CompliReg's Peter Oakes talks on the hot topic of #bitcoin and #cryptoassets / #digitalassets for Fintech Ireland with Will Goodbody of RTE - Video and Post here

Central Bank publishes “Dear CEO” letter to Schedule 2 firms on low level of compliance with Anti-Money Laundering and Counter Financing of Terrorism obligations

• Findings include overall lack of compliance by Schedule 2 Firms with AML/CFT obligations
• Boards fail to demonstrate responsibility for ensuring the implementation and ongoing oversight of AML/CFT control framework
• Central Bank will use all means to identify unregistered firms and take appropriate action

The Central Bank has today (16 December 2020) published the outcome of supervisory engagements undertaken in respect of Schedule 2 Firms to assess compliance with their obligations under Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010).

The "Dear CEO" letter*, outlines the Central Bank’s expectations of firms in relation to Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) and Financial Sanctions (FS) requirements and details follow-up actions to be taken by CEOs and Boards in response to the findings outlined.

The examination, which comprised of both inspections and review meetings, found an overall lack of compliance across all areas of the AML/CFT control framework. There is also poor understanding of the requirements from Board and senior management levels, including at those firms who outsourced their AML/CFT and FS activities to third parties.

The examination identified a number of failings across Schedule 2 Firms, including:

1. Board Oversight and Governance - failure to demonstrate Boards had taken responsibility for the implementation and ongoing oversight of AML/CFT and FS in a number of firms. In many instances, AML/CFT and FS was only included on the Board’s agenda following notification from the Central Bank of the upcoming supervisory engagement exercise.
2. Money Laundering/Terrorist Financing Risk Assessment - lack of ongoing and comprehensive assessment and documentation of ML/TF risks that are specific to each firm’s consumers and business activities. In a number of instances, this was exacerbated by reliance on ‘off the shelf’ risk assessment frameworks.
3. Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures - failure to put in place and implement firm-specific AML/CFT and FS policies and procedures, and failure to review and update these on an ongoing basis.

Director of Enforcement & Anti-Money Laundering, Seána Cunningham said: “The Central Bank expects all firms to be alert to the risks that money laundering and criminal financial activities may pose to their customers and business, and the wider integrity of the Irish financial system. This requires CEOs and Boards to have in-depth knowledge and understanding of their Anti-Money Laundering and Counter Financing of Terrorism obligations. It is also essential to have the necessary control framework in place to ensure protection of their business and customers.

“Our supervisory engagements revealed a low level of compliance with the AML/CFT control framework requirements. The culture and tone of any organisation is set from the top. It therefore rests with the Board of these firms to ensure that the necessary AML/CFT governance, risk assessment, policies and procedures, training and awareness are embedded throughout the organisation. While some firms may choose to outsource AML/CFT activities to third party service providers, Boards cannot outsource the responsibility for compliance.

“We will continue to engage directly with those firms where compliance weaknesses and failures have been identified to ensure that they are addressed. We also require all firms to review the content of this letter to ensure that they assess their own compliance with the issues identified.

“We are also taking this opportunity to remind all firms to assess their activities to determine if they are required to register with us under Schedule 2. Firms who fail to register are at risk of significant criminal and/or administrative sanctions. In 2021, the Central Bank will use all means available to identify those firms not registered and take appropriate action.”

ENDS
Notes to Editor

• The Central Bank of Ireland is the competent authority for monitoring the compliance of credit and financial institutions with Part 4 of the CJA 2010, and with taking measures that are reasonably necessary to secure such compliance. Entities engaged in activities outlined under Schedule 2 of the CJA 2020, herein referred to as ‘Schedule 2 Firms’ have been obliged to comply with Part 4 of the CJA 2010 since its implementation in 2010. On 26 November 2018, Section 108A of the CJA 2010 introduced a statutory requirement for Schedule 2 Firms to register with the Central Bank, where such firms are not otherwise authorised or licensed to carry on business by the Central Bank. Details on the registration process is available on the Central Bank website.
• The definition of “financial institutions” in the CJA 2010 includes entities that carry out one or more of the activities specified in Schedule 2 of the CJA 2010, hereto referred to as Schedule 2 Firms, Subject to limited exceptions as set out in the definition of “financial institution” in s24, and in s25(4) of the CJA 2010. Firms engaged in such activities are required to register with the Central Bank pursuant to section 108A of the CJA 2010.

Further information
Media Relations: [email protected] / 01 224 6299
Ewan Kelly: [email protected] / 01 224 6269

Some choice headlines in the papers about Brexit in the past week as we - according to Brexit Ireland's countdown to Brexit clock - just little more than 33 days before 11p.m. (UK time) on Thursday 31st December 2020 when the Brexit transition period ends with no deal on financial services in sight.

This week sees the EU negotiating team returning to London after face-to-face talks came to end more than a week ago after Mr Bariner's team was hit by a case of Covid.  They will be greeted by headiness such as: ​UK dismisses ‘derisory’ EU fishing offer ahead of last-ditch trade talks; 
Europe’s finance sector hits ‘peak uncertainty’ over Brexit; and The City braces for Brexit.

One thing we are still very surprised by is the many in #fintech, #techfin and indeed #finserv (and scarily their advisers) who think that recent news on 'equivalence' deals are applicable to all UK #finserv which passport across the European Union / EEA.

The announcement on Monday 23rd November by the European Commission was simply and specifically about European regulators finalising a late change seeking to avoid chaos in £15tn of derivatives contracts held between UK and EU counterparties. Then on Wednesday 25th, they insisted outposts of EU banks in London would have to trade certain derivatives in the EU.

Back in August 2020 the European Parliament reminded that "Equivalence decisions are a unilateral decision by the Commission. The Commission ultimately exercises its discretion as conferred upon it by the “empowerment” given in EU sectoral legislation.'' BUT MORE IMPORTANTLY "The Commission also enjoys discretion to withdraw equivalence decision. The equivalence frameworks in force do not provide as such specific procedures for monitoring, reviewing or amending equivalence decisions."

There are no equivalence provisions in EU bank, payments nor electronic money directives, and the equivalence provision in MiFiD doesn't apply to retail investment services. See the below table on the 'Role of equivalence in key EU banking and financial services legislation' for confirmation.

The upshot is that if you are a UK authorised payments institution or electronic money intuition, come Thursday 31st December 2020 when your ability to passport across the whole of European Economic Area comes to an end, so too does your business model unless you have obtained an authorisation in an EU/EEA state.  There are are other options available but we'll leave that for another article. 

​If you are a regulated fintech looking for a home post #brexit contact https://complireg.com/authorisations.html.  Read our Fintech Authorisation Guides published jointly by CompliReg and Fintech Ireland on the authorisation process.  And check out the 'Why Ireland for Fintech' brochure.

Why Ireland for your regulated fintech? 

• tax effectiveness
• common law legal system
• similarities to the UK in Irish approach to business
• access to world leading talent in financial services and technology
• reputation of the Central Bank / regulator 
• growing recognition of Ireland as an international fintech hub thanks to the work of the Irish government, its agencies and groups like Fintech Ireland. 

Further reading:

​26 November 2020 - Move to EU or face disruption, City of London is warned

• British financial firms must set up shop in the European Union or expect disruption on January 1st, the European Commission has warned, as it is unlikely to grant the required equivalency permit to ease access to the bloc’s customers by the end of the year.

27 August 2019 - "Third country equivalence in EU banking and financial regulation"

• This briefing provides an insight into the latest developments on equivalence in EU banking and financial regulation both in terms of governance and decision making (Section 1) and in terms of regulatory and supervisory frameworks that governs the access of third countries firms to the internal market (Section 2). The briefing also gives an overview on the possible role of equivalence regimes in the context of Brexit (Section 3) together with Brexit-related supervisory and regulatory issues (Section 4). This briefing is an updated version of a briefing published in April 2018. 

