By AML Intelligence Correspondent
A MALTESE bank has been fined €310,000 for a series of serious AML transgressions.
The island’s Financial Intelligence Analysis Unit (FIAU) ruled ECCM Bank did not have adequate business and customer risk assessment measures in place.
The FIAU has also demanded that the bank take remedial action to improve its AML controls. ECCM must review, on a risk-sensitive basis, the information and documentation it has on its current customers and obtain updated information on them as necessary.
Most of the bank’s customers were classified internally as being from moderate to low risk.
These risk ratings, the FIAU ruled did not reflect the actual AML risks posed, particularly – particularly when taking into account the complex corporate structures held by some of the bank’s clients.
The risk ratings did not consider all the risk factors and, therefore, could have resulted in a “distorted” understanding of the risks involved and in the incorrect application of internal controls.
ECCM’s monitoring of transactions had shortcomings, including a transaction of €100M which did not receive sufficient scrutiny.
Following the compliance review, the bank provided the FIAU with a copy of minutes indicating that the €100M was to be used for investments, the Times of Malta reports.
Besides noting that the minutes were only provided after its inspection, the FIAU said these minutes did not indicate where the €100M came from but simply outlined what it was going to be used for, the paper said.
It was also found:
- The bank also failed to carry out periodic reviews of the money-laundering risks posed by existing customers.
- ECCM was not collecting adequate and comprehensive information on the business activity of its customers.
- The bank relied on “generic” descriptions about the origins of certain clients’ funds. In one instance, a client’s source of funds was simply put down to “worldwide business activities”, without clearly indicating what the business activities consisted of.
While the agency conceded ECCM’s business model exposes it to fewer risks than other banks, the FIAU said the bank had an obligation to carry out a comprehensive business risk assessment in a timely manner.
The FIAU says its concern that ECCM was simply satisfied with knowing the flow of funds passing through it rather than obtaining the necessary information and documents to understand the source of these funds.
The FIAU said the bank must “substantially enhance” its transaction scrutiny measures to ensure that large, anomalous transactions are flagged, assessed and reviewed.
According to its website, ECCM Bank Plc was granted a banking licence in July 2014. It was bought from Raiffeisen Bank International AG the previous year.
Fines totalling €304,000 were issued to 67 entities that failed to reply to the FIAU or replied late. Another 52 written reprimands were issued.
The FIAU found that a total of 119 entities – ranging from gambling companies to independent professionals including lawyers – did not meet compliance requirements to provide the unit with information in a timely manner.
In 2020, the FIAU made over 31,000 requests for information to various entities, with the information being “indispensable” to aid investigations into financial crimes, both locally and internationally.
Requests for information sent by its intelligence section are “crucial and indispensable” for it to carry out its functions, the unit said.
Failure to reply to its requests, or late replies, not only results in the regulated entity falling foul of its requirements but also has a detrimental impact on the FIAU’s analytical function.
Share this on:
Follow us on: