Consultancy firm slapped with €61k FIAU fine for AML/CFT breaches

Consultancy firm BDO Consult Ltd has been hit with a €61,763 fine by the Financial Intelligence Analysis Unit (FIAU), after a targeted compliance review by the authority found multiple breaches of anti-money laundering and counter financing of terrorism (AML/CFT) regulations.

The unit’s investigation, conducted in 2021, and detailed in an administrative measure notice, found a number of breaches including around the information the firm collected when establishing some customer profiles and the high value of the transactions passing through one customer.

Other problems cited by the FIAU included the array of available information at BDO’s disposable to suspect that the beneficial owner wanted to conceal his beneficial ownership of a customer, the foreign ownership of the companies mentioned, and a lack of appreciation to some of the money laundering risks it was exposed to.

One specific change involved the failure of one customer to provide a structure chart before the business relationship was established in 2015.

The first structure chart was compiled four months after the relationship was established.

Even then though, and “more troubling” to the FIAU, the structure chart and other subsequent structure charts compiled thereafter, did not comply with the other verification documentation collected by the subject person during onboarding.

In view of this, the FIAU concluded that the chart was not compiled in a timely manner, and that the subject person failed to verify the information that was collected.

The requirement to do so is intended to ensure that the structure chart as well as the documents used to verify it are sufficiently detailed and accurate so to understand who ultimately owns the corporate customer.

The FIAU also cites an example where BDO failed to collect sufficient information of a customer which was a holding company.

The organisation stated that no information was obtained to explain the services offered by the companies, their target markets and the activity they operate in.

In another case, also involving a holding company, insufficient information about which companies were being invested in was collected. For example, despite knowing that one investment related to a development of an intellectual property, no information was obtained on what exactly was being developed.

This could have included a general understanding of what the IP was, the expected costs of development, how it would be funded and its intended use, amongst others.

The anticipated level of the customer’s activity was noted to be “minimal”, but the FIAU insisted that subject persons are at least expected to obtain quantifiable estimates.

The unit added that it identified shortcomings in a file for which the subject person inadequately monitored the business relationship, failed to undertake Enhanced Due Diligence, and did not raise an internal report to its Money Laundering Reporting Officer (MLRO).

These shortcomings came despite the fact the customer and the firm had had a business relationship for over six years, within which it provided directorship, fiduciary, and company secretarial services, among others.

During this period, the FIAU stated that there were several instances “clearly posing a high ML/FT risk.”

This included one case where in the period within which part of the group was incorporated, its business developed and then was eventually sold for a value of over $10 million (€9.05 million), done without understanding how the value was determined.

Taking into account these breaches, the FIAU said it remains concerned about the degree and extent of the company’s lack of adherence and regard to its AML/CFT obligations.

It also considered the level of cooperation exhibited by BDO during the targeted review.

To ensure that BDO remediates its shortcomings, the FIAU also served it with a remediation directive, through which it requests the company to ensure that it holds adequate information pertaining to the purpose and intended nature of the relationship and that it builds comprehensive risk profiles in line with the applicable AML/CFT obligations.

Finally, the FIAU stated that BDO has been duly informed that in the eventuality that it fails to adhere to the directive, this default will be communicated to the committee for its eventual actions, including the imposition of an administrative penalty.