29 July 2019 - Financial services: Commission sets out its equivalence policy with non-EU countries

​12 July 2017 - "Third-country equivalence in EU banking legislation"

• This briefing focuses on the concept of equivalence in EU banking legislation and notably on the difference between “passporting” rights and “third-country equivalence” rights. It gives an overview of existing equivalence clauses in some key EU banking and financial legislation and of equivalence decisions adopted by the European Commission to date.

Today, 17th November 2020, the Central Bank of Ireland released a Dear CEO Letter on "Thematic Inspections of Compliance by Regulated Financial Service Providers with their Obligations under the Fitness and Probity Regime".  Readers are probably aware that the Central Bank issued a previous Dear CEO Letter on 8th April 2019 on "Compliance by Regulated Financial Service Providers with their Obligations under the Fitness and Probity Regime".

If you need assistance with understanding or implementing the requirements, please contact the Team at CompliReg.

• 17th November 2020 Dear CEO Letter 
• 8th April 2019 Dear CEO Letter 

What does the Dear CEO Letter of 17th November 2020 say?

Background:
The Central Bank undertook thematic onsite inspections across a sample of firms in the insurance and banking sectors [Ed- No reference to MiFID, payments, emoney, intermediaries nor the funds industry] in order to assess the level of compliance with the Fintess and Probity (F&P) requirements.   This was on foot of its Dear CEO Letter on the topic of F&P back in April 2019.  The inspections did not examine the fitness and probity of particular individuals, but rather evaluated the processes in place to manage compliance with the requirements of the F&P Regime.

The inspections focused on the following areas:

• Awareness and understanding within firms of their compliance obligations;  
• Initial and ongoing due diligence processes;  
• Oversight and control where Pre-Approval Controlled Function (“PCF”) roles or
• Controlled Function (“CF”) roles have been outsourced; 
• Processes and channels for effective engagement with the Central Bank; and  
• Role of the Compliance Function with regard to the F&P Regime.

The Central Bank towards the end of the letter reminds that the F&P Regime is a cornerstone of the regulatory framework in Ireland, applying not only to individuals but also firms.  Firms must ensure that any individual who is engaged to carry out a CF role has the requisite fitness and probity to do so. 

The Central Bank’s Dear CEO letter of April 2019 emphasised the importance of compliance by firms and identified areas where compliance was inadequate.  As is noted below and in the November 2020 letter, the Central Bank believes that the range of findings from thematic onsite inspections following the April 2009 letter "indicates that many firms do not have due regard to their obligations under the F&P Regime".  The Central Bank is also concerned by the number of firms which did not take action, following the April 2019 letter, to perform a formal ‘gap analysis’ of their  policies, processes and procedures.  Its position seems clear "[i]t is wholly unacceptable that such shortcomings continue to exist in circumstances where the F&P Regime was introduced almost ten years ago."


What did the Central Bank find?:
In summary, the inspections highlighted a number of common issues and shortcomings, resulting in the release of the Dear CEO letter.  The letter sets out key findings and observations from the inspections together with the expectations of the Central Bank, which it believes need to be brought to the attention of the wider financial services industry.  

Helpfully, the Central Bank also set examples of good practices which had been implemented in a number of firms (see Appendix 1 of the Dear CEO Letter November 2020 and set out below).

A significant number of findings were identified in relation to the role of the Board, the conduct of due diligence and the outsourcing of CF roles.  While not all of the issues outlined in the Dear CEO November 2020 letter arose in each firm inspected, the Central Bank reckons that they are representative of the findings across the sample of firms. 

What are the key points arising from the findings?:
(a) role of the Board in the F&P Process:

• the level of awareness by Board members of their fitness and probity obligations was poor. 
• Board appointments were generally not subject to the same level of scrutiny or formality as other PCF/ CF appointments.  There was a notable lack of interview notes and suitability assessments available to support Board appointments, and succession plans generally did not meet expectations and were not used in practice. In a number of cases there was no evidence of Board approval, discussion or challenge of proposed PCF appointments.
• instances of the CEO screening potential Board candidates is inappropriate given the conflict of interest between the respective responsibilities of directors and the executive. 
• it is essential that Board members recognise the importance of the F&P framework and their responsibilities within it, not only for the firm, but also for the Board itself.   The Central Bank expects that the same high standards and rigour be observed and applied to board appointments as to those elsewhere within a firm. [Ed- important to review and include the above into the terms of reference for the Board of Directors and - as appropriate - relevant committees, such as Audit, Risk, Compliance, Remuneration, Nomination committees]

(b) Conducting Due Diligence:

• due diligence was the most consistently weakest area across the majority of firms
• initial and ongoing due diligence undertaken was not sufficiently robust to evidence compliance with the requirements of the F&P Standards.   
• there was a lack of evidence of qualifications, reference checks and suitability searches. 
• shortcomings in ongoing due diligence processes were particularly poor and often limited to an annual self-declaration without any ongoing due diligence screening to check if a change in circumstances had impacted an individual’s F&P. [Ed- Note that shortcoming were also found during the initial due diligence of individuals too]
• in the context of initial due diligence, the Central Bank reminds of the process of PCF application Individual Questionnaires (“IQs”).  These are ultimately endorsed and submitted to the Central Bank by the firm.  The firm must declare in the IQ that it has carried out all necessary due diligence enquiries. It is at this point the firm should disclose all information relevant and potentially relevant to the Central Bank’s assessment of a proposed appointee’s F&P.  Full and frank disclosure is required.  Adverse information in relation to the candidate should be brought to the attention of the Central Bank and the firm should explain why this does not affect the individual’s suitability for the role proposed.  Where a firm has a doubt as to the materiality of a piece of information in this regard, this should be disclosed and explained.  The Central Bank takes non-disclosure seriously, especially where there  is an apparent attempt to mislead.  This may call into question not only the individual’s suitability but also the firm’s decision to propose the individual in question.
• as regards ongoing due diligence, firms have ongoing obligations under Section 21 of the 2010 Act to ensure that they do not allow a person to perform a CF role unless they are “satisfied on reasonable grounds” that the person: (i) complies with the applicable standards of F&P; and (ii) has agreed to abide by those standards.  An annual self-declaration by PCF and CF role holders is the minimum expected. Where a firm becomes aware that there may be concerns regarding the fitness and probity of a person performing a CF role, the Central Bank expects the firm to investigate such concerns and take action as appropriate without delay. 

c) Outsourcing of Roles subject to the F&P Regime
 [Ed- the area of outsourcing is important for large, small, complex and non-complex firms alike]

• where PCF or CF roles are outsourced to unregulated Outsource Service Providers (“OSPs”), the majority of firms had not, as part of their due diligence in appointing CF role holders, obtained the required documentation nor made any inquiries as to the OSP’s process for assessing fitness and probity. In addition, firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed.  
• firms’ obligations with respect to fitness and probity apply irrespective of whether the PCF or CF role is performed within the firm or outsourced to an unregulated OSP.  Firms are required to have appropriate processes and procedures to ensure compliance in both scenarios.

d) Engagement with the Central Bank

• in the majority of firms the processes related to engagement with the Central Bank on fitness and probity issues, including the IQ submission process, have not been adequately developed, documented or embedded. 
• many firms did not have robust processes in place to identify, escalate  and notify the Central Bank in a timely manner of potential concerns regarding the fitness and probity of a CF or PCF holder.  
• lack of engagement with the Central Bank is also a reflection of the passive approach taken by firms to their ongoing due diligence requirements.   The Central Bank expects firms to be proactive in identifying fitness and probity issues as part of its ongoing due diligence and in reporting as appropriate to the Central Bank without delay. 

e) Role of the Compliance Function

• the majority of firms had compliance frameworks, policies and procedures in place.
• it is clear that many firms are not undertaking robust compliance testing of their fitness and probity processes and procedures. 
• F&P process should be subject to comprehensive oversight by the Compliance Function and periodic independent review by the Internal Audit Function to ensure it is fit for purpose. [Ed- important to review and include the above into the terms of reference for both the compliance and internal audit functions]

 
Conclusion of the Central Bank:

• Central Bank expects that all firms take appropriate action to address the significant issues outlined in this letter and be able to evidence same to the Central Bank, where requested. 
• the November 2020 letter should be read in conjunction with the April 2019 letter, the F&P Standards and the associated fitness and probity guidance.    
• failure by a firm to comply with its ongoing obligations can result in an investigation under the Central Bank’s Administrative Sanctions Procedure, leading to potential sanctions for firms and individuals.  
• the Central Bank will continue to engage with firms to assess the robustness of their application of the F&P Regime and will initiate necessary supervisory responses to any weaknesses identified.  [Ed- there is no reference to any firm subject of the thematic F&P inspection will be subject to enforcement]

Appendix 1: Key Findings Identified by the Thematic Inspections

a) Levels of awareness and understanding of the F&P Regime

Role of the Board / Nomination Committee (“NomCo”) in Fitness and Probity Process

1. The level of awareness of fitness and probity obligations was weak throughout many of the firms, with Board awareness of its obligations particularly poor.

