulted from: (i) A proactive strategy to convert customers off their tracker rates: In 2008, KBC devised a strategy to permanently convert certain customers from their low-cost tracker rates. This applied to customers seeking fixed rates or interest only periods at a time when KBC knew that trackers were unprofitable for them. KBC failed to adequately warn the customers concerned that such amendments would result in the permanent loss of their tracker rates. The impact of this strategy was that certain customers, some of whom were already in financial distress, were required to make higher monthly mortgage repayments over the remaining term of their mortgages. This in turn increased the profit margin KBC made on these mortgages. (ii) Failure to adequately warn customers entering interest only or fixed rate periods that they would be unable to return to their tracker rates: At a time when KBC was withdrawing tracker products, it failed to provide customers with clear documentation and/or to provide customers with vital information that their request to fix their interest rate or move to an interest only period would lead to the permanent loss of their tracker interest rate. KBC also failed to warn customers seeking an interest only arrangement that they stood to pay more interest over the lifetime of their loan. (iii) Failure to adequately comply with the Central Bank’s Framework for the TME: KBC failed to adhere to the guidelines set out in the Central Bank’s TME Framework, requiring significant intervention from the Central Bank to ensure that all impacted customers were identified, redressed and compensated. (iv) Failure to adequately comply with the Stop the Harm Principles of the TME: From the outset of the TME in December 2015, KBC failed to take adequate steps to prevent customers from suffering any further harm or detriment pending the outcome of the TME review. This included failing to stop charging higher, incorrect rates of interest and failing to halt legal activity and loss of ownership of customers’ properties. Of the 66 properties referenced above that were lost as a result of KBC’s tracker mortgage failures, 39 of these could have been avoided had KBC implemented the Stop the Harm Principles immediately and as required. The Firm’s approach to, and implementation of, these protections was grossly inadequate. (v) Provided incorrect information to the Financial Regulator[3] in respect of KBC’s treatment of certain tracker customers: In 2009, KBC advised the Central Bank that customers who sought interest only arrangements did not lose their tracker rates for the remaining term of their loans. This was incorrect. As a result, certain interest only customers were denied redress and compensation and an account balance adjustment until identified as having wrongfully lost their tracker through the TME 8 years later. KBC only acknowledged that it had not treated these customers fairly following robust and sustained intervention by the Central Bank during the TME. (vi) Operational and systems failings: In addition, the investigation found that KBC had inadequate mortgage systems and/or operational controls in place to enable them to meet their regulatory and contractual obligations to certain customers. In total there were 12 separate regulatory breaches of the European Communities (Unfair Terms in Consumer Contracts) Regulations 1995 (“1995 Regulations”), the Consumer Protection Codes 2006 and 2012 (“2006 Code” and “2012 Code” respectively). The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, said: “The Central Bank’s investigation into KBC has revealed a stark example of the very real harm caused to people when financial service providers fail to treat their customers fairly. By placing their own financial interests ahead of their customers’ best interests, KBC failed to adequately consider their obligations under the Consumer Protection Codes, which were put in place in order to protect customers in their dealings with financial service providers. The impact of KBC’s actions on their customers was devastating and avoidable. By overcharging customers over extended periods, KBC forced people into arrears, including certain customers whom KBC knew were already facing financial difficulties. Some customers suffered the most severe impact with 66 properties being lost by customers, 11 of which were family homes. Our investigation found KBC persistently refused to accept its failings despite having multiple opportunities to remedy the detriment that it was causing to its customers over an extended period. KBC’s actions in this regard, including the failure to adequately comply with the Stop the Harm Principles of the TME, were simply unconscionable. KBC’s initial review of their mortgage loan book during the TME identified only 93 impacted customer accounts. The total number of impacted customer accounts has since increased to over 3,700 but only following the sustained challenge and intervention of the Central Bank. We expect firms to engage in an open, timely and constructive manner with the Central Bank and to do the right thing by their customers, not because they are told to but because it is the right thing to do. KBC’s failures reinforce the Central Bank’s view that the financial services industry has a long way to go in breaking down the deep-set cultures that cause such terrible damage to people’s lives. Our message today is clear, and goes beyond the tracker mortgage related issues to all regulated firms: Firms should act in the best interest of their customers and consider their Consumer Protection Code obligations when making decisions that impact their customers. Where firms fail to do so, our response will be robust and the consequences will be serious.” Background to the investigation into KBC KBC Mortgage Bank (formerly IIB Homeloans Limited) is a credit institution and a regulated financial service provider. IIB Homeloans Limited applied for authorisation as a retail credit firm by the Central Bank in May 2008 following the enactment of legislation introducing the retail credit firm regime, thereby becoming subject to the Consumer Protection Codes from 1 June 2008. IIB Homeloans Limited subsequently obtained a banking licence from the Central Bank on 24 October 2008, at which time it officially renamed its operations in Ireland ‘KBC Mortgage Bank.’ In or around June 2009, KBC Mortgage Bank transferred its business to KBC Bank Ireland plc, amalgamating the businesses formerly conducted by IIB Bank plc and IIB Homeloans Limited/KBC Mortgage Bank. KBC introduced tracker mortgages to its range of products in 2003, ultimately withdrawing them from the market on 4 July 2008, as KBC viewed them as no longer profitable. In September 2015, the Central Bank notified lenders that it was developing the Framework for the TME, which was to be grounded on consumer legislation, including both the 2006 Code and the 2012 Code. In December 2015, the TME was established. Lenders were required to determine whether or not in all circumstances it had complied with its consumer protection regulatory obligations. The TME was designed to ensure that lenders met their consumer protection obligations by requiring lenders to: 1. Conduct a complete review of their tracker mortgage loan book to identify customers who may not have been treated fairly. 2. Take steps - pending the determination of impact under the TME - to (i) stop charging the incorrect rate of interest at the earliest possible time, (ii) halt all legal activity and (iii) ensure that customers did not lose ownership of their properties. The objective of this requirement was for lenders to take early steps to Stop the Harm, thus shielding potentially impacted customers from further harm and detriment. 3. Return impacted customers to the position they would have been in but for the tracker mortgage failings, which included, rate rectification or the option to return to a tracker rate. Furthermore, lenders were required to pay compensation commensurate to the harm caused to each customer given their specific circumstances. In early 2016, as part of its early engagement on the TME, the Central Bank notified KBC that it should consider whether the documentation provided to customers entering into an interest only or a fixed rate period may have led to an expectation that they could return to a tracker rate on expiry. When KBC failed to include those customers in the TME in September 2016, the Central Bank continued to challenge KBC’s assessment of whether particular groups of customers were impacted under the TME and therefore entitled to redress and compensation and have their account balance adjusted. KBC persistently refused to accept its tracker mortgage failings until December 2017, further evidencing KBC’s failure to put its customers first. KBC’s failings uncovered as part of the TME led to the commencement of the Central Bank’s enforcement investigation. Regulatory breaches KBC has admitted 12 regulatory breaches of the 1995 Regulations, the 2006 Code and the 2012 Code, which were identified during the Central Bank’s investigation. These breaches occurred as a result of the following:
