Updated 4.30pm with bank's statement

BNF Bank has been slapped with a €190,000 fine and reprimanded by the FIAU for administrative shortcomings related to its anti-money laundering requirements.

The failings were identified during an FIAU inspection held in 2020 and ranged from the bank breaching its own risk assessment policies to “genuine mistakes” in record keeping.

BNF can choose to appeal the €189,274 fine in court.

In one instance dating back to 2014, the bank allowed a customer to withdraw a total of €4 million in one year, without requiring enough information about the purpose of the large withdrawals.

FIAU inspectors also noted that BNF had not flagged 19 large transfers ranging from €50,000 to €1 million without requiring additional information about them.

FIAU inspectors found that the bank was taking on customers without carrying out a customer risk assessment at the onboarding stage, in violation of its own policies and leading to a “systemic” breach of its legal obligations.

Furthermore, inspectors noted that the bank’s system of assigning a risk rating to customers was “inadequate” as it only took a few risk factors into consideration. BNF has since revised that system, the FIAU report noted.

The bank was also tardy in carrying out business risk assessments and only drafted such a document one year after the legal requirement to carry out such assessments came into place. That failing earned itself a reprimand from the FIAU.

The FIAU questioned the bank’s system of having bank employees manually flag suspicious transactions each week. The system yielded just 16 such reports in 2019 – a number that the FIAU considered to be too low considering BNF’s size.

BNF has since revised that manual process and shifted to an automated transaction monitoring system, hired a data analyst to extract such data and provided specialised training to staff. The FIAU acknowledged those changes and commended the bank for what it termed “such a pro-active approach”.

Apart from fining the bank and reprimanding it for its failure to carry out business risk assessments for a year after it was required to, the FIAU also instructed it to revamp its customer risk assessment methodology, to provide a detailed timeline about its work to update expired customer files, and to explain its new transaction monitoring system in detail.

Bank reacts

In a statement, the bank said most of the findings "happened in or around 2015".

On acquisition by the current majority shareholder, the bank embarked on a thorough and proactive review of all its processes and controls specifically around its AML and CFT obligations, it said.

"This has been viewed very positively by the FIAU in its publication issued on Friday. The bank is committed to continuing to work with all regulators in Malta in striving to further enhance the high standards to which it holds itself."


Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support Us