2. Board appointment procedures were generally not subject to the same level of scrutiny or formality as other CF and PCF appointments. In most cases, there was a lack of interview notes or suitability assessments available to support Board appointments.

3. In a number of instances there was no evidence of Board approval of the PCF appointment, Board approval of the appointment took place after approval by the Central Bank and/or there was no evidence of discussion or challenge by Board members of the proposed appointment.

4. Instances of the Chief Executive Officer (“CEO”) screening potential Board candidates were noted in a small number of firms. This is inappropriate given the conflict of interests that arise as between the respective responsibilities of directors and the executive.

5. The quality of succession plans for the Board and executive team generally did not meet expectations. Anumber of these succession plans did not set out the skills, competencies and experience required for the various roles and/or how the proposed successor would demonstrate/acquire those. However, some firms had developed their own Board Skills Matrix, which set out the key areas of experience required. This matrix was used to identify gaps in the combined experience of the Board.
 
Functional Responsibility for the F&P Regime

6. Management of the fitness and probity process varied significantly across the firms. Where there were clear, prescribed roles and responsibilities along with appropriate segregation of duties, the due diligence conducted in these firms was of a higher standard than those without clearly articulated and assigned responsibilities.

7. The quality of policies and procedures in relation to fitness and probity varied from firm to firm. Elements of good practice were observed in the form of ‘How To’ guides, establishment of Fitness & Probity Steering Committees, checklists, and clearly documented roles and responsibilities in relation to the fitness and probity process in the firm. However, good practice was not evident in most firms; the majority had disjointed processes that did not clearly outline the roles and responsibilities of the various functions performing fitness and probity related tasks.

Analysis and Mapping of Roles

8. There were instances where no register of employees performing PCF or CF roles was maintained. In addition, the process of regular review of individuals whose role changed, resulting in their coming within the remit of the F&P Regime, was lacking. Good practices identified included a documented requirement to review the job description when a vacancy arises to determine if the role is CF or PCF in nature, and guidelines setting out the key principles and rationale for the general interpretation of the CFs across the firm.

b) Conducting Due Diligence
Initial Due Diligence

9. In the majority of the firms inspected, the initial due diligence undertaken was not sufficiently robust to evidence compliance with the requirements of the F&P Standards. Issues highlighted by the inspections included: a lack of evidence of academic qualifications; lack of references from previous employers; a notable absence of interview notes across the majority of firms inspected; and no evidence of a documented assessment as to the suitability of the candidate.

10. Issues were also identified in a number of instances with a lack of judgement searches, regulatory searches, directorship searches and adverse media searches, including adverse media searches regarding previous employers that could assist with identifying potential fitness and probity concerns to be examined further.

11. Firms assessed as performing better had defined processes in place for conducting initial due diligence, including documented policies and procedures; an understanding of the allocation of responsibilities among the various functions (e.g. Human Resources, Company Secretary and Compliance Function); performed due diligence searches and conducted and retained interview notes.

Ongoing Due Diligence

12. Under Section 21 of the 2010 Act, firms are required to conduct due diligence on an ongoing basis to ensure that employees performing CFs continue to comply with the F&P Standards.

13. All firms had in place a requirement for each PCF and CF role holder to annually certify their compliance with the F&P Standards and their agreement to abide by the F&P Standards. An annual self-declaration by PCF and CF role holders is the minimum expected by the Central Bank.

14. However, the ongoing due diligence process in most firms is limited to the annual self-declaration. Firms should proactively conduct ongoing due diligence screening of staff to ensure there has been no change in circumstance that may affect the fitness or probity of the individual. In one firm they conducted ongoing due diligence searches on an annual basis for all PCF role holders and on a sample basis for CFs.
 
c) Outsourcing of Roles subject to the F&P Regime
15. Where CF roles are outsourced to unregulated OSPs, the majority of firms had not, as part of their due diligence in appointing CF role holders, obtained the required documentation nor made any inquiries as to the OSP’s process for assessing fitness and probity.

16. Firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed. This gives rise to the risk that relevant individuals at OSPs may not be identified and subjected to the F&P Standards.

17. In addition to obligations under the Central Bank’s F&P Regime, the Solvency II Regulations impose requirements on insurance firms with respect to the outsourcing of critical or important functions. Under these Regulations, firms are obliged to verify that all staff of the service provider who will be involved in providing the outsourced functions or activities are sufficiently qualified and reliable. There was generally a low awareness of Solvency II obligations in this regard and these had not been included in applicable policies and procedures.
 
d) Engagement with the Central Bank
18. Firms did not have clearly defined procedures covering the various stages of the IQ process including initiation, compilation, completion, review, approval and submission of the IQ application. In addition, there was a lack of clarity in relation to what could be regarded as a material fact for inclusion in the IQ.

19. Firms did not have robust processes in place to identify, escalate and notify an appropriate individual or function, within the firm in a timely manner, of potential concerns regarding the fitness and probity of a CF or PCF holder. Additionally, there was a distinct lack of policies or procedures to support these escalations (i.e. investigation of concerns and the taking of timely action as appropriate) or to ensure timely notification of actions taken to the Central Bank.

20. Overall, the processes related to engagement with the Central Bank on fitness and probity issues, including IQ submission process, have not been adequately developed, documented or embedded.

e) Role of the Compliance Function
21. The majority of firms had compliance frameworks, policies and procedures in place. There was a good understanding of fitness and probity obligations by the Compliance Function in a number of the firms inspected. However, in some cases there was an over reliance placed on the Compliance Function, thereby creating potential key person risk.

22. Many firms are not undertaking robust compliance testing of their fitness and probity processes and procedures. The fitness and probity process should be subject to periodic independent review by the third line of defence.



​If you need assistance with understanding or implementing the requirements, please contact the Team at CompliReg.

• 17th November 2020 Dear CEO Letter 
• 8th April 2019 Dear CEO Letter 

Here's one for the #moneylaundering typology case studies for #MLROs as part of regulatory training requirements!
 
Relates to the collapse of major investigation into the Kinahan cartel and more than half a billion euros- particularly €500,000,000 stash of cars, properties & cash handed back to the accused by a Spanish judge after collapse of money laundering case.
 
Can understand that staff and MLROs at financial institutions and other obliged entities which do a lot of the initial legwork in identifying suspicious transactions may feel underwhelmed (to say the least) when a case like this collapses.
 
We should train on all types of cases, regardless if there is a criminal outcome or not. Staff (and boards) need to appreciate that not all suspicious transactions reports will 'result' in a criminal outcome, but that doesn't excuse obliged entities and their staff from complying with the legal requirement to report suspicious transactions. A skill MLROs and trainers need to focus upon is motivating staff, themselves and the senior executive to stay the course.
 
https://www.linkedin.com/posts/peteroakes_moneylaundering-mlros-financialcrime-activity-6719937607700135936-jZUH
 
#antimoneylaundering #financialcrime #mlros #suspicioustransactions #lawenforcement

Check out the linkedin post with link to news article.
​

ECB confident it can create a digital euro.

