The Financial Supervisory Commission took enforcement actions against Citibank Taiwan Limited and DBS Bank (Taiwan) Ltd. related to Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) deficiencies
2021-05-13
The Financial Supervisory Commission ("the FSC") has imposed penalties against Citibank Taiwan Limited ("Citibank") and DBS Bank (Taiwan) Ltd. ("DBS Bank") for AML/CFT breaches of laws and regulations. According to a targeted examination for "Trade finance related AML/CFT and Counter Proliferation Financing (CPF) mechanism" and a full-scope examination of Citibank conducted by the FSC, as well as in a full-scope examination of DBS Bank, it was found that Citibank and DBS Bank had failed to properly establish or sufficiently implement its internal AML/CFT control mechanism and process during the period from 2017 to 2019 and the period from 2017 to 2018 respectively, in violation of Paragraph 1 of Article 45-1 of the Banking Act of the Republic of China. Therefore, the FSC fined Citibank NT$10 million and DBS Bank NT$6 million respectively.
1. Citibank Taiwan Limited:
(1) Date of the penalty notice: May 13, 2021
(2) Subject of the penalty: Citibank Taiwan Limited
(3) Legal basis for the penalty: Subparagraph 7 of Article 129 of the Banking Act of the Republic of China
(4) Facts of the case:
a. Failure to establish an effective customer risk assessment mechanism:
(a) With respect to its risk assessment method for corporate clients, the bank's risk scoring for various risk indicators (e.g. the clients' registered country or region; the degree of clients' use of high-risk products; and the industry category of clients) failed to reflect the risk level of these indicators and local environment.
(b) Many of the bank's corporate clients were one-person offshore companies with the same billing address, contact person or contact number, registered in different places from their business locations, and they registered and opened bank accounts within a short period of time. The bank did not understand the background of these clients and the purpose of establishing business relationships and assessed the necessity and reasonableness of their account openings. As a result, these clients were only classified as low or medium risk.
b. Failure to establish an effective ongoing customer due diligence mechanism:
Regarding ongoing customer due diligence for low-risk customers, the bank did not follow the FSC regulations to apply the event-triggered method only where certain conditions were met.
c. Failure to establish an effective transaction monitoring mechanism:
(a) The bank's transaction monitoring mechanism was designed to exclude transactions over a certain threshold, resulting in failure to generate alerts for multiple suspicious transactions.
(b) The bank's transaction monitoring mechanism was designed to automatically close and exclude investigations of suspicious transaction alerts generated for transactions which meet conditions set by the bank. Although the bank had a retrospective review mechanism for suspicious transaction alerts that were automatically closed, there were still suspicious cases that had been closed again after retrospective investigations.
(c) The bank failed to adopt typologies involving cryptocurrency trading platform operators and failed to incorporate the platform operators and their users into monitoring, as is required by regulations.
(d) The bank has not fully incorporated the typologies of tax avoidance and tax evasion set forth in the FSC's guidance into transaction monitoring, nor has it established a proper transaction monitoring method for transactions involving areas with high sanction risks. For example, in cases where an individual customer engaged in a large cash transaction that met the typologies of tax avoidance and tax evasion, the bank only filed large cash transaction reports but did not evaluate the reasonableness of these transactions.
d. Insufficient implementation of customer due diligence:
The bank failed to identify the beneficial owners of its customers, to understand the customers’ purpose of account opening and information related to the customers' suppliers, group affiliations or revenues, and to review whether the transactions conducted by the customers were consistent with their businesses and risks.
e. Insufficient investigation of suspicious transaction alerts, or failure to complete such investigations in a timely manner:
(a) When the information on the customers' business scale, business nature, and the purpose of account opening found in the bank's customer due diligence file was inconsistent with the transactions, the bank did not take this into account in its investigations of suspicious transaction alerts. Besides, the bank did not further investigate transactions involving areas with a high sanction risk. The bank also did not clarify the source of funds of transactions and relied on the explanations provided by its business units without making any independent judgment, resulting in failure to find abnormality in these transactions.
(b) The bank failed on multiple occasions to complete investigations of suspicious transaction alerts as soon as possible.
