Pilatus Bank: FIAU breached antimoney laundering directive - EBA
● ‘General and systematic shortcomings’ found
The European Banking Authority (EBA) has concluded that the Financial Intelligence Analysis Unit (FIAU) has breached antimoney laundering rules. It has also found “general and systematic shortcomings” in the application of anti-money laundering directives.
The EBA investigated the FIAU’s handling of Pilatus Bank and published the findings and recommendations yesterday.
The bank has been mired in controversy and named in several leaked FIAU reports. It was allegedly used to transfer kickbacks into PEP accounts. A former employee, Maria Efimova, had claimed that Panamanian company Egrant belonged to Michelle Muscat, the prime minister’s wife, a claim the Muscats vehemently deny.
The bank was licensed by the Malta Financial Services Authority (MFSA) in 2014. Both the MFSA and the FIAU carried out on-site inspections, with the latter initially saying that there were serious breaches of AML/CFT requirements. After a follow-up visit, the FIAU had said that the issues raised previously had now been closed.
The EBA conducted a preliminary enquiry, including an onsite visit to the Maltese competent authorities. The enquiry focused on the extent to
which the FIAU’s approach to AML/CFT supervision and enforcement in relation to Pilatus Bank has been effective and in line with EU law.
On 23 May 2018, the EBA opened a Breach of Union Law investigation on the basis that the FIAU appeared to have failed to apply Union law or had applied it in a way which appeared to breach Union law.
The findings
In its findings, the EBA said that the FIAU does not have sufficient records of the specific files and documents examined during the first on-site visit to make it possible to identify which customer files were examined and which due diligence documentation was available or not available at the time. This lack of records contributed to the FIAU’s inability to defend itself against the institution’s challenges.
Discussions during Compliance Monitoring Committee Meetings, the FIAU’s decisionmaking body on supervisory matters (CMC), are not adequately reasoned or documented with the result that it is not possible to understand what led to the closure of the case without further supervisory measures or sanctions. It is not possible to establish whether the decision was well founded.
The EBA said that FIAU and its advisers sought to narrow the scope of the investigation to focus primarily on the existence of customer due diligence documentation confirming the source of funds.
“The FIAU seems to have agreed to this narrowed scope unquestioningly. As a consequence, it appears that in the second on-site visit, the FIAU only paid attention to the availability of source of funds documentation without a deeper analysis of it but it did not pay any attention to some of the more serious findings listed in the letter of 17 May 2016. The CMC also did not take into consideration these remaining deficiencies when deciding on next steps.
“Notwithstanding the serious nature of its initial findings, the FIAU has not documented, or otherwise provided clear reasons and compelling arguments why it considered it appropriate not to impose any sanctions or other supervisory measures. This applies, in particular in relation to those initial findings that are not related exclusively to the institution’s failure to provide the required customer diligence documentation, including the very high risks of ML/TF to which the institution is exposed not being mitigated adequately; and ii) the lack of sound AML/CFT policies established by the institution’s board of directors for customers classified as PEPs.
“Notwithstanding it was a highrisk institution of a type which was new to the jurisdiction, the FIAU neither planned nor carried out an on-site inspection of the institution until asked to do so by the MFSA, two years after the institution started its activities and no risk-based justification has been given for this inaction.
“After deciding to close the case, without imposing any sanction or considering any other su- pervisory measure, and despite the stated concerns of the FIAU as to how documentation became available in the second on-site visit although it was not available at the first inspection, the FIAU did not develop any other supervisory engagement plan with the institution. The documents provided by the FIAU to the EBA and interviews held with FIAU staff confirm that, after the 26 September 2016 communication to the institution closing the case, despite the documented concern regarding the documentation that was not available until after its first inspection, the FIAU considered the need for additional supervisory measures only in April 2017, when the allegations were made public against the institution.”
Conclusions
These findings point to general and systematic shortcomings in the FIAU’s application of AMLD3, the EBA said.
“Although the preliminary enquiry was initiated to address the concerns raised by the FIAU’s supervision of Pilatus Bank, the findings from the EBA’s investigation reveal a general practice of the FIAU at the time of the case at issue and not only, as argued by the FIAU, a failure in this particular case.
“The information requested and provided to the EBA has not been limited to the procedures and policies applied to Pilatus Bank. The FIAU has also challenged the issuing of a Recommendation because an Action Plan had been already adopted by the FIAU to address the same concerns set out in the draft Recommendation.”
The EBA welcomed the actions that the FIAU has taken or is in the process of taking to strengthen its activities but, in the EBA’s view the need identified by the FIAU for such a wide-ranging nature Action Plan provides support for its findings that the procedures and policies applied at the time of the case at issue were not appropriate and effective.
The authority said the FIAU did not effectively monitor and take the necessary measures with a view to ensuring compliance with the requirements of the Di- rective by the institution. The FIAU failed to ensure that the bank put in place adequate and appropriate AML/CFT policies and procedures; and the FIAU neither imposed effective, proportionate and dissuasive sanctions nor any other supervisory measures to correct the shortcomings it had identified to ensure the bank’s compliance with AMLD3’s requirements.
The FIAU has informed the EBA of general actions that, as an Action Plan, it has undertaken to strengthen its supervision. While a move in the right direction, these measures are not enough to rectify the deficiencies that led to a breach of Union law.
Recommendations
The EBA has made a number of recommendations, advising the FIAU to ensure that it takes all necessary measures to fulfil its obligations under the Fourth Anti-money Laundering Directive, and to ensure that national law is in line with EU law.
It said the FIAU should enhance its assessment of Money Laundering/Financing of Terrorism risk associated with its financial sector to ensure it is comprehensive and relevant, and to enable it to allow the identification of ML/TF risk factors both domestic and foreign affecting the Maltese financial sector.
It also urged the FIAU to establish and maintain a clear process to ensure this ML/TF risk assessment remains up to date, and can be amended without undue delay where necessary.
The FIAU should ensure that there are sufficient resources at its disposal in the light of its tasks, the size and complexity of its sector.
It should also implement robust internal procedures to conduct AML/CFT supervision, and robust record-keeping processes.
In her covering letter to MEPs, EBA chairperson Andrea Enria said the FIAU is required to inform the EBA within 10 working days of receipt of that recommendation of the steps it has taken or intends to take to ensure compliance with Union law.
She also said that a preliminary enquiry concerning the MFSA is still ongoing.