With ECB officials concerned that the Chinese central bank is potentially a couple of years away from launching its own digital renminbi after it conducted large-scale experiments, it has identified several scenarios that would require it to launch a digital euro.

Two scenarios are:

1. 1) centralised: The ECB will record all digital euro transactions in the central bank’s own ledger.
2. 2) decentralised: The ECB would set the rules for transactions to be settled and recorded by supervised intermediaries.

Either way, some serious #regtech and #suptech will be required.

Despite a 55-PAGE REPORT, the question is whether the ECB can stay ahead of the rapidly changing world of #digitalcurrencies and #payments.

Central bankers are increasingly interested in the relatively new world of digital currencies, particularly since Facebook announced a plan to launch one called Libra that has the potential to overhaul the way money works. 
 
ECB officials believe the Chinese central bank is potentially a couple of years ‘ away from launching its own digital renminbi after it conducted large-scale experiments. 

In an interesting development, Bloomberg reported on 1 October 2020, that the European Central Bank has applied to trademark the term “digital euro” as officials prepare to release an assessment of the benefits and drawbacks of creating a digital version of the currency.  The application was filed on 22 September by the ECB’s legal representatives Bock Legal, according to the website of the European Union Intellectual Property Office. An ECB spokesman confirmed the filing.

The ECB outlined potential scenarios “that would require the issuance of a digital euro”. These include higher demand for electronic payments that creates a greater need for a “risk-free digital means of payment”, as well as the potential that a cyber attack or pandemic disrupts the existing payment system and requires a digital euro to serve as a back-up.

Another scenario is a further sharp drop in cash usage that leaves some people financially excluded.

Finally, it examined the potential rapid adoption of other private or public digital currencies including those issued by foreign central banks that ‘could “threaten European financial, economic and, ultimately, political sovereignty”. The ECB said a digital euro “also poses challenges, but by following appropriate strategies in the design of the digital euro the Eurosystem can address these”.

My Linkedin Post here

Sources: 

• https://www.ft.com/content/b6f0c233-0b35-45d1-896f-1c6599558d9b
• https://www.bloomberg.com/news/articles/2020-10-01/ecb-applies-for-digital-euro-trademark-amid-feasibility-study 
• https://www.ecb.europa.eu

Peter Oakes, fintech and financial crime expert talks to Gabriel Vedrenne of ACAMS MoneyLaundering.com about European financial institutions that switched to onboarding all new clients remotely at the height of COVID-19 lockdowns should review their customer files to ensure that adequate due diligence was conducted as per the European anti-money laundering standard setter warned.
​
​CLICK HERE

Source: AUSTRAC
Press Release 24 September 2020

Westpac and AUSTRAC have today agreed to a AUD$1.3 billion dollar proposed penalty over Westpac’s breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). Westpac and AUSTRAC have agreed that the proposed penalty reflects the seriousness and magnitude of compliance failings by Westpac.

The Federal Court of Australia will now consider the proposed settlement and penalty. If the Federal Court determines the proposed penalty is appropriate, the penalty order made will represent the largest ever civil penalty in Australian history. 

In reaching today’s agreement, Westpac has admitted to contravening the AML/CTF Act on over 23 million occasions, exposing Australia’s financial system to criminal exploitation.
In summary, Westpac admitted that it failed to:

• Properly report over 19.5 million International Funds Transfer Instructions (IFTIs) amounting to over $11 billion dollars to AUSTRAC.
• Pass on information relating to the origin of some of these international funds transfers, and to pass on information about the source of funds to other banks in the transfer chain, which these banks needed to manage their own ML/TF risks.
• Keep records relating to the origin of some of these international funds transfers.
• Appropriately assess and monitor the risks associated with the movement of money into and out of Australia through its correspondent banking relationships, including with known higher risk jurisdictions.
• Carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation.

In reaching the agreement, Westpac has also admitted to approximately 76,000 additional contraventions which expand the original statement of claim. These new contraventions relate to information that came to light after the civil penalty action was launched last year and relate to additional IFTI reporting failures, failures to reasonably monitor customers for transactions related to possible child exploitation, and two further failures to assess the money laundering and terrorism financing risks associated with correspondent banking relationships.

AUSTRAC’s Chief Executive Officer, Nicole Rose PSM said the settlement sends a strong message to industry that AUSTRAC will take action to ensure our financial system remains strong so it cannot be exploited by criminals.

“Our role is to harden the financial system against serious crime and terrorism financing and this penalty reflects the serious and systemic nature of Westpac’s non-compliance,” Ms Rose said.
“Westpac’s failure to implement effective transaction monitoring programs, and its failure to submit IFTI reports to AUSTRAC and apply enhanced customer due diligence in relation to suspicious transactions, meant AUSTRAC and law enforcement were missing critical intelligence to support police investigations.”

Ms Rose said such a large number of breaches over several years was unacceptable and could have been avoided with better assurance and oversight processes to identify ongoing reporting failures.
AUSTRAC works in partnership with the businesses we regulate through a comprehensive industry education program.

“We have been, and will continue to work collaboratively with Westpac and all businesses we regulate to support them to meet their compliance and reporting obligations to ensure this doesn’t happen again in the future.”

Westpac continues to partner with AUSTRAC to assist AUSTRAC and law enforcement agencies to stop financial crime, including as a member of AUSTRAC’s private-public partnership the Fintel Alliance.

About AUSTRACAUSTRAC (the Australian Transaction Reports and Analysis Centre) is the Australian Government agency responsible for detecting, deterring and disrupting criminal abuse of the financial system to protect the community from serious and organised crime.

Through strong regulation, and enhanced intelligence capabilities, AUSTRAC collects and analyses financial reports and information to generate financial intelligence.
​
Learn more about AUSTRAC: https://www.austrac.gov.au/about-us/austrac-overview 
Media contactEmail: [email protected] 
Phone: (02) 9950 0488  

Source: Central Bank of Ireland
Press release – 24 September 2020
 
Enforcement Action Notice: KBC Bank Ireland plc reprimanded and fined €18,314,000 by the Central Bank of Ireland for regulatory breaches affecting tracker mortgage customer accounts
 
On 22 September 2020, the Central Bank of Ireland (the “Central Bank”) reprimanded and fined KBC Bank Ireland plc (“KBC” or the “Firm”) €18,314,000 pursuant to its Administrative Sanctions Procedure (“ASP”) in respect of KBC’s serious failings to certain tracker mortgage customers holding 3,741 customer accounts from June 2008 to October 2019. KBC has admitted in full to 12 regulatory breaches.
 
The Central Bank has imposed a fine at the highest end of its sanctioning powers, reflecting the gravity with which the Central Bank views KBC’s failures. The impact of KBC’s failings on its customers, which related to 3,741 accounts, was devastating and included significant overcharging and the loss of 66 properties. Additionally, KBC’s engagement and co-operation with the Central Bank’s Tracker Mortgage Examination (the “TME”) was deeply unsatisfactory. KBC caused avoidable and sustained harm to impacted customers due to the Firm’s unwillingness to acknowledge its failings until December 2017 and to take immediate action to apply the protections of the TME. Had KBC adhered to the TME guidelines sooner, without the need for significant and sustained Central Bank intervention, the harm to its customers – particularly incidences of property loss - would have been significantly reduced.  The Central Bank determined that the appropriate fine was €26,162,857, which was reduced by 30% to €18,314,000 in accordance with the settlement discount scheme provided for in the Central Bank’s ASP[1]. This will be paid to the Exchequer[2].
 
This fine is in addition to the €153,524,363 that KBC has been required to pay to date in redress and compensation and account balance adjustments under the TME to its impacted tracker mortgage customers. 
 