Further detail of these failings is set out below. 1. A proactive strategy to convert customers off their tracker rate In 2008, KBC devised a strategy to permanently convert customers from their low-cost tracker rates, with the result that they were required to make higher monthly mortgage repayments over the remaining term of their mortgages and in turn increased the profit margin KBC made on the mortgage. At a time when KBC knew trackers were unprofitable, KBC implemented this strategy of seeking to permanently convert customers from their tracker rates through two separate direct mailings to customers in August and September 2008 (the “direct mailings”). KBC’s strategy was to convert its customers from their tracker rates to fixed rates, immediately increasing their margin, while ensuring that those mortgages would revert to standard variable rates and not a tracker on the expiry of the fixed rate period. Once this occurred, KBC could control the interest rate being charged. KBC failed to adequately warn those customers that they would not return to their tracker at the expiry of the fixed rate period. Following intervention by the Financial Regulator in 2008, KBC agreed to give the option to direct mailings customers who had switched from a tracker rate to a fixed to return to their tracker rates. Furthermore, during the course of 2008 and early 2009, KBC took the opportunity to move certain customers, some of whom were in arrears, from their pre-existing tracker rate when the customer requested to enter into or extended an existing interest only period. For example, in some circumstances, KBC required customers to switch to a standard variable rate to avail of the break in capital payments arising from the interest only arrangement, whereas in other instances, customers were required as a condition of approval for the interest only period to first enter into a fixed rate period that would not revert to their tracker on its expiry. In doing so, KBC failed to adequately warn those customers that they would not return to their tracker on the expiry of the interest only period. The resulting loss of the tracker rate invalidated the benefit to customers of availing of a temporary repayment break with the customers then making higher monthly mortgage repayments over the remaining term of their mortgages and increasing the profit margin KBC made on the mortgage. This practice continued into early 2009 in respect of certain interest only customers. Due to the fact that KBC provided incorrect information to the Financial Regulator in 2009 when challenged on this matter and failed to properly engage with the TME, the position of interest only customers was not fully rectified until late 2017, as explained in more detail below. This failure to rectify was despite the fact that KBC reviewed the position of some of their interest only customers’ accounts and customer documentation in 2011 as part of an internal review. KBC failed to adequately consider the impact of the strategy on their customers and their obligations under the 2006 Code. KBC has admitted that this strategy did not meet its obligation to act honestly, fairly and professionally in the best interests of its customers. The Central Bank also found that KBC failed to have and/or effectively employ necessary and/or adequate resources, procedures, and systems and control checks in place to ensure that it adequately considered its consumer protection focused obligations when taking strategic and financial decisions in relation to its tracker book. KBC has admitted breaches of the 2006 Code in respect of this behaviour, as follows:
2. Failure to adequately warn certain customers entering into interest only or fixed rate periods that they would be unable to return to their tracker rates The Central Bank found that KBC failed to comply with the requirements of the 2006 Code, the 2012 Code and the 1995 Regulations with regard to its obligation to ensure that documentation provided to customers at key points was clear and comprehensible and that key information was brought to their attention. These failures manifested in three distinct scenarios: Interest Only Customers Certain customers who sought forbearance on their mortgages through an interest only arrangement were impacted over the period from 19 June 2008 to 3 October 2018, many of whom were in financial distress and thus particularly vulnerable. The Central Bank found that contractual documentation that issued to certain interest only customers did not specifically refer to the rate that those customers would default to on maturity of the interest only period and thus it was not clear that those customers would lose their tracker rate for the remaining term of their mortgage. Certain customers lost their low cost tracker rates for the remaining term of their mortgage when they took up an interest only facility. Customers entering into a fixed rate using a Fixed Rate Instruction Form (“FRIF”) Certain customers were impacted when they sought to enter into a fixed rate period on their mortgage and completed a FRIF. Certain FRIF documents, when read in conjunction with other loan documentation, were unclear as to the rate to which the mortgage would default to at the end of the fixed rate period. These customers were therefore not clearly informed that they would not be able to return to their pre-existing tracker rate as a consequence of entering into the fixed rate period. Customers entering into a fixed rate after trackers were withdrawn Certain tracker mortgage customers who sought to enter into a fixed rate period after KBC had withdrawn tracker mortgages as a product offering were impacted. KBC failed to inform these customers in advance of fixing that they would no longer be able to avail of their tracker rate at the end of the fixed rate period, as trackers had been withdrawn from KBC’s product offering. KBC has admitted breaches in relation to its failures to warn customers as follows:
Certain of these breaches continued until the end of 2018, when KBC corrected the interest rates, paid redress and compensation and adjusted their account balances as part of the TME. 3) KBC’s failure to adequately comply with the Central Bank’s Framework for the TME The Central Bank’s Framework for the TME required lenders to conduct the TME and determine whether or not in all circumstances they had complied with their consumer protection obligations arising from a number of pieces of consumer legislation including the 2006 and 2012 Codes. The Framework also specified the manner in which lenders were required to conduct the TME, as follows: “When completing the Examination and when assessing compliance with regulatory requirements, the lender is to demonstrate that it is ensuring that customers’ interests are protected, that customers are being treated fairly and that it has considered customers’ reasonable expectations with regard to their entitlement to a Tracker Interest Rate, in the context of the information provided and the disclosures made by the lender to customers.” The Central Bank found that KBC’s approach to the TME evidenced a failure to comply with the consumer protection principles at the heart of the TME requirements that the Central Bank put in place in order to protect customers. KBC did not give adequate consideration to its regulatory obligations, to customer fairness or to the transparency of communications with customers, as required. Instead, KBC’s decision-making during the TME resulted in the identification of only a fraction of the customers rightly entitled to redress and compensation and have their account balance adjusted. In this regard, KBC did not deem interest only customers or customers who had received the FRIF as being impacted. KBC initially concluded that interest only customers had no entitlement to inclusion and that the Fixed Rate Instruction Form was clear. KBC took this position despite the Central Bank having raised concerns regarding both interest only and fixed rate customers at the outset of the TME. KBC ultimately conceded that these customers should be included in the TME in late 2017, following prolonged and consistent challenge from the Central Bank on these and other matters. From the commencement of the TME in 22 December 2015 to April 2019, KBC failed to:
each of which is contrary to the TME Framework which was designed to ensure the protection of impacted customers. KBC’s failure to adhere to the guidelines set out within the TME Framework resulted in the continued overcharging of certain customers’ accounts until KBC customers were put on the correct interest rates and paid redress and compensation and had their account balance adjusted. KBC has admitted breaches in respect of its failure to protect customers and apply the Central Bank’s Framework for the TME, as follows:
These breaches continued until KBC customers were put on the correct interest rates, paid redress and compensation and had their account balance adjusted. 4) Failure to adequately comply with the Stop the Harm Principles of the TME In June 2015, the Central Bank issued a letter to industry which set out the Central Bank’s regulatory expectations in respect of mortgage lenders, including those in respect of customers in financial difficulty. These regulatory expectations were grounded upon the 2006 and 2012 Codes. The purpose of this letter was to set out the outcomes and feedback from a themed inspection of mortgage lenders in respect of compliance with the Code of Conduct on Mortgage Arrears. The letter set out the regulatory expectations on mortgage lenders in respect of “Customer Impacting Issues for Borrowers in Financial Difficulty”. These regulatory expectations were the Stop the Harm Principles, which lenders were required to comply with to stop further detriment to potentially impacted customers. The Central Bank subsequently reiterated the Stop the Harm Principles specifically with regard to accounts within the scope of the TME, again grounded upon the 2006 Code and the 2012 Code. The core objective of the Central Bank’s work in the TME was to require lenders to seek to address the impact their actions had on impacted customers. To help achieve this aim, the Principles of Redress, including the ‘Stop the Harm’ Principles, required lenders to put in place, amongst other things, controls and measures to ensure that potentially impacted or impacted customers did not suffer any further detriment. These measures were designed to ring-fence and protect customers until such time as the lender could either satisfy themselves that the relevant customers were not affected or until such time as the