Malta-based Novum Bank slapped with €89,516 penalty as FIAU flags due diligence breaches

The Finance Intelligence Analysis Unit (FIAU) has ordered Novum Bank Limited to pay an administrative penalty of €89,516 and has also issued the entity with a reprimand and remediation directive over a number of breaches.

Novum Bank Limited is a private credit institution that operates under, and applies, the European Union banking regulatory framework. The bank is licenced and regulated by the Malta Financial Services Authority (MFSA) to operate outside Malta. It’s main two lines of products deal with card/store value as well as micro-lending.

Following an onsite compliance review carried out by the FIAU in 2019, the national financial intelligence and supervisory authority proceeded with taking action against the bank, flagging concerns with customer risk assessments, customer due diligence and ongoing monitoring.

Customer Risk Assessment

During a review of the CRAs and the CRA methodology applied by the Bank, it was noted that while the Bank had implemented a methodology to risk assess customers, this was not considered to be comprehensive enough, since although all the four risk pillars were being covered at times not all the risk factors were being taken into consideration. This in turn could have led the Bank to apply inadequate levels of CDD such as by classifying customers as low risk while another risk classification may have been more appropriate.

Providing an example of this, it was noted that the geographical risk being taken into consideration by Novum Bank when assessing risk levels of clients was limited to the residence of a customer without consideration to any connection customers might have with other jurisdiction.

Customer Due Diligence – Identification and Verification of Legal Persons

It was observed that in one file, the link between the corporate entity and the parent company had not been verified by independent sources. In their representations, the Bank confirmed the shortcoming.

However, argued that this was one instance out of many review files, whilst also confirming that this information would be publicly available on online domains. The committee acknowledged that since this shortcoming was only present in one file it was more of an oversight and that good measures for identifying and verifying corporate customers were in place. However, it could not overlook that this information had not been gathered by the Bank

Customer Due Diligence – Purpose and Intended Nature of the Business Relationship

The compliance review highlighted several files where the Bank did not gather enough information on the purpose and intended nature of business relationships it engaged in. From the reviewed files, officials observed that in three relationships involving individual lenders, the information held on file for them was deemed to be either generic or was not available on file.

Ongoing Monitoring – Scrutiny of Transactions

Whilst reviewing these corporate files, Officials took note of two corporate files, in which there was no underlying rationale behind the transactions conducted between the corporate entities and the respective third parties.

For a more detailed review of the FIAU’s rationale and key take aways, click here.