(5) Enforcement action:
The bank has major deficiencies in AML/CFT operations, including failure to establish an effective customer risk assessment mechanism, ongoing customer due diligence mechanism and transaction monitoring mechanism, insufficient implementation of customer due diligence, insufficient investigation of suspicious transaction alerts and failure to complete such investigations in a timely manner. Moreover, most of the customers or transactions involved have high-risk factors with huge transaction amounts. Based on the deficiencies, it was found that the bank has not properly established or sufficiently implemented its internal AML/CFT control mechanism and process, in violation of Article 7 of the Money Laundering Control Act and Article 45-1 of the Banking Act of the Republic of China. According to Article 24 of the Administrative Penalty Act, the bank was fined NT$10 million in accordance with Subparagraph 7 of Article 129 of the Banking Act of the Republic of China.
2. DBS Bank (Taiwan) Ltd.:
(1) Date of the penalty notice: May 13, 2021
(2) Subject of the penalty: DBS Bank (Taiwan) Ltd.
(3) Legal basis for the penalty: Subparagraph 7 of Article 129 of the Banking Act of the Republic of China
(4) Facts of the case:
a. Failure to establish an effective ongoing customer due diligence mechanism and name screening mechanism for customers and related parties of transactions:
(a) Regarding ongoing customer due diligence for low-risk customers, the bank did not follow the FSC regulations to apply the event-triggered method only where certain conditions were met.
(b) The bank failed to fully consider the risks of some high-risk customers or transactions and failed to establish a name screening mechanism pursuant to the risk-based approach, resulting in an insufficient review of these customers and related parties of transactions.
b. Failure to establish an effective transaction monitoring mechanism:
The defective design of the bank's transaction monitoring mechanism resulted in disabling alert generating functions for some suspicious transactions, which adversely affected the effectiveness of the bank's transaction monitoring mechanism.
c. Insufficient implementation of customer due diligence:
(a) The bank failed to implement the customer due diligence measures commensurate with the risks of customers, and did not fully understand the customers' beneficial owners, business locations, business nature, or purposes of establishing business relationships. For example, the business locations listed in the bank's customer due diligence files did not match the customers' IP addresses for online banking transactions.
(b) Many of the bank's corporate clients were one-person offshore companies with the same billing address, contact person or contact number, registered in different places from their business locations, and they registered and opened bank accounts within a short period of time. Even though the bank has classified these customers as high-risk, it did not assess the necessity and reasonableness of their account opening.
d. Insufficient investigation of suspicious transaction alerts, or failure to complete such investigations in a timely manner:
(a) When the information on the customers' business scale, business nature, and the purpose of account opening found in the bank's customer due diligence file was inconsistent with the transactions, the bank did not take this into account in its investigations of suspicious transaction alerts. Besides, the bank did not further investigate transactions involving areas with high sanction risks. The bank also did not clarify the source of funds of transactions and relied on the explanations provided by its business units without making any independent judgment, resulting in failure to find abnormality in these transactions.
(b) The bank failed on multiple occasions to complete investigations of suspicious transaction alerts as soon as possible.
(5) Enforcement action:
The bank has major deficiencies in AML/CFT operations, including failure to establish an effective ongoing customer due diligence mechanism, name screening mechanism for customers and related parties of transactions and transaction monitoring mechanism, insufficient implementation of customer due diligence, insufficient investigation of suspicious transaction alerts and failure to complete such investigations in a timely manner. The customers or transactions involved have high-risk factors with huge transaction amounts. Based on the deficiencies, it was found that the bank has not properly established or sufficiently implemented its internal AML/CFT control mechanism and process, in violation of Article 7 of the Money Laundering Control Act and Article 45-1 of the Banking Act of the Republic of China. According to Article 24 of the Administrative Penalty Act, the bank was fined NT$6 million in accordance with Subparagraph 7 of Article 129 of the Banking Act of the Republic of China.