lender had paid them redress and compensation and had their account balance adjusted. The ‘Stop the Harm’ Principles were designed to ensure that lenders ceased charging the incorrect rate at the earliest possible time, that lenders did not take steps in the legal process in relation to potentially impacted and impacted customers and that potentially impacted and impacted customers did not lose ownership of their properties. The Central Bank found that between December 2015 and September 2016, KBC failed to adequately implement the Central Bank’s Stop the Harm Principles with the procedures adopted failing to prevent further detriment from occurring to customers. KBC’s ‘Stop the Harm’ policy allowed it to take steps in the legal process, up to and including obtaining orders for possession in the Courts and appointing receivers over properties. This included instances whereby KBC authorised the progression of legal activities before they had made a final determination on the cohorts of customers that it considered ‘impacted’ under the TME. In September 2016, KBC incorrectly deemed customers who lost their tracker rates on taking up interest only arrangements as ‘not-impacted’ under the TME. Consequently, KBC removed the Stop the Harm protections for these customers. As of result of this action, 11 properties were unnecessarily lost by these customers. Finally, during the course of the TME, KBC failed to inform many customers seeking to sell, or otherwise dispose of their properties, including by way of assisted voluntary sale or surrender, that they may be impacted under the TME and may be entitled to redress and compensation and to have their account balance adjusted. Therefore, in some instances, the customer’s decision to dispose of their property was not fully informed. These failures resulted in additional and avoidable harm to certain customers and in some cases legal proceedings were progressed, up to and including loss of ownership. KBC has admitted breaches in respect of its failure to apply the Stop the Harm Principles, as follows
5) Provided incorrect information to the Financial Regulator Following media reports in 2009, which referenced that KBC were allegedly exploiting interest only customers by requiring them to move to a standard variable rate as a condition of taking up an interest only facility, the Financial Regulator sought clarification regarding the manner in which KBC treated those customers. KBC confirmed to the Financial Regulator that it did not remove tracker interest rates from both arrears and non-arrears customers who entered into interest only arrangements for the remaining term of their mortgages. This was not in fact the case as certain arrears and non-arrears customers had lost their tracker rates at the time. This investigation found that, through KBC’s failures to undertake proper due diligence and care in the gathering of information, KBC provided incorrect information thus misleading the Financial Regulator in 2009 in respect of the treatment of KBC’s interest only customers. This had far-reaching consequences for these customers. Having assured the Financial Regulator that these customers returned to their tracker rates on the expiry of the interest only facility, no further regulatory action was taken at that time. Consequently, customers who sought forbearance on their mortgage repayments continued to be charged higher rates of interest for the remaining term of their mortgages. The provision of this incorrect information to the Financial Regulator facilitated the persistent and ongoing breaches of the Consumer Protection Codes by KBC in relation to these customers until this issue was later identified and ultimately rectified under the TME. The Central Bank examined KBC’s treatment of interest only customers again in the context of the TME. At that point, the Central Bank became aware that KBC had provided incorrect information to the Financial Regulator in 2009. KBC ultimately conceded that interest only customers were impacted for the purpose of the TME in October 2017. This came only after robust challenge from the Central Bank regarding KBC’s initial decision in September 2016 to exclude these customers from the TME. Interest only customers finally received redress and compensation and had their account balance adjusted in late 2017, approximately 8 years following the incorrect information that had been provided by KBC to the Financial Regulator on the same issue. KBC has admitted breaches in relation to providing inaccurate information to the Financial Regulator, as follows:
6) Operational and systems failings During the course of KBC’s review of its tracker mortgage book and also within the TME, KBC identified a number of operational and systems failings which affected customers and resulted in, amongst other things, customers being placed on the incorrect interest rate; placed on the incorrect product type; provided with incomplete, inaccurate and unclear documentation; offered the incorrect tracker rate or not receiving appropriate information in relation to their entitlement or loss of entitlement to a tracker rate. In addition, due to operational and systems failings, KBC failed to comply with an undertaking given to the Central Bank in 2009 to return all of the direct mailing customers to their previous tracker rates. The investigation found that KBC had inadequate operational and systems controls in place to enable them to meet their regulatory obligations to certain tracker mortgage customers. Procedural and systems weaknesses, deficient processes, administrative errors including the failure to implement amendments to customer accounts in a timely manner, operational errors, reliance on standard documentation not tailored to the particular customers’ circumstances and reliance on manual interventions were all factors which contributed to KBC’s failings which occurred over an extended period of time. KBC has admitted breaches in relation to these operational and systems failings, as follows
Impacted numbers In summary, our investigation found that a total of 3,741 customer accounts were impacted as a result of KBC’s numerous failures over an extended period of time, with some customers being affected by more than one of the above issues. Penalty Decision Factors In deciding the appropriate penalty to impose, the Central Bank considered the ASP Sanctions Guidance issued in November 2019. The following particular factors are highlighted in this case: The Nature, Seriousness and Impact of the Contraventions
Aggravating factors
This enforcement action against the Firm is now concluded. This marks the completion of the second in a series of ongoing investigations which were commenced, and will therefore conclude, at different times. Notes to Editors 1. The Central Bank imposed a fine of €18,314,000 on KBC, which represents the maximum applicable penalty of €26,162,857 with a settlement discount of 30%. This fine is at the highest end of its sanctioning powers. The Central Bank’s ‘Outline of the Administrative Sanctions Procedure’ provides for an early settlement discount of up to 30% in order to promote early resolution of matters, which in turn leads to better utilisation of the resources of the Central Bank. For further information on the discount scheme, see the Central Bank’s ‘Outline of the Administrative Sanctions Procedure’, which is here. In October 2016, the Central Bank fined KBC €1,400,000 and reprimanded it for breaches of the Code of Practice on Lending to Related Parties 2010 and the Code of Practice on Lending to Related Parties 2013. Details of the Enforcement Action can be found here. 2. The Central Bank’s sanctioning powers were increased in 2013, pursuant to Section 68(b) of the Central Bank (Supervision and Enforcement) Act 2013. The maximum penalty which the Central Bank may now impose is €10,000,000, or an amount equal to 10% of the annual turnover of a regulated financial service provider, whichever is the greater. 3. This is the Central Bank’s 139th settlement since 2006 under its Administrative Sanctions Procedure, bringing total fines imposed by the Central Bank to over €123m, which total includes the fine imposed against Springboard Mortgages in 2016 and Permanent TSB plc in 2019 in respect of breaches of its obligations to tracker mortgage customers. This settlement also marks the 32nd outcome in respect of Consumer Protection Code breaches. 4. Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts. The penalties are not included in general Central Bank revenue. 5. The Consumer Protection Codes 2006 and 2012 are available on the Central Bank’s website www.centralbank.ie or to download here and here. The 2006 Code ceased to have effect on 31 December 2011 and the 2012 Code came into effect on 1 January 2012. 6. The Tracker Mortgage Examination commenced in December 2015. The Examination required all lenders to review their loan book to ensure compliance with both regulatory and contractual requirements in relation to tracker mortgages. Where impacted customer accounts are identified, the Central Bank expects that those customers will receive redress and compensation commensurate with the detriment suffered and to have their account balance adjusted accordingly. Information on the Examination is available on the Central Bank’s website www.centralbank.ie or to download here. Further information: Media Relations: media@centralbank.ie / 01 224 6299 Ewan Kelly: ewan.kelly@centralbank.ie / 086 463 9652 [1] The Central Bank’s ‘Outline of the Administrative Sanctions Procedure’ provides for an early settlement discount of up to 30% in order to promote early resolution of matters, which in turn leads to better utilisation of the resources of the Central Bank. [2] All fines collected by the Central Bank are returned to the Exchequer. [3] The Financial Regulator was re-unified with the Central Bank on 1 October 2010.
