The Central Bank of Ireland has fined Intesa Sanpaolo €1,000,000 and reprimanded it for four breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act, 2010 (the ‘CJA 2010’). Intesa admits the four breaches.
The Central Bank’s enforcement investigation identified significant failures in Intesa’s controls, policies and procedures in respect of anti-money laundering and counter terrorist financing (‘AML/CFT’). The breaches occurred from the enactment of the CJA 2010 in July 2010 and continued on average for three years and eleven months. The breaches comprised of failures by Intesa relating to:
- Risk assessment: assessment of money laundering/terrorist financing (‘ML/TF’) risks specific to its business.
- Customer due diligence: policies and procedures for conduct of enhanced customer due diligence (‘ECDD’) on customers who were politically exposed persons (‘PEPs’).
- Suspicious transaction reports: procedures for reporting suspicious transactions to An Garda Síochána and the Revenue Commissioners without delay.
- AML/CFT policies and procedures: incorporation of a mechanism for regular review.
Head of Enforcement Investigations, Brenda O’Neill, said “The Central Bank has responsibility for monitoring and enforcing the compliance of life insurers based in Ireland with the CJA 2010. This includes insurers such as Intesa that ‘passport’ in order to operate in other EU member states on a freedom of services basis without establishing branches in those other member states. Identified weaknesses in Intesa’s AML/CFT framework prompted the Central Bank to take enforcement action.”
“This case, and the level of fine imposed, reinforces the requirement that firms in all sectors must adopt robust and effective policies and procedures to prevent and detect money laundering and terrorist financing. Furthermore, firms must ensure such policies and procedures are updated in a timely manner in response to changing legal and regulatory requirements, emerging risks and evolving business models. The fine also reflects the significant increase in penalties imposed for AML/CFT breaches in recent years.”
“It is critically important that firms undertake a considered and comprehensive ML/TF risk assessment. A firm’s risk assessment is the foundation of the AML/CFT framework, which informs the development of policies and procedures appropriate to the organisation. A risk assessment should address all relevant inherent and residual risk factors at the geographic, customer, product/service and distribution channel level in order to determine the firm’s unique risk profile and the appropriate mitigating controls. Intesa does not sell its life assurance products in Ireland, however, this case highlights that firms authorised in Ireland and ‘passporting’ into other European Union financial markets remain subject to Irish AML/CFT legislation. Where such firms utilise group AML/CFT policies, procedures and operational systems and controls, or place reliance on group AML/CFT functions, they must ensure these arrangements comply with Irish AML/CFT legal and regulatory requirements and effectively mitigate any risks highlighted in the firm’s own ML/TF risk assessment. “