A financial services company called XNT Ltd. Has been fined an administrative penalty of €244,679, the FIAU has said.
There were a number of reasons listed as to why the penalty was issued.
The first dealt with customer due diligence.
Findings from the compliance review revealed that the company did not fulfil its obligations in relation to assessing and appropriately obtaining information on the purpose and intended nature of the business relationship. From the files reviewed, it was noted that information and/or documentation was at times either not collected or not adequately obtained.
In addition, some issues with policies and procedures were found. A committee noted that the company's policies and procedures did not address the requirement to screen customers for any adverse media and whether they are politically exposed persons or otherwise. "However, the committee observed that the main issues were in relation to the documented process rather than the policies and procedures adopted in practice. Although the committee agreed to pursue the finding as a breach in view of the documented deficiencies, the committee deemed the finding not to be of a serious nature, but one which lacks the adequate documentation of comprehensive policies and procedures."
Issues with the scrutiny of transactions were also highlighted. The FIAU said that the committee was informed that during the compliance review, the company was requested to provide information and documentation with respect to incoming and outgoing payments relating to the transactions of selected customer files. "In several files reviewed, no supporting documentation was obtained to support the transactions included in the sample."
In one file, it was noted that the customer received incoming payments amounting to approximately €40 million over a period of three years. "In total, four incoming transactions were reviewed with one of the transactions exceeding USD24 million. The company noted that the funds were transferred from an account held in the name of the customer from another institution located locally or in Europe. When supporting documentation in relation to these transactions was requested, the company only provided a confirmation letter (for some of the transactions) that the customer holds an account and a business relationship with said institutions. No further documentation was provided to substantiate the inbound transactions and to establish how the funds were generated. The company failed to adequately enquire and subsequently establish the source of funds and how these were ultimately accumulated."
The FIAU then also highlighted issues with the Money Laundering Reporting Officer (MLRO). "Through a number of interviews carried out with the MLRO during the compliance review, the committee noted that it was evident that the MLRO did not possess sufficient knowledge in relation to the company's AML/CFT regime. From these interviews it resulted that the MLRO lacked the requisite expertise and knowledge of the sector. Even though the MLRO was generally cooperative with the officials' requests during the supervisory review, the MLRO displayed a lack of understanding of the company's policies and controls. The committee was advised that although the supervisory officials acknowledged that the MLRO was aware of the obligations and requirements relating to the MLRO function, it was challenging for the MLRO to demonstrate to the supervisory officials his exposure to the local regulations emanating from the PMLFTR and the IPs."
In addition to the penalty, the FIAU also served XNT Limited with a Follow-up Directive to ensure that the full remediation of its shortcomings is carried out and that the implementation is monitored by the Enforcement Section of the FIAU as part of a follow up process. The committee also directed XNT Limited to forward the necessary and relevant documentation to the Enforcement Section to be able to assess the enhancements, if any, already carried out by the company. The company has also been requested to submit a copy of its updated policies and procedures in relation to obtaining information on the purpose and intended nature of the relationship, updated policies and procedures in relation to customer screening for PEPs and adverse media, the implementation of an effective transaction monitoring system as well as a remedial action to address the breach in relation to the company's MLRO.
When reaching its decision, the committee also considered that the company was generally cooperative during the carrying out of the compliance review process, as well as in providing representations in reply to the Report.