Danish Regulators Order Sweeping AML Reforms for Merex International AS Amid High-Risk Iran Exposure

Danish authorities have concluded an extensive regulatory inspection of Merex International AS, culminating in a series of binding enforcement directives aimed at remedying deep-rooted deficiencies in the company’s anti-money laundering framework. The review, carried out by the Danish Financial Supervisory Authority, uncovered substantial weaknesses tied to the firm’s business model, particularly its involvement in currency exchange and international money transfers to jurisdictions deemed high risk. Due to the company’s facilitation of transactions through respondent connections in Iran, regulators have classified its exposure to money laundering and terrorist financing threats as significantly elevated. As a result, the firm is now compelled to undertake a comprehensive overhaul of its internal risk assessments and strengthen its documentation practices concerning the origins of funds in large cash transactions, ensuring alignment with the Danish Money Laundering Act.

The findings bring into sharp focus the tension between niche financial service providers and the complexities of global sanctions regimes. Merex International AS operates primarily as both a currency exchange and payment services provider, with a strong operational emphasis on the Iranian market. This geographic specialization subjects the firm to heightened regulatory scrutiny, as Iran remains under extensive European Union sanctions and is listed on the Financial Action Task Force blacklist. During the inspection, authorities determined that Merex had failed to sufficiently incorporate these geopolitical risks into its internal risk assessment documentation. This lapse is particularly troubling given that much of the firm’s activity involves transferring funds into an environment where traditional financial oversight mechanisms may be limited or non-existent, compounded by factors such as internet disruptions and restricted infrastructure.

Robust risk management requires financial institutions to anticipate every potential avenue for misuse of their services. For a company like Merex, which also trades in gold bars, the risk landscape becomes even more intricate. Gold’s liquidity and portability make it an attractive vehicle for illicit value transfer, particularly for criminal networks seeking to bypass formal financial systems. When combined with cash-heavy currency exchange operations, the likelihood of facilitating the layering and integration of illicit proceeds becomes a central regulatory concern. The Danish Financial Supervisory Authority noted that while the firm’s custom-built IT system supports operational functionality, it must be reinforced with comprehensive policies that explicitly address the risks associated with sanctioned jurisdictions and precious metals trading.

Among the most serious shortcomings identified was the company’s failure to apply enhanced customer due diligence measures in high-risk scenarios. In numerous cases involving substantial amounts of physical cash, Merex relied solely on customers’ own declarations regarding the source of their funds. Regulators made it unequivocally clear that such self-reporting is inadequate when transaction patterns or volumes indicate elevated risk. Independent verification—through documentation such as bank records, tax filings, or contractual agreements—is mandatory to establish the legitimacy of funds. Without these safeguards, the firm effectively leaves itself vulnerable to exploitation for the placement of proceeds from criminal activities, including narcotics trafficking and fraud.

The regulator also highlighted deficiencies in how Merex managed its respondent relationships in Iran. Respondent banking arrangements, where one institution provides services on behalf of another in a different jurisdiction, inherently carry significant risks, particularly when the counterparties operate outside the European Union’s regulatory framework. The Danish Financial Supervisory Authority stressed that Merex had not conducted adequate due diligence on these partners to ensure they maintain effective anti-financial crime controls. This gap raises the possibility that the firm could inadvertently facilitate transactions involving individuals or entities subject to international sanctions. As emphasized by the regulator, “out of sight” cannot mean “out of mind.”

In addition, the inspection revealed serious lapses in record-keeping practices. The firm had not consistently documented the outcomes of its internal investigations into suspicious or unusual transactions. Proper documentation is a cornerstone of any anti-money laundering regime, enabling authorities to reconstruct transaction flows and pursue enforcement actions where necessary. Failure to maintain such records undermines the integrity of reporting mechanisms to the Money Laundering Secretariat and weakens the firm’s ability to demonstrate compliance. Under the new orders, Merex must ensure that every internal investigation is thoroughly recorded and retained in a manner suitable for audits and potential law enforcement review.

The enforcement measures imposed underscore that smaller financial institutions are held to the same rigorous standards as major banks when it comes to combating financial crime. Despite serving important roles in facilitating remittances and trade for diaspora communities, firms like Merex are expected to implement equally robust safeguards. The Danish Financial Supervisory Authority has mandated the immediate introduction of enhanced due diligence protocols for all high-risk customers. This includes a strict requirement to obtain and verify documentation evidencing the source of funds before processing any transactions. The intent is to prevent the firm from being used as a conduit for illicit financial flows.

A central element of the case is the firm’s handling of Iranian sanctions. The European Union maintains a complex network of restrictions targeting specific activities linked to Iran, requiring firms engaged in such transactions to exercise exceptional diligence. Regulators found that Merex had not explicitly incorporated these sanctions considerations into its formal risk assessment processes. By treating transfers to a blacklisted jurisdiction in a manner comparable to lower-risk domestic transactions, the firm failed in its role as a gatekeeper within the international financial system. The requirement to revise its procedures to include respondent relationships directly addresses this oversight, ensuring comprehensive scrutiny across the entire transaction chain.

