Statement of Inspection in Basisbank A / S (Money Laundering)
Finanstilsynet was in September 2018 on inspection in Basisbank A / S.
The inspection was a study of the white-water area as part of the ongoing supervision of the bank. The inspection included the Bank’s risk assessment, policies, procedures and internal controls as well as customer recognition procedures, including monitoring of private customers and corporate customers.
Risk assessment and summary
The bank offers consumer loans to private customers through the bank’s website and through various partners such as retailers and loan portals. In addition, the bank offers simple banking services such as salary accounts, pension accounts, childcare savings, simple savings products, payment solutions, debit cards and deposit accounts. In relation to the latter, the bank states that it does not provide advice and that customers can only buy Danish shares.
The bank is internet-based, has no branches and is only present in the Danish market. The bank does not receive cash funds, does not exchange currency and has closed for access by corporate customers. The very few business loans the bank has, it is working on settling.
Finanstilsynet estimates that the bank’s inherent risk of being abused for money laundering or terrorist financing is normal to high in comparison to the average of financial companies in Denmark. In the assessment, Finanstilsynet has emphasized that even though the bank offers only simple financial products and primarily has private customers resident in Denmark, the bank’s customer portfolio consists exclusively of distance customers and the bank offers a variety of financial products.
Based on the inspection, there are a number of areas that give rise to supervisory responses.
Finanstilsynet found that the Bank’s risk assessment did not adequately identify and assess the inherent risk that the company could be misused for money laundering or terrorist financing. In particular, the bank lacks its reliance on the risk that it may be misused for the financing of terrorism. The bank is therefore required to revise its risk assessment.
The bank is ordered to draft a money laundering policy, as the Bank has not done so so far and thus has not set the limits for the bank’s risk tolerance or the overall strategic goals for the prevention of money laundering and terrorist financing for the company’s identified risks.
The bank is instructed to review its procedures so that they are updated in relation to and in accordance with the current money laundering law, and then they are based on the Bank’s business and reflect the actual workings of the bank.
The bank is ordered to ensure that customers who take up consumer credit over the internet carry out sufficient customer recognition procedures. For these customers, the bank only uses NemID to check the customer’s identity information. The scope of the customer relationship may, based on an assessment of the nature of the products and services offered, in relation to distance customers, not constitute a limited risk. The Money Laundering Act therefore requires additional actions for the bank’s control of customer identity.
Finally, the bank receives a petition for not having stored a copy of credentials submitted before the beginning of September 2018 in cases where loans are made to customers through dealers.