The enforcement investigation, which was conducted in parallel with the TME, sought to determine how and why KBC failed to fulfil its obligations to their customers. The investigation also examined KBC’s failure to adhere to the Central Bank’s requirements under the TME.
 
Over the course of 2008, tracker mortgages were becoming increasingly unprofitable for KBC, resulting in the withdrawal of the product by July 2008. The Central Bank’s investigation found that in doing so, KBC failed to treat its existing tracker mortgage customers fairly and put KBC’s financial interests above the protections their customers should have been afforded. In particular, KBC’s failures resulted from:
 
(i)  A proactive strategy to convert customers off their tracker rates: In 2008, KBC devised a strategy to permanently convert certain customers from their low-cost tracker rates. This applied to customers seeking fixed rates or interest only periods at a time when KBC knew that trackers were unprofitable for them. KBC failed to adequately warn the customers concerned that such amendments would result in the permanent loss of their tracker rates. The impact of this strategy was that certain customers, some of whom were already in financial distress, were required to make higher monthly mortgage repayments over the remaining term of their mortgages. This in turn increased the profit margin KBC made on these mortgages.

(ii)  Failure to adequately warn customers entering interest only or fixed rate periods that they would be unable to return to their tracker rates:  At a time when KBC was withdrawing tracker products, it failed to provide customers with clear documentation and/or to provide customers with vital information that their request to fix their interest rate or move to an interest only period would lead to the permanent loss of their tracker interest rate.  KBC also failed to warn customers seeking an interest only arrangement that they stood to pay more interest over the lifetime of their loan.

(iii) Failure to adequately comply with the Central Bank’s Framework for the TME: KBC failed to adhere to the guidelines set out in the Central Bank’s TME Framework, requiring significant intervention from the Central Bank to ensure that all impacted customers were identified, redressed and compensated. 

(iv) Failure to adequately comply with the Stop the Harm Principles of the TME: From the outset of the TME in December 2015, KBC failed to take adequate steps to prevent customers from suffering any further harm or detriment pending the outcome of the TME review. This included failing to stop charging higher, incorrect rates of interest and failing to halt legal activity and loss of ownership of customers’ properties.  Of the 66 properties referenced above that were lost as a result of KBC’s tracker mortgage failures, 39 of these could have been avoided had KBC implemented the Stop the Harm Principles immediately and as required. The Firm’s approach to, and implementation of, these protections was grossly inadequate.

(v) Provided incorrect information to the Financial Regulator[3] in respect of KBC’s treatment of certain tracker customers: In 2009, KBC advised the Central Bank that customers who sought interest only arrangements did not lose their tracker rates for the remaining term of their loans. This was incorrect. As a result, certain interest only customers were denied redress and compensation and an account balance adjustment until identified as having wrongfully lost their tracker through the TME 8 years later.  KBC only acknowledged that it had not treated these customers fairly following robust and sustained intervention by the Central Bank during the TME.              

(vi) Operational and systems failings: In addition, the investigation found that KBC had inadequate mortgage systems and/or operational controls in place to enable them to meet their regulatory and contractual obligations to certain customers. In total there were 12 separate regulatory breaches of the European Communities (Unfair Terms in Consumer Contracts) Regulations 1995 (“1995 Regulations”), the Consumer Protection Codes 2006 and 2012 (“2006 Code” and “2012 Code” respectively). 
 
The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, said:
 
“The Central Bank’s investigation into KBC has revealed a stark example of the very real harm caused to people when financial service providers fail to treat their customers fairly. By placing their own financial interests ahead of their customers’ best interests, KBC failed to adequately consider their obligations under the Consumer Protection Codes, which were put in place in order to protect customers in their dealings with financial service providers.
 
The impact of KBC’s actions on their customers was devastating and avoidable. By overcharging customers over extended periods, KBC forced people into arrears, including certain customers whom KBC knew were already facing financial difficulties. Some customers suffered the most severe impact with 66 properties being lost by customers, 11 of which were family homes.
 
Our investigation found KBC persistently refused to accept its failings despite having multiple opportunities to remedy the detriment that it was causing to its customers over an extended period. KBC’s actions in this regard, including the failure to adequately comply with the Stop the Harm Principles of the TME, were simply unconscionable.  KBC’s initial review of their mortgage loan book during the TME identified only 93 impacted customer accounts. The total number of impacted customer accounts has since increased to over 3,700 but only following the sustained challenge and intervention of the Central Bank. 
We expect firms to engage in an open, timely and constructive manner with the Central Bank and to do the right thing by their customers, not because they are told to but because it is the right thing to do. KBC’s failures reinforce the Central Bank’s view that the financial services industry has a long way to go in breaking down the deep-set cultures that cause such terrible damage to people’s lives.
Our message today is clear, and goes beyond the tracker mortgage related issues to all regulated firms: Firms should act in the best interest of their customers and consider their Consumer Protection Code obligations when making decisions that impact their customers.  Where firms fail to do so, our response will be robust and the consequences will be serious.”
 
 
Background to the investigation into KBC
KBC Mortgage Bank (formerly IIB Homeloans Limited) is a credit institution and a regulated financial service provider.  IIB Homeloans Limited applied for authorisation as a retail credit firm by the Central Bank in May 2008 following the enactment of legislation introducing the retail credit firm regime, thereby becoming subject to the Consumer Protection Codes from 1 June 2008.  IIB Homeloans Limited subsequently obtained a banking licence from the Central Bank on 24 October 2008, at which time it officially renamed its operations in Ireland ‘KBC Mortgage Bank.’  In or around June 2009, KBC Mortgage Bank transferred its business to KBC Bank Ireland plc, amalgamating the businesses formerly conducted by IIB Bank plc and IIB Homeloans Limited/KBC Mortgage Bank.
 
KBC introduced tracker mortgages to its range of products in 2003, ultimately withdrawing them from the market on 4 July 2008, as KBC viewed them as no longer profitable. 
In September 2015, the Central Bank notified lenders that it was developing the Framework for the TME, which was to be grounded on consumer legislation, including both the 2006 Code and the 2012 Code. In December 2015, the TME was established. Lenders were required to determine whether or not in all circumstances it had complied with its consumer protection regulatory obligations.
 
The TME was designed to ensure that lenders met their consumer protection obligations by requiring lenders to:

1.       Conduct a complete review of their tracker mortgage loan book to identify customers who may not have been treated fairly.
2.       Take steps - pending the determination of impact under the TME - to (i) stop charging the incorrect rate of interest at the earliest possible time, (ii) halt all legal activity and (iii) ensure that customers did not lose ownership of their properties.  The objective of this requirement was for lenders to take early steps to Stop the Harm, thus shielding potentially impacted customers from further harm and detriment. 
3.       Return impacted customers to the position they would have been in but for the tracker mortgage failings, which included, rate rectification or the option to return to a tracker rate. Furthermore, lenders were required to pay compensation commensurate to the harm caused to each customer given their specific circumstances.

In early 2016, as part of its early engagement on the TME, the Central Bank notified KBC that it should consider whether the documentation provided to customers entering into an interest only or a fixed rate period may have led to an expectation that they could return to a tracker rate on expiry.  When KBC failed to include those customers in the TME in September 2016, the Central Bank continued to challenge KBC’s assessment of whether particular groups of customers were impacted under the TME and therefore entitled to redress and compensation and have their account balance adjusted.  KBC persistently refused to accept its tracker mortgage failings until December 2017, further evidencing KBC’s failure to put its customers first.  KBC’s failings uncovered as part of the TME led to the commencement of the Central Bank’s enforcement investigation.
 
Regulatory breaches
KBC has admitted 12 regulatory breaches of the 1995 Regulations, the 2006 Code and the 2012 Code, which were identified during the Central Bank’s investigation.  These breaches occurred as a result of the following:

1. A proactive strategy to convert customers off their tracker rates;
2. Failure to adequately warn customers entering into interest only or fixed rate periods that they would be unable to return to their tracker rates, at a time when KBC was withdrawing tracker products;
   
3. Failure to adequately comply with the Central Bank’s Framework for the TME;
4. Failure to adequately comply with  the Stop the Harm Principles of the TME;
5. Provision of incorrect information to the Financial Regulator in respect of KBC’s treatment of certain tracker customers; and
6. Operational & Systems failings.  