Back to Blog
Access White Paper Here
In the not too distant past, senior management within financial institutions may have regarded failure to comply with anti-money laundering (AML) requirements as low impact. The 2007/8 financial crisis as well as subsequent scandals in financial services have shown the error of this approach. When it comes to AML, the current COVID-19 crisis may pose an evolving and unpredictable threat. To avoid a repetition of the previous mistakes, financial institutions must now put into practice lessons learned from the past; the most urgent one in my book, is that institutions should be adopting a culture of compliance with a ‘live and breathe’ approach to regulatory requirements. In a recent article in the Economist, Jürgen Stock, secretary-general of Interpol, was quoted as saying that COVID-19 may create the ideal conditions for the spread of serious, organised crime. Moreover, Mr. Stock believes that the immanent global economic depression will offer these criminals a chance to extend their reach deep into the legitimate economy. As COVID-19 motivates criminals to evolve their operations, those responsible for stanching the flow of ill-gotten gains into the legitimate economy must stay one step ahead; and this includes financial institutions with their AML obligations. I recently published a white paper on the lessons to be learned from the last financial crisis. For those interested in how a culture of compliance can address complex misconduct relating to AML, this paper is well worth a read. Through reviewing a number of high-profile case studies, I come to the conclusion that at the heart of many AML failures is an institutional culture that treats AML training and procedures as merely means to meet regulatory requirements. The case studies show that these banks failed to ‘live and breathe’ regulatory requirements and that the institutional culture prioritised compliance as merely a tick the box exercise, thereby failing to communicate to employees the priority of compliance and the flexibility of decision making and behaviour that may be necessary to fulfil their AML requirements. Culture is a complex issue. For those interested in how RegTech can enable an examination of institutional culture, through diagnostic tools, the white paper is a must read. In the paper, I explore how The Mizen Group, a RegTech firm based in New York, has developed a suite of tools to help boards and their compliance officers assess the extent to which their institution demonstrates the characteristics of an organisation with a strong compliance culture. The financial crime threats posed by COVID-19 mean that now is the time to commit to a culture of compliance from the ground up. Launderers and criminals are capitalising on the chaos created in the wake of the pandemic and are seeking ways to out-manoeuvre the financial institutions who are generally playing catchup. In response, board of directors and executive management need to be proactive and flexible in their thinking and develop a ‘live and breathe compliance’ mentality. This will only occur in a healthy compliance culture, wherein employees are empowered to internalise the importance of complying for the right reasons. The first step towards the goal of a healthy compliance culture might be employing tools like Mizen’s innovative culture diagnostics to assess their institutions’ cultural strengths and weaknesses. Feel free to contact the RegTech experts at The Mizen Group for further information. Access White Paper Here This blog also appears at Peter Oakes' blog
Back to Blog
Not long after the European Union’s top court ordered Ireland on 16 July 2020 to pay a lump sum of €2 million to the European Commission for Ireland's failure to implement regulations aimed to prevent money laundering and terrorist financing, a new law aimed at strengthening existing Irish anti-money laundering legislation and giving effect to provisions of the 5th EU Money Laundering Directive has been approved by the Cabinet of the Irish Government.
On Monday 10th August 2020, the Cabinet has approved the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020. This follows the signing into law by the President of Ireland on 5th May 2020 of the earlier Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Act 6 of 2010) [previously known as the Criminal Justice (Money Laundering and Terrorist Financing) Bill 2009 (Bill 55 of 2009)]. If you need advice on the new Bill or your existing regulatory compliance obligations, get i touch with Peter Oakes here at at CompliReg. Useful Links:
The Minister for Justice and Equality, Helen McEntee T.D., has received Cabinet approval for the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020. The Bill transposes the criminal justice elements of the 5th EU Money Laundering Directive and strengthens existing legislation. Upon announcing the new Bill, the Minister McEntee said, "I look forward to bringing this legislation before my colleagues in both Houses, and anticipate that this Bill will receive broad, cross-party support." What does the Bill contain? The Bill includes provisions to:
The Minister also noted that: "This Bill is an important piece of legislation for tackling money-laundering. The reality is that money laundering is a crime that helps serious criminals and terrorists to function, destroying lives in the process. Criminals seek to exploit the EU’s open borders, and EU-wide measures are vital for that reason. This new legislation also includes a number of technical amendments to other provisions of Acts already in force." While the Bill transposes certain elements of the 5th Anti-Money Laundering Directive, the Department of Finance is also engaged in giving effect to certain provisions of the Directive, including those relating to:
The Minister for Finance (Paschal Donohue, T.D.) has also secured Government Approval to bring forward amendments in respect of the regulation of Virtual Asset Service Providers (VASPs). The amendments will ensure that the necessary registration and fitness and probity regime, required by 5AMLD for virtual asset service providers, become statutory requirements. Amendments will also address Ireland’s international obligations, relating to a robust regulatory framework for new technologies, new products and new practices, as identified by the Financial Action Task Force (FATF).