The FSC stated that AML/CFT is an international trend and important supervisory requirement in Taiwan. International financial institutions’ AML/CFT operations, in addition to following their group policies, shall also comply with local laws and regulations and take local environments and risk profiles into consideration. The FSC also stressed that AML/CFT is an ongoing undertaking in need of financial institutions’ inputs of manpower and resources as well as review the effectiveness of control mechanisms on an ongoing basis to ensure the well-functioning of the relevant internal control systems and effective implementation. These continuing inputs and commitments pave the way for sustainable effectiveness of an AML/CFT regime, thereby safeguarding the financial market integrity as well as the safety and soundness of the financial industry.
1. Citibank Taiwan Limited:
(1) Date of the penalty notice: May 13, 2021
(2) Subject of the penalty: Citibank Taiwan Limited
(3) Legal basis for the penalty: Subparagraph 7 of Article 129 of the Banking Act of the Republic of China
(4) Facts of the case:
a. Failure to establish an effective customer risk assessment mechanism:
(a) With respect to its risk assessment method for corporate clients, the bank's risk scoring for various risk indicators (e.g. the clients' registered country or region; the degree of clients' use of high-risk products; and the industry category of clients) failed to reflect the risk level of these indicators and local environment.
(b) Many of the bank's corporate clients were one-person offshore companies with the same billing address, contact person or contact number, registered in different places from their business locations, and they registered and opened bank accounts within a short period of time. The bank did not understand the background of these clients and the purpose of establishing business relationships and assessed the necessity and reasonableness of their account openings. As a result, these clients were only classified as low or medium risk.
b. Failure to establish an effective ongoing customer due diligence mechanism:
Regarding ongoing customer due diligence for low-risk customers, the bank did not follow the FSC regulations to apply the event-triggered method only where certain conditions were met.
c. Failure to establish an effective transaction monitoring mechanism:
(a) The bank's transaction monitoring mechanism was designed to exclude transactions over a certain threshold, resulting in failure to generate alerts for multiple suspicious transactions.
(b) The bank's transaction monitoring mechanism was designed to automatically close and exclude investigations of suspicious transaction alerts generated for transactions which meet conditions set by the bank. Although the bank had a retrospective review mechanism for suspicious transaction alerts that were automatically closed, there were still suspicious cases that had been closed again after retrospective investigations.
(c) The bank failed to adopt typologies involving cryptocurrency trading platform operators and failed to incorporate the platform operators and their users into monitoring, as is required by regulations.
(d) The bank has not fully incorporated the typologies of tax avoidance and tax evasion set forth in the FSC's guidance into transaction monitoring, nor has it established a proper transaction monitoring method for transactions involving areas with high sanction risks. For example, in cases where an individual customer engaged in a large cash transaction that met the typologies of tax avoidance and tax evasion, the bank only filed large cash transaction reports but did not evaluate the reasonableness of these transactions.
d. Insufficient implementation of customer due diligence:
The bank failed to identify the beneficial owners of its customers, to understand the customers’ purpose of account opening and information related to the customers' suppliers, group affiliations or revenues, and to review whether the transactions conducted by the customers were consistent with their businesses and risks.
e. Insufficient investigation of suspicious transaction alerts, or failure to complete such investigations in a timely manner:
(a) When the information on the customers' business scale, business nature, and the purpose of account opening found in the bank's customer due diligence file was inconsistent with the transactions, the bank did not take this into account in its investigations of suspicious transaction alerts. Besides, the bank did not further investigate transactions involving areas with a high sanction risk. The bank also did not clarify the source of funds of transactions and relied on the explanations provided by its business units without making any independent judgment, resulting in failure to find abnormality in these transactions.
(b) The bank failed on multiple occasions to complete investigations of suspicious transaction alerts as soon as possible.
(5) Enforcement action:
The bank has major deficiencies in AML/CFT operations, including failure to establish an effective customer risk assessment mechanism, ongoing customer due diligence mechanism and transaction monitoring mechanism, insufficient implementation of customer due diligence, insufficient investigation of suspicious transaction alerts and failure to complete such investigations in a timely manner. Moreover, most of the customers or transactions involved have high-risk factors with huge transaction amounts. Based on the deficiencies, it was found that the bank has not properly established or sufficiently implemented its internal AML/CFT control mechanism and process, in violation of Article 7 of the Money Laundering Control Act and Article 45-1 of the Banking Act of the Republic of China. According to Article 24 of the Administrative Penalty Act, the bank was fined NT$10 million in accordance with Subparagraph 7 of Article 129 of the Banking Act of the Republic of China.
