Statement on inspection in Rønde Sparekasse (money laundering area)
In November 2019, the Danish Financial Supervisory Authority inspected Rønde Sparekasse. The inspection was an investigation of the money laundering area as part of the ongoing supervision of the company. The inspection included the company’s risk assessment, policies, procedures and internal controls as well as customer due diligence procedures, including monitoring of private and corporate customers.
Risk assessment and summary
Sparekassen is a locally based bank whose primary market area is Central Jutland. Sparekassen has a traditional business model with simple deposit and lending products, including uncomplicated financial products within the banking, investment, pension and insurance areas. Sparekassen’s distribution between private and business customers, respectively, is 75% private customers and 25% business customers. The business customers are mainly small and medium-sized companies with simple structures. At the end of 2019, Sparekassen had a total lending of DKK 346.9 million. DKK and approx. 20 full-time employees.
Sparekassen has stated that, as a starting point, it only admits customers in Central Jutland, and that up to 90% of Sparekassen’s customers live in the area. The remaining customers are customers with close relations to the savings bank, e.g. an existing customer’s adult child who has moved away from the immediate area but who has or wants an account.
Sparekassen states that up to 90% of the customers are legitimized by physical attendance, and that only a few customers with close relationships with the savings bank are legitimized without physical attendance.
The Danish Financial Supervisory Authority assesses that Sparekassen’s inherent risk of being used for money laundering or terrorist financing is normal to high assessed in relation to the average of financial companies in Denmark. In the assessment, special emphasis is placed on the savings bank offering a number of financial products to both private customers and business customers. However, Sparekassen limits its business to simple financial products and is primarily based in its local area with customers who primarily reside in Denmark.
On the basis of the inspection, a number of areas have given rise to supervisory reactions.
The Danish FSA found that the money launderer and the compliance officer were appointed in the summer of 2019. However, the Danish FSA was able to establish that the director is so-called professionally responsible and approves business procedures, prepares the internal control set-up and makes notifications, which must be handled by the money launderer. Sparekassen is instructed to ensure that it is the money launderer who performs the function as money launderer, and meets the requirements that the Money Laundering Act imposes on the money launderer, including approval of Sparekassen’s policies, business procedures and controls.
The Danish FSA found that Sparekassen’s risk assessment does not sufficiently include an identification and assessment of the inherent risk that Sparekassen may be used for money laundering and terrorist financing. Below, the risk assessment is not substantiated with relevant information, and it is not based on the national and supranational risk assessments. On this basis, Sparekassen is ordered that the risk assessment be revised accordingly.
Sparekassen is ordered to ensure that Sparekassen’s policy in the money laundering area is based on Sparekassen’s risk assessment prepared in accordance with section 7 (1). 1 of the Money Laundering Act, sets out the Savings Bank’s overall strategic objectives in the area of money laundering, including how the Savings Bank responds to new risks, and contains the principled decisions on how the Savings Bank should be arranged to meet the risks of money laundering and terrorist financing.
Sparekassen is instructed to adjust its business procedures so that these include a business procedure for screening employees prior to employment, that in the notification procedure for notifications a distinction is made between money laundering and terrorist financing, and that the business procedure for internal control states how Sparekassen with appropriate frequency will carry out internal controls that ensure that the Savings Bank effectively prevents, limits and manages the risk of money laundering and terrorist financing.
Sparekassen is instructed to ensure that Sparekassen’s internal controls are sufficiently effective and that there is documentation of Sparekassen’s performed internal controls.
Sparekassen is ordered to ensure that Sparekassen has identity information on all Sparekassen’s business customers, including that legal persons obtain information about real owners in order to ensure sufficient knowledge of the customers, and that information is obtained about the intended nature of the customer relationship, and is made a concrete risk assessment of each customer on the basis of this, and that this can be proven to the Danish Financial Supervisory Authority.
Sparekassen is instructed to ensure that Sparekassen carries out the necessary monitoring of established business relationships with Sparekassen’s customers, including that information about the customer is continuously updated. Likewise, Sparekassen must ensure that Sparekassen’s business process for monitoring customers and customer transactions sufficiently meets the requirements for monitoring and updating and is operational for Sparekassen’s employees. This should ensure that it is clear who is to update information on the customer, what information is to be updated and when the update is to be made.