Further detail of these failings is set out below.    

1.  A proactive strategy to convert customers off their tracker rate In 2008, KBC devised a strategy to permanently convert customers from their low-cost tracker rates, with the result that they were required to make higher monthly mortgage repayments over the remaining term of their mortgages and in turn increased the profit margin KBC made on the mortgage.

At a time when KBC knew trackers were unprofitable, KBC implemented this strategy of seeking to permanently convert customers from their tracker rates through two separate direct mailings to customers in August and September 2008 (the “direct mailings”).  KBC’s strategy was to convert its customers from their tracker rates to fixed rates, immediately increasing their margin, while ensuring that those mortgages would revert to standard variable rates and not a tracker on the expiry of the fixed rate period. Once this occurred, KBC could control the interest rate being charged. KBC failed to adequately warn those customers that they would not return to their tracker at the expiry of the fixed rate period. Following intervention by the Financial Regulator in 2008, KBC agreed to give the option to direct mailings customers who had switched from a tracker rate to a fixed to return to their tracker rates.

Furthermore, during the course of 2008 and early 2009, KBC took the opportunity to move certain customers, some of whom were in arrears, from their pre-existing tracker rate when the customer requested to enter into or  extended an existing interest only period. For example, in some circumstances, KBC required customers to switch to a standard variable rate to avail of the break in capital payments arising from the interest only arrangement, whereas in other instances, customers were required as a condition of approval for the interest only period to first enter into a fixed rate period that would not revert to their tracker on its expiry. In doing so, KBC failed to adequately warn those customers that they would not return to their tracker on the expiry of the interest only period.  The resulting loss of the tracker rate invalidated the benefit to customers of availing of a temporary repayment break with the customers then making higher monthly mortgage repayments over the remaining term of their mortgages and increasing the profit margin KBC made on the mortgage.

This practice continued into early 2009 in respect of certain interest only customers. Due to the fact that KBC provided incorrect information to the Financial Regulator in 2009 when challenged on this matter and failed to properly engage with the TME, the position of interest only customers was not fully rectified until late 2017, as explained in more detail below. This failure to rectify was despite the fact that KBC reviewed the position of some of their interest only customers’ accounts and customer documentation in 2011 as part of an internal review.

KBC failed to adequately consider the impact of the strategy on their customers and their obligations under the 2006 Code. KBC has admitted that this strategy did not meet its obligation to act honestly, fairly and professionally in the best interests of its customers.
 
The Central Bank also found that KBC failed to have and/or effectively employ necessary and/or adequate resources, procedures, and systems and control checks in place to ensure that it adequately considered its consumer protection focused obligations when taking strategic and financial decisions in relation to its tracker book.
 
KBC has admitted breaches of the 2006 Code in respect of this behaviour, as follows:

•          KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acted honestly, fairly and professionally in the best interests of its customers and the integrity of the market;

•          KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acted with due skill, care and diligence in the best interests of its customers; and
•          KBC failed to ensure that in all its dealings with customers and within the context of its authorisation, it had and employed effectively the resources and procedures, systems and control checks that are necessary for compliance with the 2006 Code.

2.  Failure to adequately warn certain customers entering into interest only or fixed rate periods that they would be unable to return to their tracker rates The Central Bank found that KBC failed to comply with the requirements of the 2006 Code, the 2012 Code and the 1995 Regulations with regard to its obligation to ensure that documentation provided to customers at key points was clear and comprehensible and that key information was brought to their attention. These failures manifested in three distinct scenarios:

Interest Only Customers
Certain customers who sought forbearance on their mortgages through an interest only arrangement were impacted over the period from 19 June 2008 to 3 October 2018, many of whom were in financial distress and thus particularly vulnerable. The Central Bank found that contractual documentation that issued to certain interest only customers did not specifically refer to the rate that those customers would default to on maturity of the interest only period and thus it was not clear that those customers would lose their tracker rate for the remaining term of their mortgage. Certain customers lost their low cost tracker rates for the remaining term of their mortgage when they took up an interest only facility.

Customers entering into a fixed rate using a Fixed Rate Instruction Form (“FRIF”)
Certain customers were impacted when they sought to enter into a fixed rate period on their mortgage and completed a FRIF. Certain FRIF documents, when read in conjunction with other loan documentation, were unclear as to the rate to which the mortgage would default to at the end of the fixed rate period. These customers were therefore not clearly informed that they would not be able to return to their pre-existing tracker rate as a consequence of entering into the fixed rate period.
Customers entering into a fixed rate after trackers were withdrawn
Certain tracker mortgage customers who sought to enter into a fixed rate period after KBC had withdrawn tracker mortgages as a product offering were impacted. KBC failed to inform these customers in advance of fixing that they would no longer be able to avail of their tracker rate at the end of the fixed rate period, as trackers had been withdrawn from KBC’s product offering. 
KBC has admitted breaches in relation to its failures to warn customers as follows: 
        

• KBC failed to ensure that, in all of its dealings with customers, it made full disclosure of all relevant material information in a way that sought to inform the customer;     
• KBC failed to ensure that all information it provided to its customers was clear and comprehensible and that key items were brought to customers’ attention;        
• KBC failed to act with due skill, care and diligence in the best interests of its customers;        
• KBC failed to ensure that contractual terms were drafted in plain, intelligible language;        
• KBC failed to have or did not effectively employ adequate resources, policies and procedures and systems and controls.

Certain of these breaches continued until the end of 2018, when KBC corrected the interest rates, paid redress and compensation and adjusted their account balances as part of the TME. 

3)  KBC’s failure to adequately comply with the Central Bank’s Framework for the TME  
The Central Bank’s Framework for the TME required lenders to conduct the TME and determine whether or not in all circumstances they had complied with their consumer protection obligations arising from a number of pieces of consumer legislation including the 2006 and 2012 Codes.  The Framework also specified the manner in which lenders were required to conduct the TME, as follows:
 
“When completing the Examination and when assessing compliance with regulatory requirements, the lender is to demonstrate that it is ensuring that customers’ interests are protected, that customers are being treated fairly and that it has considered customers’ reasonable expectations with regard to their entitlement to a Tracker Interest Rate, in the context of the information provided and the disclosures made by the lender to customers.”
 
 
The Central Bank found that KBC’s approach to the TME evidenced a failure to comply with the consumer protection principles at the heart of the TME requirements that the Central Bank put in place in order to protect customers. KBC did not give adequate consideration to its regulatory obligations, to customer fairness or to the transparency of communications with customers, as required. Instead, KBC’s decision-making during the TME resulted in the identification of only a fraction of the customers rightly entitled to redress and compensation and have their account balance adjusted. In this regard, KBC did not deem interest only customers or customers who had received the FRIF as being impacted. KBC initially concluded that interest only customers had no entitlement to inclusion and that the Fixed Rate Instruction Form was clear. KBC took this position despite the Central Bank having raised concerns regarding both interest only and fixed rate customers at the outset of the TME.  KBC ultimately conceded that these customers should be included in the TME in late 2017, following prolonged and consistent challenge from the Central Bank on these and other matters.
 
From the commencement of the TME in 22 December 2015 to April 2019, KBC failed to:  

• adequately consider whether, in all the circumstances, it had complied with its regulatory obligations arising pursuant to the 2006 Code; 
•  adequately consider all influencing factors when determining whether detriment had arisen or may have arisen; and
• adequately consider, in the context of the transparency of documentation provided to customers, whether there was potential to confuse or mislead customers

 
each of which is contrary to the TME Framework which was designed to ensure the protection of impacted customers. KBC’s failure to adhere to the guidelines set out within the TME Framework resulted in the continued overcharging of certain customers’ accounts until KBC customers were put on the correct interest rates and paid redress and compensation and had their account balance adjusted. 
 
