Sanction AML-CFT : BRED fined €2.5M by the ACPR

by 02/07/2024AML-CFT

Sanction AML-CFT : €2.5M fine

The Autorité de Contrôle Prudentiel et de Résolution (ACPR) has imposed its second sanction of the year due to serious deficiencies significantly affecting several crucial elements of the anti-money laundering and countering the financing of terrorism (AML-CFT).

BRED is a cooperative bank and the largest Banque Populaire. In addition to a reputational risk with this nominative sanction, she was fined €2.5 million...

Let's take a closer look at the criticisms against BRED:

Inefficient automated monitoring tool settings

The configuration criticised by the ACPR made it possible, for example, to exempt (partially or totally) certain customers from the monitoring system.

The ACPR relies on a 2015 decision to recall that supervision must cover all the activities and operations of all customers.

All the data must also be taken into account to allow the establishment of relevant rules and/or thresholds that must be adapted according to the context.

On the other hand, the incorrect setting of a criterion can be considered, by the ACPR, as a failure of the detection system!

APS notice

It is essential that a profiling/monitoring tool allows a dynamic configuration to take into account and cross-reference different data, from different sources. This tool must also be able to integrate, aggregate and process a huge amount of data in real time.

It is essential that the tools AML-CFT are configurable and take into account precisely all internal Compliance criteria. It is noted that the ACPR is intractable on any inconsistencies observed between the theoretical compliance policy and the configuration of its tools AML-CFT.

This parameterization should also enable certain decisions to be automated, in order to streamline (digitized) customer and KYC paths, offering :

  • Productivity
  • Security
  • Coherence

To ensure that the correct configuration is implemented, it must be easily exportable for review by internal audit or permanent control.

Insufficient updating of customer/third-party data

Like many other ACPR sanctions, this one points to the insufficient level and quality of customer knowledge, marked in particular by information that is too vague, imprecise or irrelevant that prevents effective customer profiling and risk classification.

However, a transaction and/or customer/third-party monitoring system can only be effective, as required by regulation, if it uses accurate customer information.

Obliged bodies are required to collect, before the start and throughout the duration of the business relationship, relevant knowledge about their customers, which allows them to assess the risk profile of each business relationship and to implement appropriate measures to monitor its operations. To that end, they must, without being subject to an obligation as to the result to be achieved, take sufficient steps to collect negative information about them mentioned in particular by the media or databases.

APS notice

The devices AML-CFT must offer a user interface that allows operators to be productive thanks to an optimized UX, but also by centralizing all the information necessary for decision-making.

The tool must be able to integrate, to offer a repository of arguments during a decision, the possibility of adding comments, but also attachments.

All this with a view to traceability and total explainability.

Lack of justification for handling alerts

As seen above, the ACPR is attentive to the time it takes for operators to process alerts AML-CFT. However, dealing quickly does not mean rushing or rushing the arguments of each decision.

In this sanction, the ACPR shows that the completeness of the due diligence carried out by supervised persons is at the heart of its concerns and a mandatory step during its inspections.

APS notice

In addition to the daily updating of the lists of sensitive persons, the regular updating of customer files allows for better data quality and therefore better detection of sensitive persons and overall monitoring.

The tools of AML-CFT must filter and analyze your entire customer portfolio in real time. This automated screening should then only highlight new alerts or alerts that have undergone a major change. For the sake of productivity, previously decided alerts that have not undergone any major changes should not be resubmitted to an operator/analyst for decision AML-CFT.

Sign up to receive our latest news