Back to Blog
Irish Bank, Bank of Ireland, fined €1,660,000 over cyber-fraud and misleading the Irish Regulator28/7/2020 Enforcement Action Notice: The Governor and Company of the Bank of Ireland fined €1,660,000 and reprimanded by the Central Bank of Ireland for regulatory breaches causing loss to a client and for misleading the Central Bank in the Central Bank in the course of the investigationSummary:Here's a blueprint for inviting an enforcement action for cyber-fraud & misleading your regulator arising from Bank of Ireland's fine €1,660,000 announced today. [Linkedin Post Here] What did Bank of Ireland do wrong?: 1) failed to implement sound administrative procedures & internal control mechanisms in respect of third party payments. 2) failed to introduce adequate organisational arrangements around third party payments to minimise the risk of loss of client assets as a result of fraud. 3) failed to establish, implement & maintain systems & procedures adequate to safeguard the security, integrity & confidentiality of client bank account details. 4) failed to establish, implement & maintain adequate internal control mechanisms designed to secure compliance with its reporting obligations pursuant to Sec. 19 of the Criminal Justice Act 2011. 5) failed to monitor adequacy & effectiveness of the measures & procedures put in place & the actions taken to address any deficiencies in respect of third party payments. 6) failed to be open & transparent, having the effect of misleading the Central Bank in the course of the investigation. Facts of Matter according to Central Bank of Ireland:On 27 July 2020, the Central Bank of Ireland (the Central Bank) reprimanded and fined The Governor and Company of the Bank of Ireland (BOI) for five breaches of the European Communities (Markets in Financial Instruments) Regulations 2007 (the MiFID Regulations) committed by its former subsidiary, Bank of Ireland Private Banking Limited (BOIPB). BOI has admitted the breaches, which vary in length from one to ten years.
In line with its published Sanctions Guidance, the Central Bank has determined the appropriate fine to be €2,370,000, which has been reduced by 30% in accordance with the settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure. The Central Bank’s investigation arose from a cyber-fraud incident that occurred in September 2014 (the Incident). Acting on instructions from a fraudster impersonating a client, BOIPB made two payments to a third party account totalling €106,430: one from a client’s personal current account, the other from BOIPB’s own funds. BOIPB immediately reimbursed the client. During a Full Risk Assessment of BOIPB in 2015, the Central Bank discovered a reference to the Incident in an operational incident log. BOIPB had not reported the cyber-fraud to An Garda Síochána, and only did so at the request of the Central Bank over one year after the Incident. The Central Bank’s investigation found serious deficiencies in respect of third party payments, including:
BOIPB’s failure to be open and transparent had the effect of misleading the Central Bank in the course of the investigation. BOIPB failed for a period of 19 months to disclose to the Central Bank an internal report, commissioned following the Incident, which identified ongoing systemic control failings in the processing of third party payments. During that same period, BOIPB strenuously denied the existence of any such failings to the Central Bank in response to the investigation. BOIPB’s conduct materially added to the time it took to investigate this case. This is one of two aggravating factors in this case; the other being the excessive amount of time it took BOIPB to fully remediate the relevant deficiencies. Remediation in relation to third party payment processes took place in February 2016, 17 months after the Incident, and then only following the Central Bank’s intervention. In August 2016, the Central Bank determined that a Risk Mitigation Programme (RMP) relating to third party payment processes was completed. The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, said: “The Central Bank has a clear expectation that firms are alert to the real and increasing risks from cyber-fraud to the security of their clients’ deposits and confidentiality of their clients’ financial information, and put in place appropriate safeguards to protect their clients accordingly. This is the second time the Central Bank has imposed a sanction on a firm where a client has suffered a loss from cyber-fraud as a direct result of the firm’s regulatory failings. BOIPB’s failure to put appropriate safeguards in place exposed BOIPB and its clients to the serious and avoidable risk of cyber-fraud. That risk crystallised twice. BOIPB then failed to report the cyber-fraud to An Garda Síochána, which is a serious matter. Reporting illegal activity is essential in the fight against financial crime. This case should serve to highlight to all firms the importance of ongoing vigilance in the area of cyber security. The Central Bank expects all firms to consider, identify and manage operational and cyber risks and ensure that their staff receive appropriate training tailored to the risks associated with their duties and responsibilities. The Central Bank expects pro-active engagement from regulated entities – that extends from self-reporting through remediation and full cooperation with the investigation. The excessive time taken by BOIPB to remediate identified deficiencies and the failure to be fully transparent and open in the context of the Central Bank’s investigation were aggravating features in this case.” BACKGROUND Founded in 1989, BOIPB was first authorised as a “section 10 investment business firm” under the Investment Intermediaries Act, 1995 (the 1995 Act) on 26 May 2000. This authorisation was subsequently transferred to an authorisation under the MiFID Regulations on 1 November 2007. At the time of the cyber-fraud, BOIPB was an independently regulated MiFID firm and its primary activity was to provide investment services to high net worth individuals who had investable assets in excess of €1,000,000. In addition, BOIPB provided a full range of banking services to its clients (lending, deposit taking and day-to-day current account banking) as a deposit agent of BOI. Since 1 September 2017, BOIPB is no longer a MiFID firm and is now a business unit within the Retail Division of BOI. The unit retains the name Bank of Ireland Private Banking as a trading name of the Governor and Company of the Bank of Ireland. Its services are authorised by the Central Bank of Ireland under the licence of BOI, a regulated financial service provider for the purposes of the Central Bank Act 1942. BOIPB’s audited financial statements for the year ended 31 December 2016, the last year it existed as a separate entity, reported operating income of €19,867,000. THE CYBER-FRAUD Third party payment instructions were processed by BOIPB with particular reference to a procedure called the Third Party Payments Procedure (the TPPP), which outlined steps to be followed to verify a client’s identity before processing a third party payment instruction. BOIPB processed two separate payment instructions received in September 2014, purportedly from a client (the Client), which in fact were sent by a cyber-fraudster (the Fraudster) who had hacked the Client’s e-mail account. This led to two transfers totalling €106,430 to be transmitted to a corporate bank account at a UK bank. The first transfer was drawn from the Client’s current account, and the second transfer was drawn, at the instigation and authorisation of BOIPB, from BOIPB’s suspense account because the payment from the Client’s deposit account was rejected due to insufficient funds. The Client made contact with BOIPB and notified it of the fraud on 30 September 2014, on receipt of an e-mail from BOIPB indicating recent communications (which were unfamiliar to the Client). The Client was immediately reimbursed by BOIPB. To facilitate the instructions received from the Fraudster, BOIPB staff, in breach of BOIPB’s policies and procedures:
The Fraudster used the following tactics:
PRESCRIBED CONTRAVENTIONS The Central Bank investigation identified the following contraventions: Contravention 1 BOIPB breached Regulation 33(1)(f)(i) of the MiFID Regulations between 1 November 2007 and August 2016 by failing to implement sound administrative procedures and internal control mechanisms in respect of third party payments. The Central Bank’s investigation found that the TPPP was wholly inadequate for the purposes of safeguarding client deposits when processing third party payments. In particular, key procedural, security and authorisation steps were not outlined in the document. Staff did not receive adequate training on the processing of third party payments to ensure they were fully aware of how to safely process these payments. Contravention 2 BOIPB breached Regulation 160(2)(f) of the MiFID Regulations between 1 November 2007 and August 2016 by failing to introduce adequate organisational arrangements around third party payments to minimise the risk of loss of client assets as a result of fraud. The serious weaknesses in the process around third party payments, which had existed for some time, should have been known to management through proper governance, oversight and monitoring. There was no monitoring of third party payments by the first or second lines of defence. Furthermore, the recommendations of the first internal report commissioned by BOIPB in relation to this matter, dated December 2014, were not acted on. Similar weaknesses were identified in a second internal report in January 2016. Remediation of the issues identified in both reports did not take place until February 2016. Contravention 3 BOIPB breached Regulation 34(3)(a) of the MiFID Regulations between 1 November 2007 and 2 January 2018 by failing to establish, implement and maintain systems and procedures adequate to safeguard the security, integrity and confidentiality of client bank account details. The investigation found that for the purposes of customer service, BOIPB staff frequently engaged with private clients through e-mail. E-mail communication, because it is more vulnerable to infiltration by fraudsters than other forms of communication, needs to incorporate additional checks before being acted upon. By failing to identify and provide for this, BOIPB failed to safeguard the security, integrity and confidentiality of information relating to client bank accounts. Contravention 4 BOIPB breached Regulation 34(1)(c) of the MiFID Regulations between 30 September 2014 and 16 December 2015 by failing to establish, implement and maintain adequate internal control mechanisms designed to secure compliance with its reporting obligations pursuant to Section 19 of the Criminal Justice Act 2011. BOIPB reported the Incident to its Group Financial Crime Unit (GFCU) on 1 October 2014. GFCU, on behalf of BOIPB, did not report the Incident to An Garda Síochána until December 2015, on the instigation of the Central Bank. Contravention 5 BOIPB breached Regulation 35(2)(c) of the MiFID Regulations by failing to comply with Regulation 34(4) between November 2013 and December 2016 because, for that period, BOIPB’s Compliance function failed to monitor, and on a regular basis to assess the adequacy and effectiveness of the measures and procedures put in place and the actions taken to address any deficiencies in respect of third party payments. The TPPP included a requirement that ad-hoc monitoring of third party payments be carried out by the Compliance function. The investigation found that throughout the period November 2013 to May 2016, no ad-hoc monitoring of third party payments was in fact carried out. This failure persisted despite two internal reports highlighting the absence of monitoring and the systemic non-adherence to the TPPP. BOIPB’S RESPONSE TO THE CYBER-FRAUD AND REMEDIATION The Central Bank expects firms to promptly remediate known deficiencies in their procedures and internal control mechanisms. BOIPB failed to do so. Following the Incident, BOI Group Internal Audit function (GIA) investigated how it had occurred. GIA produced their findings in a report in December 2014, which pointed to systemic failings in the processing of third party payments. GIA strongly recommended that BOIPB carry out sampling to verify the authenticity of other “high-value interpays”. BOIPB failed to do this. GIA further recommended, that, at a minimum, the procedure in place relating to third party payments should be enhanced to clarify roles and responsibilities for authenticating and approving third party payments. Again, BOIPB failed to do this. The procedure remained unchanged until February 2016. In March 2015, BOIPB commissioned a further internal review, this time by BOI Retail Business Assurance (RBA) centred on BOIPB’s procedures for processing third party payments. Separately, following the Full Risk Assessment (the FRA) conducted in 2015, the Central Bank informed BOIPB that improvements in relation to third party payment processes would be part of the subsequent RMP arising from the FRA as the process in place was “not robust enough”. The RMP was issued in February 2016, which set out the Central Bank’s expectations in relation to the actions needed to improve the third party payment process. RBA issued its findings in draft to BOIPB in January 2016 (the RBA Report). Following an assessment of a sample of third party payment records, RBA concluded that the same issues identified in December 2014 persisted, namely that client identification questions were not consistently being asked of clients as well as other deficiencies in the third party payment process. BOIPB updated and revised the TPPP in February 2016. The RBA Report was signed-off in June 2016. In August 2016, the Central Bank determined that the full RMP was completed. BOIPB’S COOPERATION WITH THE CENTRAL BANK The Central Bank expects regulated entities to cooperate in an open manner at all times and to respond to requests promptly, effectively and accurately. When the Central Bank’s investigation commenced in February 2016, BOIPB possessed the RBA Report which contained highly critical findings in relation to the processing of third party payments. As such, it was highly probative to the Central Bank’s investigation. The Central Bank issued a request for records in February 2016. BOIPB should have provided a copy of the RBA Report when it responded to this request in April 2016. BOIPB failed to do so, instead it included one vague narrative reference to a risk assessment of banking activities (making no reference to a “report” or the fact that it related to third party payments specifically) within a document accompanying the records it supplied in response to the Central Bank’s request. BOIPB disclosed the RBA Report to the Central Bank 19 months after the commencement of its investigation in response to a Central Bank statutory request explicitly requiring production of the record BOIPB had described as a “risk assessment”. It was only when the document was disclosed and reviewed that its true nature and content became apparent to the Central Bank. The Central Bank conducted lengthy enquiries as to the circumstances around BOIPB’s failure to promptly disclose the RBA Report and the following arose:
SANCTIONING FACTORS In deciding the appropriate penalty to impose, the Central Bank considered the ASP Sanctions Guidance issued in November 2019. The following particular factors are highlighted in this case. The Nature, Seriousness and Impact of the Contravention
The Conduct of the Regulated Entity after the Contravention Aggravating
Other Considerations
The Central Bank confirms that the investigation is now closed. NOTES
Further information: Media Relations: media@centralbank.ie / 01 224 6299 Ewan Kelly: ewan.kelly@centralbank.ie / 086 463 9652
Back to Blog
5 point list of root causes of non-financial risk issuesDownload Westpac's Report released 17 July 2020 - Reassessment of the Culture, Governance and Accountability Remediation Plan Linkedin Post at https://www.linkedin.com/posts/peteroakes_riskculture-riskmanagement-regtech-activity-6689803983407628288-ynbv Here's a good 5 point list of root causes of non-financial risk issues at large systemically important banks & institutions (anywhere in the world). In this case Westpac, arising from a report ordered by the Australian prudential regulator. Applicable to non banks and non systemically important institutions:
With Westpac's CEO responsible for its new initiative "customer outcomes and risk excellence" or CORE, #regtech will need to feature heavily in execution, tracking & learnings. Professor Elizabeth Sheedy, a #riskculture expert saying that the latest report shows too often risk is seen as a handbrake by banks rather than an enabler for long-term success. Westpac "admitted the "culture, governance and accountability program", set up in January 2019 to implement the reforms, "has not delivered sufficient momentum", with many in the bank still do not "fully appreciate the cumulative impact of the issues". Paul McCarthy Westpac culture still 'immature and reactive' 17 July 2020Copyright with Australian Financial Review and James Eyers
