The Financial Intelligence Analysis Unit (FIAU) has fined APS Bank €228,706 due to irregularities found during an offsite compliance review in November 2020 which found the credit institution in breach of anti-money laundering rules. The FIAU also imposed a follow-up directive on the bank, so that it may assess the implementation of the bank’s action plan to solve the issues identified.
APS Bank was established in 1910 and incorporated in 1970. It is 55.15 per cent owned by AROM Holding Limited (Archdiocese of Malta), 12.63 per cent owned by the Diocese of Gozo, and 33.22 per cent by the general public through the Malta Stock Exchange.
The compliance exam report revealed that the business risk assessment (BRA) of the bank was completed in the final quarter of 2019 and approved by its board of directors in the first quarter of 2020. The bank explained that the drafting process started during the first quarter of 2019, however throughout the year it was involved in implementing several internal changes in its departments, and as a result, its ability to finalise the BRA on time was impacted.
The bank emphasised that it maintained a conservative risk appetite and strict customer acceptance criteria.
Nevertheless, the FIAU said that the legal obligation to conduct a BRA was in place since 1st January 2018. While it acknowledged that the bank had a good understanding of its business operations and the risk it is exposed to, it did not compensate for the lack of a timely BRA.
The FIAU also noted shortcomings when it came to the bank’s customer risk assessment (CRA). The shortcomings were identified in both the bank’s former assessment methodology and also the new risk methodology which came into effect during the second quarter of 2020.
While the bank’s new methodology addressed several shortcomings identified in the former, the FIAU still noted some issues.
At the time of the compliance review, the majority of customers had not yet been assessed under the new risk methodology. As a result, the FIAU will assess its effectiveness during its follow-up. However, it was noted that for five customer files, the bank carried out the CRA only after the business relationship was established. Nevertheless, the FIAU acknowledged that the bank made a remediation plan to address this shortcoming.
When it came to customer due diligence, the FIAU’s review revealed numerous shortcomings in the bank’s procedures for gathering and evaluating the information on the customer’s business relationship intention. The bank failed to either collect the required information and documentation or did so inadequately.
In one of the examples, the FIAU noted that an account application form held on file before the compliance examination provided information regarding the customer’s employment and net remuneration. However, the net monthly remuneration of approximately €5,000 contrasted starkly with the estimated annual deposit of more than €5 million.
The FIAU reacted positively to the bank’s proactive rectification of most of the deficiencies which were found in this regard. However, it could not disregard that at the time of the compliance review, the bank’s process was insufficient.
The FIAU came across issues with the bank’s record keeping, which did not include a centralised management system. However, it was acknowledged that at the time of review, the bank was in a process of digitisation and that the bank was able to provide almost all documentation requested by the FIAU, except for two customer files.
Lastly, three shortcomings were highlighted in the bank’s ongoing monitoring activities.
The first monitoring shortcoming was the lack of adequate periodic reviews of customer files. It was noticed that documentation for verification purposes was at times found to be expired or not updated in good time.
The FIAU also noted a shortcoming in the process of transaction monitoring of the bank. While a new, robust transaction monitoring was implemented in 2021, the committee will review its effectiveness during the follow-up review. The FIAU asserted that this system should have been implemented much earlier, as it meant that the bank relied on manual monitoring for a long time, preventing effective monitoring of money laundering and financing of terrorism risks.
Under the previous system which was in place during the compliance exam, a number of post-transaction shortcomings were identified. The main issue was that post-transaction reports were not issued consistently due to a lack of capacity to do so. Furthermore, flagged transactions were not followed-up as expected.
One report showed that the bank failed to provide supporting documentation to substantiate the funds deposited by various customers, and as a result, it was found that explanations were generally generic. A transaction exceeding €19 million was explained with a note that said “bank’s online platform.”
The FIAU stressed the importance of having valid justifications to substantiate all transactions in post-transaction reports, and ensure that there is sufficient documentation, especially for transactions of significant value.
Nevertheless, the FIAU once again acknowledged the bank’s remediation action following the shortcomings identified. It also took into consideration the bank’s “APS Check-in” campaign, which encouraged its customers to update their data.
APS Bank’s reaction
APS bank acknowledged the directive and declared that it decided not to appeal. It took note of the findings, which were described as legacy matters.
CEO of APS bank, Marcel Cassar, commented, “We welcome the publication of the FIAU statement as it marks the closure of an examination that helped us further improve our risk and compliance management. Having taken the examination findings very seriously, we carried out remediation, invested in technology, robustly grew our financial crime compliance resources and scaled up training across the entire bank. Overall, we are positive that this process has continued to strengthen the bank’s governance, systems and compliance controls.”
The bank will also be holding a livestream to address the FIAU’s enforcement notice, on Friday 3rd February 2023.
Pensions expert Claire Falzon explains
Boosting heads in beds, does not correlate with an improvement in quality.
Government-backed Venture Capital Fund aimed to aid innovation