2. DBS Bank (Taiwan) Ltd.:
(1) Date of the penalty notice: May 13, 2021
(2) Subject of the penalty: DBS Bank (Taiwan) Ltd.
(3) Legal basis for the penalty: Subparagraph 7 of Article 129 of the Banking Act of the Republic of China
(4) Facts of the case:
a. Failure to establish an effective ongoing customer due diligence mechanism and name screening mechanism for customers and related parties of transactions:
(a) Regarding ongoing customer due diligence for low-risk customers, the bank did not follow the FSC regulations to apply the event-triggered method only where certain conditions were met.
(b) The bank failed to fully consider the risks of some high-risk customers or transactions and failed to establish a name screening mechanism pursuant to the risk-based approach, resulting in an insufficient review of these customers and related parties of transactions.
b. Failure to establish an effective transaction monitoring mechanism:
The defective design of the bank's transaction monitoring mechanism resulted in disabling alert generating functions for some suspicious transactions, which adversely affected the effectiveness of the bank's transaction monitoring mechanism.
c. Insufficient implementation of customer due diligence:
(a) The bank failed to implement the customer due diligence measures commensurate with the risks of customers, and did not fully understand the customers' beneficial owners, business locations, business nature, or purposes of establishing business relationships. For example, the business locations listed in the bank's customer due diligence files did not match the customers' IP addresses for online banking transactions.
(b) Many of the bank's corporate clients were one-person offshore companies with the same billing address, contact person or contact number, registered in different places from their business locations, and they registered and opened bank accounts within a short period of time. Even though the bank has classified these customers as high-risk, it did not assess the necessity and reasonableness of their account opening.
d. Insufficient investigation of suspicious transaction alerts, or failure to complete such investigations in a timely manner:
(a) When the information on the customers' business scale, business nature, and the purpose of account opening found in the bank's customer due diligence file was inconsistent with the transactions, the bank did not take this into account in its investigations of suspicious transaction alerts. Besides, the bank did not further investigate transactions involving areas with high sanction risks. The bank also did not clarify the source of funds of transactions and relied on the explanations provided by its business units without making any independent judgment, resulting in failure to find abnormality in these transactions.
(b) The bank failed on multiple occasions to complete investigations of suspicious transaction alerts as soon as possible.
(5) Enforcement action:
The bank has major deficiencies in AML/CFT operations, including failure to establish an effective ongoing customer due diligence mechanism, name screening mechanism for customers and related parties of transactions and transaction monitoring mechanism, insufficient implementation of customer due diligence, insufficient investigation of suspicious transaction alerts and failure to complete such investigations in a timely manner. The customers or transactions involved have high-risk factors with huge transaction amounts. Based on the deficiencies, it was found that the bank has not properly established or sufficiently implemented its internal AML/CFT control mechanism and process, in violation of Article 7 of the Money Laundering Control Act and Article 45-1 of the Banking Act of the Republic of China. According to Article 24 of the Administrative Penalty Act, the bank was fined NT$6 million in accordance with Subparagraph 7 of Article 129 of the Banking Act of the Republic of China.
The FSC stated that AML/CFT is an international trend and important supervisory requirement in Taiwan. International financial institutions’ AML/CFT operations, in addition to following their group policies, shall also comply with local laws and regulations and take local environments and risk profiles into consideration. The FSC also stressed that AML/CFT is an ongoing undertaking in need of financial institutions’ inputs of manpower and resources as well as review the effectiveness of control mechanisms on an ongoing basis to ensure the well-functioning of the relevant internal control systems and effective implementation. These continuing inputs and commitments pave the way for sustainable effectiveness of an AML/CFT regime, thereby safeguarding the financial market integrity as well as the safety and soundness of the financial industry.
Visitor:
4994
Update:
2021-05-27