Statement on inspection in Winleasing ApS (money laundering area)
In October 2020, the Danish Financial Supervisory Authority inspected Winleasing ApS. The inspection concerned the money laundering area and included the company’s risk assessment, policies, procedures and internal controls. In addition, the inspection included customer due diligence procedures, monitoring of private and business customers as well as the company’s investigation, listing, notification and storage obligations.
Risk assessment and summary
The company runs a leasing business and offers financial leasing of medium and large to both private and business customers.
The Danish Financial Supervisory Authority assesses that the company’s inherent risk of being used for money laundering or terrorist financing is normal to high assessed in relation to the average of financial companies in Denmark. In the assessment, the Danish Financial Supervisory Authority has placed special emphasis on the fact that leasing companies are generally considered to have an increased inherent risk of being used for money laundering and terrorist financing.
Based on the inspection, there are a number of areas that give rise to supervisory reactions.
The company is instructed to revise its risk assessment so that it is based on the company’s business model. The risk assessment must include an assessment of the risk factors associated with the company’s customers, products, services and transactions, as well as delivery channels. In addition, the company must ensure that the risk assessment covers the company’s risk separately for money laundering and terrorist financing and that the risk assessment is substantiated with relevant data. In doing so, it must be based on national and supranational risk assessments.
The company is instructed to revise its money laundering policy so that it is based on the company’s risk assessment when it has been audited, and sets the overall strategic goals in the area of money laundering and contains the principled decisions on how the company should be organized to counter the risks of money laundering and terrorist financing.
The company is instructed to ensure that it conducts a risk assessment of customer relationships. In this case, the company must determine whether the customer is a politically exposed person, so that the company can carry out a correct customer knowledge procedure.
The company is instructed to ensure that the company assesses and, where relevant, obtains information about the purpose and intended nature of the customer relationship.
The company is instructed to carry out stricter customer due diligence procedures in the customer relationships where the company has assessed that there is an increased risk of money laundering and terrorist financing. Where necessary, the company must obtain information on the origin of the funds.
The company is also instructed to ensure that the company investigates suspicious transactions and activities. Below, the company must record and store the results of these surveys.
The company is also instructed to ensure that it carries out the necessary monitoring of established business relationships with the company’s customers. This must be done in order for the company to assess whether the customers’ transactions are in accordance with the company’s knowledge of the customers. Below, the company’s information about customers must be continuously updated.
The company is also ordered to ensure that it notifies the Money Laundering Secretariat when the company suspects or has reasonable grounds to suspect that a transaction, funds or activity has or has been linked to money laundering or terrorist financing.
The company is instructed to ensure that the company carries out internal controls with appropriate frequency, which ensures that the company effectively prevents, limits and manages the risk of money laundering and terrorist financing, and that the company can document the checks carried out. In addition, the company must prepare written business procedures for how the company will carry out internal controls.
The company is ordered that the person responsible for money laundering must have sufficient knowledge of the company’s risk of money laundering and terrorist financing to be able to make decisions that may affect the company’s risk exposure. The company must also ensure that the money launderer approves the establishment and continuation of a business relationship with a politically exposed person or a close or close partner of a politically exposed person.
The company is instructed to ensure that the company’s employees, including the management, receive adequate training in the requirements of the Money Laundering Act, and that this can be documented to the Danish Financial Supervisory Authority.
The company also receives reprimands for lack of risk assessment and money laundering policy before May 2020.