KBC has admitted breaches in respect of its failure to protect customers and apply the Central Bank’s Framework for the TME, as follows:

• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acted, fairly and professionally in the best interests of its customers and the integrity of the market;
• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acted with due skill, care and diligence in the best interests of its customers;
• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it had and employed effectively the resources, policies and procedures, systems and control checks, including compliance checks, and staff training that are necessary for compliance with the 2012 Code.

These breaches continued until KBC customers were put on the correct interest rates, paid redress and compensation and had their account balance adjusted. 

4) Failure to adequately comply with the Stop the Harm Principles of the TME
In June 2015, the Central Bank issued a letter to industry which set out the Central Bank’s regulatory expectations in respect of mortgage lenders, including those in respect of customers in financial difficulty. These regulatory expectations were grounded upon the 2006 and 2012 Codes. The purpose of this letter was to set out the outcomes and feedback from a themed inspection of mortgage lenders in respect of compliance with the Code of Conduct on Mortgage Arrears. The letter set out the regulatory expectations on mortgage lenders in respect of “Customer Impacting Issues for Borrowers in Financial Difficulty”.  These regulatory expectations were the Stop the Harm Principles, which lenders were required to comply with to stop further detriment to potentially impacted customers. 
 
The Central Bank subsequently reiterated the Stop the Harm Principles specifically with regard to accounts within the scope of the TME, again grounded upon the 2006 Code and the 2012 Code.
 
The core objective of the Central Bank’s work in the TME was to require lenders to seek to address the impact their actions had on impacted customers. To help achieve this aim, the Principles of Redress, including the ‘Stop the Harm’ Principles, required lenders to put in place, amongst other things, controls and measures to ensure that potentially impacted or impacted customers did not suffer any further detriment. 
These measures were designed to ring-fence and protect customers until such time as the lender could either satisfy themselves that the relevant customers were not affected or until such time as the lender had paid them redress and compensation and had their account balance adjusted. The ‘Stop the Harm’ Principles were designed to ensure that lenders ceased charging the incorrect rate at the earliest possible time, that lenders did not take steps in the legal process in relation to potentially impacted and impacted customers and that potentially impacted and impacted customers did not lose ownership of their properties.

The Central Bank found that between December 2015 and September 2016, KBC failed to adequately implement the Central Bank’s Stop the Harm Principles with the procedures adopted failing to prevent further detriment from occurring to customers. KBC’s ‘Stop the Harm’ policy allowed it to take steps in the legal process, up to and including obtaining orders for possession in the Courts and appointing receivers over properties. This included instances whereby KBC authorised the progression of legal activities before they had made a final determination on the cohorts of customers that it considered ‘impacted’ under the TME.

In September 2016, KBC incorrectly deemed customers who lost their tracker rates on taking up interest only arrangements as ‘not-impacted’ under the TME.  Consequently, KBC removed the Stop the Harm protections for these customers. As of result of this action, 11 properties were unnecessarily lost by these customers.  

Finally, during the course of the TME, KBC failed to inform many customers seeking to sell, or otherwise dispose of their properties, including by way of assisted voluntary sale or surrender, that they may be impacted under the TME and may be entitled to redress and compensation and to have their account balance adjusted. Therefore, in some instances, the customer’s decision to dispose of their property was not fully informed.

These failures resulted in additional and avoidable harm to certain customers and in some cases legal proceedings were progressed, up to and including loss of ownership.

KBC has admitted breaches in respect of its failure to apply the Stop the Harm Principles, as follows

• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acts fairly and professionally in the best interests of their customers and the integrity of the market;        
• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acts with due skill, care and diligence in the best interests of their customers;        
• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it has and employs effectively the resources, policies and procedures, systems and control checks, including compliance checks, and staff training that are necessary for compliance with the 2012 Code;    
• KBC failed to ensure that, in all of its dealings with customers, it made full disclosure of all relevant material information in a way that sought to inform the customer; and        
• KBC failed to supply information to consumers on a timely basis.  KBC failed to have regard to the urgency of the situation and the time necessary for consumers to absorb and react to the information provided.

 
5) Provided incorrect information to the Financial Regulator
Following media reports in 2009, which referenced that KBC were allegedly exploiting interest only customers by requiring them to move to a standard variable rate as a condition of taking up an interest only facility, the Financial Regulator sought clarification regarding the manner in which KBC treated those customers. 

KBC confirmed to the Financial Regulator that it did not remove tracker interest rates from both arrears and non-arrears customers who entered into interest only arrangements for the remaining term of their mortgages.  This was not in fact the case as certain arrears and non-arrears customers had lost their tracker rates at the time.

This investigation found that, through KBC’s failures to undertake proper due diligence and care in the gathering of information, KBC provided incorrect information thus misleading the Financial Regulator in 2009 in respect of the treatment of KBC’s interest only customers. This had far-reaching consequences for these customers.  Having assured the Financial Regulator that these customers returned to their tracker rates on the expiry of the interest only facility, no further regulatory action was taken at that time.  Consequently, customers who sought forbearance on their mortgage repayments continued to be charged higher rates of interest for the remaining term of their mortgages. The provision of this incorrect information to the Financial Regulator facilitated the persistent and ongoing breaches of the Consumer Protection Codes by KBC in relation to these customers until this issue was later identified and ultimately rectified under the TME.

The Central Bank examined KBC’s treatment of interest only customers again in the context of the TME.  At that point, the Central Bank became aware that KBC had provided incorrect information to the Financial Regulator in 2009. 

KBC ultimately conceded that interest only customers were impacted for the purpose of the TME in October 2017.  This came only after robust challenge from the Central Bank regarding KBC’s initial decision in September 2016 to exclude these customers from the TME.  Interest only customers finally received redress and compensation and had their account balance adjusted in late 2017, approximately 8 years following the incorrect information that had been provided by KBC to the Financial Regulator on the same issue.

KBC has admitted breaches in relation to providing inaccurate information to the Financial Regulator, as follows: 

• KBC failed to provide information, which is full, fair and accurate in all respects and not misleading, and to do so in any reasonable period of time or format that may be specified by the Financial Regulator.

 
6)  Operational and systems failings During the course of KBC’s review of its tracker mortgage book and also within the TME, KBC identified a number of operational and systems failings which affected customers and resulted in, amongst other things, customers being placed on the incorrect interest rate; placed on the incorrect product type; provided with incomplete, inaccurate and unclear documentation; offered the incorrect tracker rate or not receiving appropriate information in relation to their entitlement or loss of entitlement to a tracker rate.  In addition, due to operational and systems failings, KBC failed to comply with an undertaking given to the Central Bank in 2009 to return all of the direct mailing customers to their previous tracker rates.

The investigation found that KBC had inadequate operational and systems controls in place to enable them to meet their regulatory obligations to certain tracker mortgage customers. Procedural and systems weaknesses, deficient processes, administrative errors including the failure to implement amendments to customer accounts in a timely manner, operational errors, reliance on standard documentation not tailored to the particular customers’ circumstances and reliance on manual interventions were all factors which contributed to KBC’s failings which occurred over an extended period of time. 

KBC has admitted breaches in relation to these operational and systems failings, as follows

• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it acted with due skill, care and diligence in the best interests of their customers;
  
• KBC failed to have adequate systems and controls in place to ensure compliance with the 2006 Code and the 2012 Code;        
• KBC failed to ensure that in all its dealings with customers and within the context of its authorisation it had and employed effectively the resources, policies and procedures, systems and control checks, including compliance checks, and staff training that are necessary for compliance with the 2012 Code.

 
Impacted numbers
In summary, our investigation found that a total of 3,741 customer accounts were impacted as a result of KBC’s numerous failures over an extended period of time, with some customers being affected by more than one of the above issues.
 
