Anti-money laundering: risk of failing to apply own policies
A recent money laundering dispute has shed light on how the Management Committee of the National Bank of Belgium (NBB) interprets certain provisions of Belgian anti-money laundering laws concerning business relations with Politically Exposed Persons (PEPs). In a recent out-of-court settlement1, the NBB, as prudential supervisor, assessed the behaviour of a Belgian bank in this context. The ruling is a reminder that a financial institution must take a proactive approach to anti-money laundering both by installing internal procedures and ensuring compliance with them.
Mr A, a non-Belgian resident, had several accounts with Belgian Bank X. From the start of the relationship, in 2004, Mr A had been a politically exposed person (PEP). However, this fact had only been detected and uploaded onto the bank’s system in October 2013 and only triggered an increase in the client’s risk profile in 2014.
Over the years, Mr A had deposited large sums of cash into his bank accounts. He had also received two international money transfers (from a company incorporated in the Seychelles, which used an account held with a bank in Mauritius, and through Western Union Retail Services).
Regulatory background – AML rules
The settlement discusses the application of the requirements under the Belgian money laundering prevention law of 11 January 1993 (as amended by the law of 18 October 2010, the Money Laundering Prevention Law)2:
Financial institutions must implement appropriate procedures to detect PEPs and apply appropriate enhanced customer due diligence measures with respect to persons who are or who have been entrusted with prominent public functions.
Financial institutions must conduct enhanced on-going monitoring of the business relations with PEPs and the transactions executed by them.
Financial institutions must install a first line and a second line monitoring process in order to detect atypical transactions and generate suspicious transaction reports and investigation by the central money laundering reporting officer (MLRO).
The first line monitoring process engages employees of the credit institution who have direct contact with clients. Such employees must actively monitor transactions and file a report of atypical transactions with the MLRO.
The second line monitoring process involves an obligation to install automated supervision systems which trigger automatic alerts to the MLRO when atypical transactions take place. Atypical transactions are transactions which are particularly sensitive to money laundering or terrorism financing by reason of: (i) their nature; (ii) the capacity of the persons involved; (iii) the unusual nature of the transactions in light of the activities, profession or risk profile of the client; or (iv) the origin of the money.
Financial institutions must promptly inform the national Financial Intelligence Unit in Belgium (CFI-CTIF) when they know, suspect or have reasonable grounds to suspect that a contemplated transaction is related to money laundering or the financing of terrorism.
Procedures not adequate or suitable
The NBB found that, after the entry into force of the Money Laundering Prevention Law, the bank had not introduced adequate and suitable procedures to determine whether an existing or new client or its beneficial owner was a PEP. The bank had failed to establish a system to identify PEPs in its existing client database. The bank had simply regarded the detection of PEPs as a part of its vigilance duties, without any additional measures to be taken.
The bank had also not complied with obligations under the Money Laundering Prevention Law to monitor, on an on-going basis, the PEP status of a client. The NBB observed that no status check had been performed on Mr A since 2007.
Internal monitoring failed
Internal email communication in December 2011 showed that the bank became aware that Mr A was a PEP and carried a higher AML risk. At the time, an employee had requested documents to determine the origin of the funds but had not taken any further action. The NBB found that this first line monitoring process had not performed well. Despite requesting documents, the employee had not acted on several indications which, according to the NBB, should have raised questions about the legitimacy of the transactions involved and thus caused the employee to act. These indications could, according to the NBB, be found in: (i) the quantity and amount of the cash transfers; (ii) the “high risk” status of the country of origin of the transfers to a PEP; (iii) the lack of clear business motivation for the transfers; and (iv) the lack of evidence of the legitimate origins of the transfers in the documents received from Mr A (which should have raised suspicions of corruption).
The second line monitoring process had also not performed well, as the transactions had triggered several alerts in the automated monitoring systems, which had not been investigated by the MLRO when triggered, but only afterwards in the framework of another investigation. This was so, even though the central AML-Unit had been informed of the higher risk posed by Mr A.
Risk-based procedures also failed
The NBB found that by not investigating these alerts immediately, the bank had not acted in accordance with its own internal “prioritising” procedures, which ranked alerts on the basis of certain risk criteria, such as the risk profile of the country of domicile of the client or the incoming transfers.
Notification to authorities far too late
The CFI-CTIF was only notified three years after the deposits of large sums and the international money transfers into the account of Mr A and almost two years after the internal email communication referred to above. The NBB concluded that the CFI-CTIF should have been informed immediately upon the bank having reasonable grounds to suspect that the transactions were related to money laundering or the financing of terrorism.
This settlement indicates that having adequate AML procedures is required, though only half the battle. Financial institutions must also ensure that employees comply with those procedures, and that the procedures are reviewed if the legal/regulatory regime changes. There were clear failings in this case at a number of levels.
This article is part of the European Finance Litigation Review, a quarterly publication on recent developments in the finance litigation and regulatory sector in key European jurisdictions. For more information please contact Amy Edwards firstname.lastname@example.org.
1. The settlement was published (in Dutch only) on www.nbb.be/doc/cp/nl/2016/20160830_minnelijke_schikking.pdf
2. More details on the views of the regulator with regard to banks’ AML obligations can be found in the AML rulebook dated 23 February 2010 (available in French and Dutch on http://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=nl&la=N&table_name=wet&cn=2010022304); and the AML circular dated 6 April 2010 (available in French and Dutch on https://www.nbb.be/en/articles/circulaire-cbfa201009-devoirs-de-vigilance-legard-de-la-clientele-la-prevention-de)