top of page

Malta bank ECCM fined €310K for systemic AML errors, including risk ratings failures

A Maltese bank was fined €310,000 for a string of major AML violations.

The Financial Intelligence Analysis Unit (FIAU) of the island concluded that ECCM Bank lacked proper business and consumer risk assessment processes.

The FIAU has also demanded that the bank take corrective action to improve its anti-money laundering processes. ECCM must assess the information and documentation it possesses about its present customers on a risk-sensitive basis and receive updated information on them as needed.

Internally, the majority of the bank's customers were categorised as moderate to low risk.

The FIAU determined that these risk ratings did not accurately reflect the actual AML dangers posed, especially when considering the complicated company structures held by some of the bank's clients.

The risk ratings did not take into account all risk elements, which could have led to a "distorted" view of the risks involved and improper implementation of internal controls.

The ECCM's transaction monitoring had flaws, including a €100 million transaction that did not receive adequate scrutiny.

According to the Times of Malta, following the compliance assessment, the bank furnished the FIAU with a copy of minutes showing that the €100M was to be utilised for investments.

Aside from highlighting that the minutes were only released after its inspection, the FIAU stated that the minutes did not explain where the €100M originated from but only specified what it would be used for, according to the article.

It was also discovered:

  • In addition, the bank failed to conduct frequent reviews of the money-laundering risks posed by current customers.

  • ECCM was not gathering appropriate and comprehensive information on its clients' business activities.

  • The bank relied on "generic" representations of where certain clients' monies came from. In one case, a client's source of funding was merely listed as "global business activities," with no indication of what those business operations were.

While the FIAU acknowledged that ECCM's business strategy exposes it to fewer risks than other banks, it stated that the bank was required to do a full business risk assessment in a timely way.

The FIAU expresses worry that ECCM was content with only knowing the flow of cash through it rather than getting the essential information and records to identify the source of these monies.

The FIAU stated that the bank's transaction scrutiny methods must be "significantly enhanced" to guarantee that big, abnormal transactions are flagged, examined, and reviewed.

ECCM Bank Plc was given a banking licence in July 2014, according to its website. It was purchased the previous year from Raiffeisen Bank International AG.

67 entities were fined a total of €304,000 for failing to respond to the FIAU or responding late. 52 further written reprimands were issued.

The FIAU discovered that 119 businesses, ranging from gambling enterprises to independent professionals like as lawyers, did not meet compliance standards to send information to the unit in a timely way.

In 2020, the FIAU issued approximately 31,000 requests for information to various businesses, with the information deemed "critical" to aiding investigations into financial crimes both locally and globally.

The unit stated that information requests issued by its intelligence department are "critical and vital" for it to carry out its tasks.

Failure to respond to its inquiries, or responding late, not only causes the regulated entity to violate its requirements, but also has a negative influence on the FIAU's analytical function.



bottom of page