Westpac Banking Corp has been forced to launch a new program to attempt to fix its broad risk-management failings, after a reassessment of its culture demanded by Australian Prudential Regulation Authority identified ongoing concerns, including that its non-financial risk culture is still "immature and reactive". The new report identifies a lack of urgency and clarity in Westpac's response to problems it identified in a 2018 self-assessment of governance, which were exacerbated when AUSTRAC dropped a bombshell case last November that triggered the departures of the bank's CEO and chairman. The Australian Prudential Regulation Authority insisted on the reassessment because it was concerned Westpac was not tackling the root causes of its failings when it read AUSTRAC's statement of claim. The latest investigation found Westpac is still "overly complex, which results in confusion around accountability and challenges in execution". The shortcomings identified in the report, which was sent to all of Westpac's 35,000 staff on Friday morning, found Westpac's organisational structure created complexity, and its 'three lines defence' model, which is supposed to prevent risks materialising, "is not well understood or embedded". The report highlights a "shortfall in sufficient non-financial risk-management capability" and says that even though Westpac has made various changes to respond to issues, "what is required is a program of deeper change". It criticised an ongoing blame game, stating a priority for its work on culture "will be to strengthen psychological safety" for staff after the reassessment found "in some situations leaders had reacted to incidents with a focus on who is to blame rather than what to learn". Many of the same failings were identified in the bank's self-assessment for APRA in 2018, after all banks were asked to audit themselves against the prudential regulator's expectations for fixing widespread cultural problems at Commonwealth Bank of Australia. The Hayne royal commission should also have emphasised the urgency of repairing culture to meet community expectations and restore trust. But Westpac recognised on Friday the changes it has been making to respond to the 45 recommendations set out in its 2018 self-assessment had been "incremental". It admitted the "culture, governance and accountability program", set up in January 2019 to implement the reforms, "has not delivered sufficient momentum". It said many in the bank still do not "fully appreciate the cumulative impact of the issues". “Our reassessment confirms that our management of non-financial risk is currently not at the standard we set for ourselves," said Westpac CEO, Peter King, releasing the 50-page report to the ASX. “It is clear we have more to do to address these shortcomings, including improving our risk management capability and risk culture which is not where we want it to be." APRA is continuing to investigate possible breaches of the Banking Act by Westpac, including the speed at which it has rectified issues identified by AUSTRAC. APRA has already imposed a $1 billion capital penalty on the bank to reflect its "heightened operational risk profile". At the CORE Westpac on Friday announced it would initiate a multi-year, multi-million dollar program, which it is calling "customer outcomes and risk excellence" (CORE). Mr King said he would be accountable for its delivery. The reassessment said Mr King, who replaced Brian Hartzer as CEO, and the Westpac board, now led by John McFarlane who took the reins from Lindsay Maxsted, need to take more responsibility and set a proper "direction and tone" about the importance of the measures. The report – which was conducted by Westpac management and a team from consultants Oliver Wyman together with assurance oversight by another consulting firm, Promontory – pointed to five ongoing "root causes" of Westpac's travails. These are: an organisational construct that creates complexity; an "immature and reactive" risk culture in non‑financial risk management; a 'three lines of defence model' that is not well understood or embedded among bank staff; the lack of sufficient non-financial risk management capability; and challenges in execution and staying the course. "Westpac does not underestimate both the magnitude of the changes that are required and the effort involved." Professor Elizabeth Sheedy, a risk culture expert from Macquarie University, said the latest report shows too often risk is seen as a handbrake by banks rather than an enabler for long-term success. "For me it all comes back to excessive focus on short-term profits which is driven by short-term cash bonuses," she said. "There is also a massive shortage of qualified and experienced risk and compliance executives across the industry. Institutions tend to want to keep budgets very tight when it comes to resourcing risk and compliance, which sends a message about organisational priorities." It is expected that Westpac will look to make additional cost savings in order to pay for additional investment that will be required to improve risk systems. The report was released after Mr McFarlane warned in an interview with the Financial Review on Friday that excessive financial regulation could make it more difficult for banks to lend and hamstring the economic recovery. Westpac has been negotiating with AUSTRAC over a potential settlement of the anti-money laundering case, with the financial crimes regulator due to file an amended statement of claim next month to incorporate broader allegations that the bank should have suspected another 270 customers were paedophiles. It is also waiting for a decision from the Australian Securities and Investments Commission on whether it will appeal the bank's responsible lending victory in the full Federal Court last month to the High Court. James Eyers writes on banking, fintech and technology. Based in our Sydney newsroom, James is a former Legal Affairs and Capital editor for the Financial Review Connect with James on Twitter. Email James at jeyers@afr.com.au Source: https://www.afr.com/companies/financial-services/westpac-culture-still-immature-and-reactive-20200717-p55cxa
Back to Blog
If you use all or any part of this blog, please ensure you cite and credit CompliReg and Peter Oakes in your re-use of this blog. Another electronic money institution (EMI) fined and sanctioned in Lithuania for anti-money laundering regulatory requirements and in this case also for an equity capital requirement failure. While the case is worth noting for both aspects, it is particularly so because across Europe, following the collapse of Wirecard, there will be continuing heightened awareness of both safeguarding and capitalisation of regulated EMIs and payment institutions (PIs). The case also makes known that the BoL is conducting targeted inspections of EMIs across a range of themes. In our previous blog, 2 June 2020, on the Lithuanian Central Bank (Bank of Lithuania / BoL) giving banks guidelines on opening accounts for electronic money institutions (EMIs) and payment institutions (PIs) Peter Oakes noted recent examples of fines against EMIs/PIs including failures to comply with requirements for: (i) anti-money laundering; (ii) safeguarding of customer funds; and (iii) segregation of customer funds and; execution of payment transactions. The Bank of Lithuania, which supervises 71 EMIs - which is the largest number of EMIs supervised by an EU financial regulator national competent authority* - has announced that it has taken regulatory action against Via Payments UAB for both: (1) violations of the requirements for prevention of money laundering and terrorist financing (sanctioned with a fine of €120,000 and publicity); and (2) failure to meet the equity capital requirement (sanctioned with publicity only). Via Payments UAB holds an electronic money institution licence, issued on 10 October 2017. As you will see from the graphic below, in addition to BoL supervising 71 EMIs we also learn that Q1 2020 income from EMI and payment services amounted to €17.3 million. Keep reading below for the background to the facts of the Via Payments UAB enforcement action. (1) Background to the money laundering law violations:
The regulatory actions were taken on foot of a "targeted inspection of the electronic money institution Via Payments UAB". During the course of the inspection, the Supervision Service of the BoL identified breaches of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing. In addition to a fine of €120,000, the BoL obligated Via Payments to remedy the deficiencies. BoL says that Via Payments has confirmed that all deficiencies have been remediated. With respect to the money laundering violations, the inspection revealed that:
BoL imposed a fine of €120,000 on Via Payments UAB. As part of its mitigation Via Payments informed the BoL’s Supervision Service that it had already taken measures to strengthen its AML compliance by increasing the number of specialists and improving technological solutions. (2) background to the equity capital requirement failure This regulatory failure came to the attention of the BoL through a separate analysis of the activities of EMIs. Here the Supervision Service of the BoL recorded that Via Payments violated legal acts because as at 31 March 2020 the company “failed to meet the equity capital requirement”. The BoL appears to have place a lot of reliance on the institution having “eliminated the indicated shortcomings without further delay, no interests of their clients have been violated” and therefore BoL “decided to impose a mild enforcement measure by making these infringements public”. * Note that notwithstanding that the UK is in a post-Brexit transition period, it left the European Union on 31 January 2020. Accordingly, Lithuania although it may have fewer EMIs than the UK, it records the largest number of EMIs in the European Union. Sources:
This blog written by Peter Oakes. Peter advises on Lithuanian EMI/PI issues and advised on the authorisation of one Lithuania's first special bank authorisations. If you require a licence to operate in Lithuania, Ireland, Cyprus, Malta or the UK, see our Authorisation Page. We have a great network of experts in each country too, from lawyers, to accountants to technical experts. And get in contact if you have a question about this blog.
