The fine was 3,150,000 EUR for the following AML program failures:
For the year 2012, the Firm’s risk assessment was inadequate as the risk rating for certain categories of customers, products and channels was not included in every instance although that information was identified as necessary for the evaluation of risk for those categories. Furthermore, for the years 2012 and 2013, BOI did not address geographical and sectoral risks in its risk assessments.
The Central Bank identified a number of failures in BOI’s policies and procedures, under Section 54 of the CJA 2010, for the reporting of suspicious transactions:
- BOI failed to have adequate checking processes for internal escalation and submission of suspicious transaction reports in circumstances where BOI’s group internal audit function indicated such deficiencies.
- BOI failed to ensure that relevant senior management received adequate management information on the volume and duration of alerts awaiting investigation.
In addition and significantly, BOI failed to report six suspicious transactions to An Garda Síochána and the Revenue Commissioners as soon as practicable, as required by Section 42 of the CJA 2010.
- BOI failed to document the respective AML/CFT responsibilities with one correspondent banking party when providing banking services to one non-EU bank, as required by Section 38(1)(e).
- BOI failed to adopt policies and procedures, under Section 54 of the CJA 2010, to ensure that enhanced CDD would be applied to correspondent banking relationships with non-EU banks.
- BOI failed in its procedures to document the inherent ML/TF risks specific to the trade finance business (including identifying potentially suspicious activity i.e. ‘trade finance red flags’) and the specific operational controls to mitigate and monitor those risks.
- BOI failed to provide sufficient specific training on suspicious activities relevant to the trade finance business.
- BOI provided banking services to one non-resident PEP customer without applying the enhanced CDD measures, set out in Section 37(4)(b) of the CJA 2010, which required BOI to determine the customer’s source of funds (‘SOF’) and source of wealth (‘SOW’).
- BOI failed to adopt policies and procedures, under Section 54 of the CJA 2010, to ensure that information and supporting documents in respect of SOF and SOW were routinely: (i) requested from new non-resident PEP customers, and (ii) monitored when such customers were periodically reviewed.
- BOI failed to adopt policies and procedures, under Section 54 of the CJA 2010, to have in place robust controls to ensure any exceptions to the standard CDD process were fully documented.
- BOI failed to adopt procedures, under Section 54 of the CJA 2010, to comply with Section 33(8) of the CJA 2010 where customers had not provided the required CDD information or documentation.
- The Central Bank identified that BOI failed to satisfy the conditions set out in Section 40(4) by relying on a third party to conduct CDD for 178 corporate customers where BOI’s contractual arrangements did not satisfy the conditions set out in Section 40(4) of the CJA 2010.
The amount of the fine was determined based on the following factors:
- In deciding the appropriate penalty to impose, the Central Bank considered the following matters:
- The seriousness with which the conduct is viewed, particularly given BOI’s central role in the financial services system and the high risk nature of retail banking business in terms of ML/TF.
- The extended period of time over which the breaches occurred, spanning the period from 15 July 2010 to 18 December 2015.
- The co-operation of BOI during the investigation and in settling at an early stage in the Central Bank’s Administrative Sanctions Procedure.
- The actions taken by BOI to remediate the breaches.