Operational challenges further complicate the firm’s position. Internet disruptions in Iran have already impacted its business activities, and the added regulatory burden introduces new layers of complexity. The Danish Financial Supervisory Authority’s findings make it clear that resuming normal operations is contingent upon demonstrable improvements in compliance practices. This entails not only revising policies but also fostering a deeper understanding among staff and management of the risks associated with terrorist financing and the methods used to circumvent international controls.

The firm’s involvement in gold trading remains a focal point of regulatory concern. Precious metals are frequently used in trade-based money laundering schemes, where manipulated valuations facilitate cross-border value transfer. For Merex, the combination of gold trading, high cash volumes, and international remittances creates a convergence of high-risk factors. Regulators expect the implementation of specialized monitoring mechanisms capable of identifying anomalies such as irregular pricing, unconventional shipping routes, or sudden increases in customer activity involving bullion without clear economic justification.

Ultimately, the Danish Financial Supervisory Authority’s intervention is aimed at safeguarding the integrity of the national financial system against global criminal threats. The public nature of the enforcement orders serves both as guidance for Merex and as a broader warning to the industry that inadequate due diligence will not be tolerated. The firm’s path forward requires significant investment in compliance infrastructure and a shift toward a more evidence-driven approach to customer engagement. Each transaction must be evaluated through a risk-focused lens, particularly when involving jurisdictions with known deficiencies in financial oversight.

The complexities of the Iranian remittance ecosystem demand a nuanced understanding of both domestic and international legal frameworks. With traditional banking channels between Western countries and Iran largely severed, alternative networks like those operated by Merex become essential—but also highly vulnerable to misuse. The regulator’s critique of the firm’s proprietary IT system underscores that operational efficiency must not come at the expense of security. Systems must be capable of flagging high-risk transactions and identifying matches against global sanctions lists.

Verifying the origin of funds remains one of the most challenging yet critical components of due diligence. When customers present large sums of cash, the responsibility lies squarely with the firm to confirm the legitimacy of those funds. The regulator’s insistence on independent documentation marks a decisive shift away from reliance on customer statements. This will require enhanced staff training, both in analyzing financial documentation and in managing client relationships where increased scrutiny may be met with resistance.

Oversight of respondent partners is equally crucial. In Merex’s case, Iranian counterparts represent the final stage of the payment process. Without proper vetting, the firm cannot ensure that funds are not reaching sanctioned individuals or being used for prohibited purposes. The Danish Financial Supervisory Authority has mandated rigorous onboarding and continuous monitoring of all such relationships, regardless of their duration.

Record-keeping obligations have also been significantly reinforced. Each internal investigation must now be treated as a formal legal record, preserved for a minimum of five years in accordance with Danish law. This requirement is not merely administrative but serves as a critical safeguard for both regulators and the firm itself, enabling transparency and accountability in the event of scrutiny.

The broader lesson from the Merex case reflects an increasing regulatory demand for specificity and precision in compliance frameworks. Generic policies are no longer sufficient; firms must tailor their controls to the unique risks inherent in their business models. For Merex, this entails explicitly linking its Iranian operations to its day-to-day monitoring and demonstrating a clear understanding of regional money laundering typologies.

Updating the firm’s risk assessment is the first step in this transformation. Such assessments must be dynamic, evolving alongside changes in market conditions and geopolitical developments. The integration of EU sanctions considerations is essential, particularly given the firm’s exposure to a high-risk jurisdiction. Failure to address these factors previously has already exposed the company to legal and reputational risk.

Beyond procedural changes, a shift in organizational culture is imperative. Compliance must be embedded as a fundamental aspect of the business rather than viewed as an operational obstacle. This requires ongoing training across all levels of the organization and the creation of an environment where employees feel empowered to identify and report suspicious activity. The regulator’s intervention provides the impetus for this cultural evolution.

Continuous monitoring of customer behavior is another critical area for improvement. Due diligence cannot be a one-time exercise; it must be an ongoing process that adapts to changes in transaction patterns. Sudden shifts in customer activity—such as increased transaction volumes or entry into gold trading—should trigger immediate review. The absence of documented investigations suggests that such mechanisms were either lacking or ineffective.

In its entirety, the Merex International AS case illustrates the challenges faced by financial institutions operating in high-risk environments. The Danish Financial Supervisory Authority has outlined a clear roadmap for compliance, emphasizing the need for robust risk assessments, enhanced due diligence, vigilant oversight of international partners, and meticulous record keeping. The responsibility now lies with the firm’s leadership to implement these measures and ensure that compliance becomes an integral component of its operations. By addressing these deficiencies, Merex has the opportunity to reposition itself as a responsible participant in the financial system rather than a potential vulnerability within it.

By fLEXI tEAM