Analysis: Ulster Bank fined over anti-money-laundering breaches
Ulster Bank had ‘unacceptable weaknesses’ in its anti-money-laundering framework
Among Ulster Bank’s breaches was a failure to do money-laundering and terrorist-financing risk assessments for more than two years, says the Central bank. Photograph: iStock
Ulster Bank Ireland has been hit with a €3.3 million fine for breaches of anti-money-laundering and terrorist-financing regulations.
Regulators said the bank had admitted the breaches, which occurred over a six-year period, and said the incidents highlighted “significant failings” in the company’s procedures.
Under the Criminal Justice (Money-Laundering and Terrorist Financing) Act 2010, financial institutions must have adequate policies and procedures in place to prevent and detect the commission of money-laundering and terrorist financing.
The Central Bank said eight breaches of regulations were uncovered as part of its investigation, with risk assessment, governance and control of outsourcing of anti-money-laundering and terrorist-financing activities and customer due diligence all highlighted.
The bank outsources 25 anti-money-laundering and terrorist-financing activities to four entities within its Royal Bank of Scotland parent group. However, regulators said the bank failed to put in place an outsourcing policy for an 11-month period from July 2010 to June 2011, and also failed to have a service-level agreement in place for 19 out of the 25 outsourced activities, a situation that continued for an average of two years. The Central Bank said these failings exposed the bank to “unacceptable risk”.
Among the other breaches were a failure to conduct money-laundering and terrorist-financing risk assessments for more than two years, and failure to formally review documents and information it held on pre-1995 customers to see if it was required to carry out customer due diligence. It also provided new products to almost 65,000 pre-1995 customers without completing customer due diligence, despite the Central Bank saying it should have applied, and kept markers on, its system that indicated customers were exempt from due diligence.
Lack of training
Ulster Bank also failed to demonstrate it trained non-executive directors in the anti-money-laundering regulations until 2013 or in identifying suspicious transactions and activities until March 2014.
“Robust frameworks, systems and controls must be the cornerstone of credit and financial institutions’ compliance with anti-money-laundering legislation.
“Weaknesses in anti-money-laundering controls expose the Irish and global financial system to abuse and threaten to undermine its stability. In today’s global environment, the threat of money-laundering and terrorist financing requires credit and financial institutions operating in Ireland to rise to the challenge of managing and mitigating these risks,” said director of enforcement Derville Rowland.
“Ulster Bank Ireland’s breaches are especially concerning as they point to unacceptable weaknesses in key aspects of its anti-money-laundering framework, systems and controls over an extended period of time. As one of the largest retail banks in Ireland, Ulster Bank Ireland provides a gateway to the financial system for more than one million customers through its extensive network of branches, online and telephone banking. Therefore, it is imperative that it vigorously applies the highest levels of anti-money-laundering compliance in order to protect not only itself, but its customers and the wider financial system.”
The Central Bank said the fine reflected the seriousness and extended period of the breaches, along with the bank’s co-operation with the investigation, and the actions it took to address the issue.