Intesa Sanpaolo was fined for the following deficiencies in their AML program:
Risk assessment: assessment of money laundering/terrorist financing (‘ML/TF’) risks specific to its business.
Customer due diligence: policies and procedures for conduct of enhanced customer due diligence (‘ECDD’) on customers who were politically exposed persons (‘PEPs’).
Suspicious transaction reports: procedures for reporting suspicious transactions to An Garda Síochána and the Revenue Commissioners without delay.
AML/CFT policies and procedures: incorporation of a mechanism for regular review.
Interestingly enough, the investigation started in 2014 when Intesa notified the Central Bank that an independent third party had found its program deficient.
Some of the deficiencies found:
Until June 2011, the Firm had not completed an assessment of its ML/TF risk. Furthermore, between June 2011 and April 2014, the Firm’s purported assessments were inadequate as they failed to identify and assess the ML/TF risks relevant to the Firm by reference to the appropriate risk categories (such as country/geographic risk, customer risk, industry risk, product risk and channel/distribution risk).
The CJA 2010 specifies that ECDD is required in respect of non-resident PEPs. The Central Bank identified the following failings in relation to Intesa’s policies and procedures, under Section 54 of the CJA 2010, for ECDD on PEPs:
The application form for new customers incorrectly excluded PEP customers resident in Italy and Slovakia from Intesa’s requirement to self-identify as PEPs for the purpose of Irish AML/CFT laws.
Intesa failed to adopt policies and procedures that required senior management approval of PEP customer relationships.
Intesa failed to incorporate a review mechanism in its policies and procedures. Consequently, the Firm did not review its AML Policies in February 2012 when the Department of Finance published core guidelines on the CJA 2010 for the financial services industry or, in September 2012, on publication of industry guidance for the life assurance sector. It commenced a review in November 2013 of its AML Policies following the enactment of the Criminal Justice Act 2013 (which amended the CJA 2010) A review mechanism was incorporated into the AML Policies in April 2015.
And these are the factors that the Central Bank considered in meting out its penalty:
The seriousness with which the conduct is viewed, particularly given Intesa’s status as Ireland’s largest insurer operating on a cross border basis and the increased risk of exposure to PEPs.
The extended period of time over which the breaches occurred.
The need to impose an effective and dissuasive sanction on regulated entities.
The co-operation of Intesa during the investigation and in settling at an early stage in the
Central Bank’s Administrative Sanctions Procedure.