Back to Blog
This post first appeared on Peter Oakes's Linkedin Page on 3 July 2020. Given the high level of interest in the post, we have published further information here about the details of the case.
One for the money laundering typologies. This is a useful example to demonstrate how a corrupt solicitor can launder money for clients. ow many times has the compliance department been told "Hey its OK, the client is being vouched for by his / it's lawyer. We don't need proof of source of funds or wealth". Well here's the story of the gangsters' 'go to' solicitor.
Read more at: 2 July 2020 - Solicitor jailed over money laundering links is now struck off 8 January 2019 - 'Go to' solicitor for dodgy property deals jailed for seven years 7 January 2019 - Corrupt lawyer, 39, linked to police killer Dale Cregan is jailed for seven years after he helped a buy-to-let landlord use dirty money to fraudulently build a £10.8m property empire - For advice and training on anti-money laundering and counter-terrorist financing contact Peter Oakes at CompliReg.
Back to Blog
CompliReg is proud to power the Official Fintech Ireland Map 2020. We are now powering the Regulated Fintech Ireland Map version 2 which showcases the regulated payment services directive and electronic money directive firms authorised by the Central Bank of Ireland. Joining this Map in 2020 are the first of two - hopefully many more to come - e-money firms, Squareup International Limited ("Square") and MoneyCorp. Ireland now has:
In addition to issuing emoney, Square is authorised to provide payment services number 3b (execution of payment transactions through a payment card or a similar device) and number 5 (issuing of payment instruments and/or acquiring of payment transactions). Although Moneycorp is yet to appear on the Central Bank of Ireland register, Moneycorp confirmed to us that it is also authorised to provide payment services 3b, 5 and in addition 3c (execution of credit transfers, including standing orders). Moneycorp has been fairly busy. In addition to its emoney authorisation, it also secured a MiFID authorisation. By the way, AFEX which was authorised as payments institution in 2019 also secured a MiFID licence. Expect to see more firms seek both an emoney/payments authorisation together with a MiFID one. Moneycorp’s Dublin office, which opened in 2013, has operated as a branch of its UK regulated entities, saying that as part of Moneycorp’s strategic response to Brexit and wider market developments, it has now secured its e-money and MiFID licences from the Central Bank of Ireland for a newly established Irish company. Bryan McSharry, chief executive of Moneycorp’s European business, said the licences ensured it could “continue to support our existing customer base, continue to grow our business in Ireland and expand our business across the EU in a post-Brexit environment”. They are: Payments Firms: AIB Merchant Services, Western Union, Fexco, CurrencyFair.com, TransferMate Global Payments, #Fire, CUSOP (Payments) Ltd, #PrimaFinance, Avantcard, Barclaycard, #Chasepaymentech, Google Pay, #smallworld, AFEX, BUREAU BUTTERCRANE LTD, Remitly, J.P. Morgan, Circit.io, Xpress Money, CRIF & Finclude (fka. Verge.Capital) Emoney Firms: EML, Facebook, Soldo, Optal, Paysafe Group, paysafecard.com, Prepaid Financial Services Limited (PFS), #foreigncurrencydirect, Stripe, Coinbase. One4all Group, Payoneer, Square and Moneycorp. Congratulations Moneycorp and Square and welcome to the thriving regulated Irish fintech ecosystem. If you are looking to get authorised in Ireland as an emoney or payments firm, see these Authorisation Guides. Read Moneycorp's press release below. Moneycorp secures its E-Money and MiFID licences in Ireland
New Irish entity, licenced by Central Bank of Ireland, to drive expansion across EU Moneycorp to build on €3 billion of transactions executed for Irish clients in 2019 Dublin, 1 July 2020 | Moneycorp Group, the global foreign exchange and payments business has been granted its Electronic Money Institution (E-Money) and MiFID licences by the Central Bank of Ireland (CBI), further bolstering its offering and expansion in the European Union (EU). Moneycorp is one of the world’s largest specialist foreign exchange companies, serving corporates and individuals across multiple channels since 1979. Headquartered in London, Moneycorp opened its Dublin office in 2013 to provide corporate clients with foreign exchange and payment services over its market leading on-line platform as well as directly from its Dublin dealing room. Since launch, the Dublin office has operated as a branch of the Group’s UK regulated entities, however, as part of Moneycorp’s strategic response to Brexit and wider market developments, it has now secured its E-money and MiFID licences from the CBI for a newly established Irish company; Moneycorp Technologies Limited (MTL). Bryan McSharry, CEO of Moneycorp’s European business, said: “We are delighted to have secured both E-money and MiFID licences from the Central Bank of Ireland. This ensures we can continue to support our existing customer base; continue to grow our business in Ireland; and expand our business across the EU in a post Brexit environment.” “Since launching in Dublin in 2013, we have built a strong corporate and individual customer base of Irish clients – based on our ability to provide best in class foreign exchange services across our market-leading technology platform. We completed €3 billion of transactions for Irish clients in 2019 and we will build on that in 2020 and beyond. Our CBI licences will enable us to continue to expand our business and headcount in Ireland and offer our market-leading service to a vastly increased customer base across the EU.” About Moneycorp Group Moneycorp Group is a global foreign exchange and payments business with offices in the UK, USA, Brazil, Hong Kong, Spain, Gibraltar, Romania, Australia, the UAE and Ireland. With a forty year record of outstanding customer service, today the Moneycorp group serves the growing foreign exchange and payments needs of global businesses, importers and exporters as well as personal clients. W: www.moneycorp.com L: linkedin.com/company/moneycorp/ T: @moneycorp I: instagram.com/moneycorp/ |