Malta’s largest bank, the partly Government-owned Bank of Valletta, has been handed a €2.6 million fine by Malta’s Financial Intelligence Analysis Unit (FIAU) after being found to have no or incomplete information on 2,442 corporate customers.
The FIAU found that “BOV was essentially unaware whom it was ultimately servicing”.
It found that BOV had not determined the beneficial ownership of a number of corporate customers.
It also transpired that the Bank had obtained basic identification details of the individuals having the beneficial ownership of a number of corporate customers through a bulk exercise carried out in June 2021 from the Beneficial Ownership Register maintained by the Malta Business Registry (MBR), prior to which BOV did not determine the beneficial owners of such customers and carry out the necessary measures itself.
The 2,442 corporate customers consisted of 1,298 corporate customers for which BOV had obtained beneficial ownership information from the MBR and prior to which (i.e., before June 2021), the Bank had either held no beneficial ownership information or had only incomplete beneficial ownership information.
These 1,298 corporate customers were made up of 259 corporate customers for which the Bank had held no beneficial ownership information and 1,039 corporate customers for which the Bank had failed to determine additional individuals having the beneficial ownership of said customers, either at onboarding stage or else through the performance of periodic/event driven reviews.
There were another 1,144 corporate customers for which BOV had no beneficial ownership information. This amount consisted of 492 corporate customers the status of which at the time of the review was indicated as struck off, in dissolution or inactive on the MBR, 556 corporate customers requiring a review of the customer due diligence information and documentation held, some of which included entities with a corporate structure that included foreign companies, and 96 corporate customers classified as law firms.
The FIAU expressed its concerns at the bank’s failures and commented that the obligation to understand who the individual(s) behind a corporate customer is, is considered as one of the most basic and essential steps of customer due diligence.
Without such information, the FIAU said, BOV was essentially unaware whom it was ultimately servicing.
Consequently, such default negatively impacted BOV’s ability to form a comprehensive understanding of its corporate customer and hindered the Bank from adequately conducting other AML/CFT obligations, such as the performance of a thorough customer risk assessment, the screening of its customers’ beneficial owners and the application of the necessary corresponding mitigating measures.
The FIAU also noted that the failure to link an individual with a corporate customer essentially meant that the Bank had failed to understand who the owner of the corporate customer was.
The fact that BOV knew the individual(s) behind the corporate customer (through a different relationship with the individuals) but did not make such a link, added little, if any, value for the Bank since it was still unable to make a connection between the parties, and to therefore have a comprehensive understanding of the corporate customer and its risks, it said.
The FIAU also considered the fact that the Bank had relied on MBR data for the purpose of determining and establishing the identity of the beneficial owners of 1,298 corporate customers, rather than initially carrying out its own independent checks.
Furthermore, the FIAU also noted that the Bank had performed this exercise in June 2021, before which it therefore had not determined and identified such beneficial owners and, in the absence of which, it would have remained without any beneficial ownership identification information or otherwise with incomplete beneficial ownership information.
In view of the seriousness of the failures identified, the FIAU determined that the imposition of an administrative penalty was warranted.
In arriving at the total amount of the administrative penalty to impose, the FIAU, in addition to the specific considerations outlined above, also took into consideration the size of the Bank’s operations and its activities. The FIAU further considered the importance and seriousness of the obligation breached. The FIAU also considered that the Bank was at all times collaborative with investigators and was transparent in its explanations of the shortcomings identified.
The FIAU also took into consideration that the Bank is investing heavily in an AML/CFT Transformation Programme (2020-2021) aimed at enhancing its policies, procedures, and measures in effectively combatting ML/FT risks, including a review and update of past customer due diligence.
BOV has also been meeting with FIAU officials on a periodic basis to update the FIAU on the development of the AML/CFT Transformation Programme. While the AML/CFT Transformation Programme is still ongoing, the FIAU has observed commitment by the Bank in safeguarding its operations from ML/FT risks. As part of the AML/CFT Transformation Programme, the Committee has requested the Bank to take concrete action to ensure that it performs all the necessary checks to ascertain the beneficial ownerships of all its corporate customers.
The Committee also noted that the Bank has now updated the beneficial ownership information on CBAR.
Consequently, the Committee concluded that the penalty of €2,636,400 is warranted for BOV’s failure to determine the beneficial ownership or otherwise having incomplete information on the beneficial ownership of 2,442 corporate customers in contravention of Regulation 7(1)(b) of the PMLFTR.
Main Image: