Statement on inspection in Royal Exchange ApS (money laundering area)
In April 2021, the Danish Financial Supervisory Authority inspected Royal Exchange ApS. The inspection was an investigation of the money laundering area. The inspection included the company’s organization, risk assessment, policies, procedures and internal controls.
Risk assessment and summary
The company is an agent in Denmark in the payment service area and offers cash transfers abroad through the money transfer company Western Union Payment Services Ireland.
The Danish Financial Supervisory Authority assesses that the company’s inherent risk of being misused for money laundering or terrorist financing is highly assessed in relation to the average of financial companies in Denmark. In the assessment, the Danish Financial Supervisory Authority has placed special emphasis on the inherent risk associated with money transfer activities in general, that there may be large amounts involved in the transfers, and that money transfer activities in Denmark’s national risk assessment in the money laundering area are stated as an area with high risk of money laundering. and terrorist financing.
Following the inspection, a number of areas have given rise to supervisory reactions.
The company has been instructed to expand its risk assessment significantly so that it identifies and assesses the risk that the company can be used for money laundering and terrorist financing based on the company’s business model and includes an assessment of the risk factors associated with the company’s customers, products, services as well as transactions and delivery channels. In addition, the company must ensure that the risk assessment covers the company’s risk separately for money laundering and terrorist financing, and that the risk assessment is substantiated with relevant data and is based on the national and supranational risk assessments.
The company has also been instructed to significantly expand its policy in the area of money laundering, so that it is based on the company’s risk assessment, and sets the overall strategic goals in the area of money laundering, and contains the principal decisions on how the company should be organized. terrorism countered.
The company has been instructed to prepare written business procedures, which contain descriptions of the specific activities that the employees must perform. The business processes must include risk management, customer knowledge procedures, investigation, listing, notification and retention obligations, screening of employees and internal control.
The company has been instructed to ensure that the company documents the internal controls that are carried out with appropriate frequency to ensure that the company effectively prevents, limits and manages the risk of money laundering and terrorist financing.
The company has been ordered to ensure that the company carries out a risk assessment of the company’s customer relationships, so that customers are classified as risky on the basis of a concrete and documented assessment.
The company has been ordered to ensure that the company conducts stricter customer awareness procedures in the customer relationships where the company has assessed that there is an increased risk of money laundering and terrorist financing.
The company has been ordered to ensure that the company records and stores the results of investigations concerning suspicious transactions, and that this can be proven to the Danish Financial Supervisory Authority.
The company has been ordered to ensure that notification is made to the Money Laundering Secretariat in case of suspicion or when the company has reasonable grounds to suspect that a transaction, funds or activity has or has been linked to money laundering or terrorist financing.
Finally, the company has been instructed to ensure that the company keeps information obtained in connection with the customer knowledge procedure, including identity and verification information and a copy of presented identification documents, and that the company keeps documentation and registrations of transactions carried out as part of a business relationship, or a single transaction.