Ignorance is not always bliss; a criminal investigation into ING Bank N.V
Compliance has always been important, but it is only in recent years that its significance has been highlighted. The emphasis has shifted from primarily being on legal interpretations to various areas that require active measures to be taken as a result of new laws and regulations. However, compliance is not always the number one priority for corporate entities. There have been some instances where a bank, considered to be a gatekeeper of the financial sector, violated the law by not fulfilling its supervisory responsibilities. In this article we will dive into the shortcomings of ING Bank N.V, hereinafter ING Bank, which led to a criminal investigation and what we can learn from their mistakes.
First some background information: In 2008 the anti-money laundering and counter the financing of terrorism act (Dutch AML Act) was introduced in execution of the 3rd Anti-Money Laundering Directive (AMLD) set by the European Union. The main objective of the Dutch AML Act, as its name states, is to combat money laundering and the financing of terrorism. Among the entities subject to this act are banks, and therefore places an obligation on ING Bank to be compliant with this act.
One of the most important tools to combat money laundering and terrorist financing is conducting Customer Due Diligence (CDD). CDD consists of multiple steps with its main objective to establish who the customers are and if their transactions are in line with the information on record for each respective customer.
Now back to the essence of this article; ING Bank and its shortcomings. Between 2010 and 2016 there have been several criminal proceedings in which the suspect or suspected entity in the case held one or more accounts with ING Bank, which led to a suspicion that ING Bank was in violation of the Dutch AML Act. On 16 February 2016 the Fiscal Information and Investigation Service (FIOD) started a criminal investigation into ING Bank under the name ‘Houston’.
The investigation uncovered a significant number of CDD related shortcomings. Even though the ING Bank had an effective CDD policy on paper, the implementation thereof was less than desirable.
Absence of complete CDD files, incorrect risk classifications and insufficient functioning of the transaction monitoring system are a few examples of these shortcomings. All shortcomings combined led to a wide gap which exposed ING Bank to the risk of money laundering manifesting itself.
ING Bank ultimately settled their case outside of the court by agreeing to pay a €775 million settlement, a hefty price to pay for not conducting proper CDD.
Interestingly enough, ING Bank was not the only bank which failed to fulfill its supervisory duties; ABN AMRO was also criminally prosecuted in 2021, settling for €480 million. Next in line may be Rabobank, as the Public Prosecution Service has commenced a criminal investigation into them on the suspicion of inadequate compliance.
Inadequate compliance seems to be a challenge for many banks. One would assume that large corporations such as banks, being the gatekeepers of our economy, would have their compliance in order, however the opposite holds to be true. Large corporations, even banks, in most instances prioritize business over compliance which leads to violation of the law. From the outset compliance can be quite expensive indeed, however, looking at the enormous size of the settlements, non-compliance proves to be even more costly.
What can we learn from this? Compliance has to be a priority and the compliance framework of obliged entities should constantly be monitored and updated accordingly. Ignorance is no longer an excuse for inadequate compliance.