Statement on payment service and money laundering inspection in Inpay A / S
In October 2020, the Danish Financial Supervisory Authority inspected Inpay A / S. The inspection was an investigation of the payment service and money laundering area. The inspection included management and organization of the company as well as the company’s organization in the money laundering area, the company’s policies, procedures and internal controls as well as customer due diligence procedures, including monitoring of customers.
Risk assessment and summary
Inpay A / S is a Danish payment institution headquartered in Copenhagen that is licensed under the Payments Act. The company offers cross-border online payments and money transfers for other companies and financial institutions.
The Danish Financial Supervisory Authority assesses that the company’s inherent risk of being used for money laundering or terrorist financing is highly assessed in relation to the average of financial companies in Denmark.
In the assessment, the Danish Financial Supervisory Authority has placed special emphasis on the company’s business model being to support cross-border payments, but where payment is made in a bank in one country and payment is made in a bank in another country without the two institutions making the payment between them. . In addition, the Danish Financial Supervisory Authority has emphasized in the assessment that the company primarily has distance customers, and that the company primarily has customers outside Denmark and in many cases outside the EU. The company’s business model means that the company’s customers often operate in industries that are usually considered high risk.
Based on the inspection, there are a number of areas that give rise to supervisory reactions.
The company is instructed to ensure that the board’s negotiation minutes reflect the discussions that took place at the meetings.
The company is instructed to ensure that the company has a procedure for separating functions in connection with the handling and prevention of conflicts of interest, including that it is determined when the management and employees are in a conflict of interest and that there is a procedure for , how they should react in that case.
The company is instructed to ensure that the company’s employees can make anonymous inquiries via the company’s whistleblower scheme, including making it clear to the company’s employees that inquiries via the scheme can be made anonymously.
The company is required to have operational, written business procedures in all significant areas of activity.
The company receives a risk information that the company’s document hierarchy entails a significantly increased risk for the company. The company should take the necessary measures to facilitate clarity and make it easier for employees to follow appropriate procedures and procedures.
The company is instructed to have effective procedures for identifying, managing, monitoring and reporting on the risks to which the company is or may be exposed, including establishing appropriate policies for what and how large risks the company can and will assume and follow up. on this.
The company is instructed to have adequate internal control procedures, including establishing operational procedures that make it clear how non-compliance with business procedures is followed up and who is responsible for this.
The company receives service information to assess whether the role of CEO can be combined with the role of money launderer if the company realizes the planned growth.
The company is instructed to revise its risk assessment in the money laundering area so that it is based on the company’s business model, and that on that basis it includes an assessment of the risk factors associated with the company’s customers, products, services and transactions as well as delivery channels and countries or geographical areas in which the business activities are carried out.
The company is instructed to ensure that the policy in the area of money laundering is based on the company’s risk assessment, and contains an identification and delimitation of how the company will manage and limit the risks in the area of money laundering that have been identified in the risk assessment.
The company is also instructed to ensure that the company investigates suspicious transactions, including that the results of these investigations are noted and stored, and that this can be proven to the Danish Financial Supervisory Authority.