Skip to content Skip to footer

Sanction AML-CFT : BRED fined €2.5M by the ACPR

Sanction AML-CFT : €2.5M fine

The Autorité de Contrôle Prudentiel et de Résolution (ACPR) has imposed its second sanction of the year due to serious deficiencies significantly affecting several crucial elements of the anti-money laundering and countering the financing of terrorism (AML-CFT).

BRED is a cooperative bank and the largest Banque Populaire. In addition to a reputational risk with this nominative sanction, she was fined €2.5 million...

Let's take a closer look at the criticisms against BRED:

Inefficient automated monitoring tool settings

The configuration criticised by the ACPR made it possible, for example, to exempt (partially or totally) certain customers from the monitoring system.

The ACPR relies on a 2015 decision to recall that supervision must cover all the activities and operations of all customers.

All the data must also be taken into account to allow the establishment of relevant rules and/or thresholds that must be adapted according to the context.

On the other hand, the incorrect setting of a criterion can be considered, by the ACPR, as a failure of the detection system!

Avis AP Solutions IO

It is essential that a profiling/monitoring tool allows a dynamic configuration to take into account and cross-reference different data, from different sources. This tool must also be able to integrate, aggregate and process a huge amount of data in real time.

It is essential that the tools AML-CFT are configurable and take into account precisely all internal Compliance criteria. It is noted that the ACPR is intractable on any inconsistencies observed between the theoretical compliance policy and the configuration of its tools AML-CFT.

This parameterization should also enable certain decisions to be automated, in order to streamline (digitized) customer and KYC paths, offering :

  • Productivity
  • Security
  • Coherence

To ensure that the correct configuration is implemented, it must be easily exportable for review by internal audit or permanent control.

Insufficient updating of customer/third-party data

Like many other ACPR sanctions, this one points to the insufficient level and quality of customer knowledge, marked in particular by information that is too vague, imprecise or irrelevant that prevents effective customer profiling and risk classification.

Or, un dispositif de surveillance des opérations et/ou de la clientèle/tiers ne peut être efficace, conformément à ce qu’exige la réglementation, que s’il utilise des éléments d’information exacts sur les clients.

Obliged bodies are required to collect, before the start and throughout the duration of the business relationship, relevant knowledge about their customers, which allows them to assess the risk profile of each business relationship and to implement appropriate measures to monitor its operations. To that end, they must, without being subject to an obligation as to the result to be achieved, take sufficient steps to collect negative information about them mentioned in particular by the media or databases.

Avis AP Solutions IO

The devices AML-CFT must offer a user interface that allows operators to be productive thanks to an optimized UX, but also by centralizing all the information necessary for decision-making.

The tool must be able to integrate, to offer a repository of arguments during a decision, the possibility of adding comments, but also attachments.

All this with a view to traceability and total explainability.

Lack of justification for handling alerts

As seen above, the ACPR is attentive to the time it takes for operators to process alerts AML-CFT. However, dealing quickly does not mean rushing or rushing the arguments of each decision.

In this sanction, the ACPR shows that the completeness of the due diligence carried out by supervised persons is at the heart of its concerns and a mandatory step during its inspections.

Avis AP Solutions IO

In addition to the daily updating of the lists of sensitive persons, the regular updating of customer files allows for better data quality and therefore better detection of sensitive persons and overall monitoring.

Les outils de LCB-FT doivent filtrer et analyser en temps-réel l’ensemble de votre portefeuille clients. Ce screening automatisé ne doit alors faire ressortir que les nouvelles alertes ou alertes ayant subi un changement majeur. Dans un souci de productivité, les alertes précédemment décidées n’ayant pas subi de changement majeur ne doivent pas être resoumises à la décision d’un opérateur/analyste LCB-FT.