Penalty Decision Factors
In deciding the appropriate penalty to impose, the Central Bank considered the ASP Sanctions Guidance issued in November 2019. The following particular factors are highlighted in this case:
 
The Nature, Seriousness and Impact of the Contraventions

1.        KBC proactively devised and implemented a strategy to permanently convert customers off their tracker rate resulting in KBC’s financial interests being prioritised over the best interests of customers;
2.        The duration and frequency of the breaches, with 3,741 impacted customer accounts identified during the course of the investigation, the earliest breach having commenced on 1 June 2008 and the latest breach being 2 October 2019, resulting in customers being overcharged interest for extended periods. The duration is particularly serious given the historic intervention by the Regulator, a pattern of intervention which was repeated throughout the TME;
3.        66 properties were lost as a direct result of KBC failing their customers, which is particularly serious when 39 of those losses arose from KBC’s failures to Stop the Harm to its customers during the conduct of the TME;
4.        The contraventions represent  a serious departure from required standards under the Consumer Protection Codes and the Principles of the TME;
5.        The failure by KBC to include all impacted customer accounts in the TME quickly and without intervention by the Central Bank, leaving over 3,600 customer accounts without redress and compensation and to have their account balance adjusted for a period of up to 2 years;
6.        The negative impact on consumer confidence in the market as a result of KBC’s failings; and
7.        The operational and system weaknesses that led to failures to protect customers.

 
Aggravating factors

1.        The failure to take adequate remedial steps after the breaches were identified, including a failure to adequately identify whether customers were impacted and attempting to exclude potentially impacted customers from the protections of the TME;
2.        KBC provided incorrect information to the Regulator with the result that sustained harm was suffered by certain customers. If KBC had provided correct information that customers had in fact lost their trackers, harm could have been stopped in 2009 and customers remediated then rather than 8 years later when KBC’s failure was discovered;
3.        KBC’s failure to meet the Central Bank’s expectations of adequate cooperation  in the context of the investigation by failing to adequately respond to a number of statutory requests for information in a comprehensive and timely manner, necessitating significant challenge and intervention by the Central Bank, which wasted investigatory resources and caused delay in the Central Bank’s ability to progress the investigation;
4.        The Previous Record of the Regulated Entity: KBC has been subject to one prior Enforcement Action; and
5.        The need for a credible deterrent in respect of these serious regulatory failings on KBC and other regulated entities.

 
This enforcement action against the Firm is now concluded. This marks the completion of the second in a series of ongoing investigations which were commenced, and will therefore conclude, at different times.

Notes to Editors
 
1.       The Central Bank imposed a fine of €18,314,000 on KBC, which represents the maximum applicable penalty of €26,162,857 with a settlement discount of 30%. This fine is at the highest end of its sanctioning powers. The Central Bank’s ‘Outline of the Administrative Sanctions Procedure’ provides for an early settlement discount of up to 30% in order to promote early resolution of matters, which in turn leads to better utilisation of the resources of the Central Bank.  For further information on the discount scheme, see the Central Bank’s ‘Outline of the Administrative Sanctions Procedure’, which is here.
 
In October 2016, the Central Bank fined KBC €1,400,000 and reprimanded it for breaches of the Code of Practice on Lending to Related Parties 2010 and the Code of Practice on Lending to Related Parties 2013. Details of the Enforcement Action can be found here.
 
2.       The Central Bank’s sanctioning powers were increased in 2013, pursuant to Section 68(b) of the Central Bank (Supervision and Enforcement) Act 2013. The maximum penalty which the Central Bank may now impose is €10,000,000, or an amount equal to 10% of the annual turnover of a regulated financial service provider, whichever is the greater.
 
3.       This is the Central Bank’s 139th settlement since 2006 under its Administrative Sanctions Procedure, bringing total fines imposed by the Central Bank to over €123m, which total includes the fine imposed against Springboard Mortgages in 2016 and Permanent TSB plc in 2019 in respect of breaches of its obligations to tracker mortgage customers. This settlement also marks the 32nd outcome in respect of Consumer Protection Code breaches.
 
4.       Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts. The penalties are not included in general Central Bank revenue.

5. The Consumer Protection Codes 2006 and 2012 are available on the Central Bank’s website www.centralbank.ie or to download here and here. The 2006 Code ceased to have effect on 31 December 2011 and the 2012 Code came into effect on 1 January 2012. 

6.       The Tracker Mortgage Examination commenced in December 2015. The Examination required all lenders to review their loan book to ensure compliance with both regulatory and contractual requirements in relation to tracker mortgages. Where impacted customer accounts are identified, the Central Bank expects that those customers will receive redress and compensation commensurate with the detriment suffered and to have their account balance adjusted accordingly. Information on the Examination is available on the Central Bank’s website www.centralbank.ie or to download here.
 
Further information:
Media Relations: [email protected] / 01 224 6299
Ewan Kelly: [email protected] / 086 463 9652


[1] The Central Bank’s ‘Outline of the Administrative Sanctions Procedure’ provides for an early settlement discount of up to 30% in order to promote early resolution of matters, which in turn leads to better utilisation of the resources of the Central Bank. 

[2] All fines collected by the Central Bank are returned to the Exchequer.

[3] The Financial Regulator was re-unified with the Central Bank on 1 October 2010.

Access White Paper Here

In the not too distant past, senior management within financial institutions may have regarded failure to comply with anti-money laundering (AML) requirements as low impact. The 2007/8 financial crisis as well as subsequent scandals in financial services have shown the error of this approach. When it comes to AML, the current COVID-19 crisis may pose an evolving and unpredictable threat. To avoid a repetition of the previous mistakes, financial institutions must now put into practice lessons learned from the past; the most urgent one in my book, is that institutions should be adopting a culture of compliance with a ‘live and breathe’ approach to regulatory requirements.
 
In a recent article in the Economist, Jürgen Stock, secretary-general of Interpol, was quoted as saying that COVID-19 may create the ideal conditions for the spread of serious, organised crime. Moreover, Mr. Stock believes that the immanent global economic depression will offer these criminals a chance to extend their reach deep into the legitimate economy. As COVID-19 motivates criminals to evolve their operations, those responsible for stanching the flow of ill-gotten gains into the legitimate economy must stay one step ahead; and this includes financial institutions with their AML obligations.
 
I recently published a white paper on the lessons to be learned from the last financial crisis. For those interested in how a culture of compliance can address complex misconduct relating to AML, this paper is well worth a read. Through reviewing a number of high-profile case studies, I come to the conclusion that at the heart of many AML failures is an institutional culture that treats AML training and procedures as merely means to meet regulatory requirements. The case studies show that these banks failed to ‘live and breathe’ regulatory requirements and that the institutional culture prioritised compliance as merely a tick the box exercise, thereby failing to communicate to employees the priority of compliance and the flexibility of decision making and behaviour that may be necessary to fulfil their AML requirements.
 
Culture is a complex issue. For those interested in how RegTech can enable an examination of institutional culture, through diagnostic tools, the white paper is a must read. In the paper, I explore how The Mizen Group, a RegTech firm based in New York, has developed a suite of tools to help boards and their compliance officers assess the extent to which their institution demonstrates the characteristics of an organisation with a strong compliance culture.
 
The financial crime threats posed by COVID-19 mean that now is the time to commit to a culture of compliance from the ground up. Launderers and criminals are capitalising on the chaos created in the wake of the pandemic and are seeking ways to out-manoeuvre the financial institutions who are generally playing catchup. In response, board of directors and executive management need to be proactive and flexible in their thinking and develop a ‘live and breathe compliance’ mentality.  This will only occur in a healthy compliance culture, wherein employees are empowered to internalise the importance of complying for the right reasons. The first step towards the goal of a healthy compliance culture might be employing tools like Mizen’s innovative culture diagnostics to assess their institutions’ cultural strengths and weaknesses. 

Feel free to contact the RegTech experts at The Mizen Group for further information.

Access White Paper Here

This blog also appears at Peter Oakes' blog