CSSF fines Rakuten Europe Bank €185,000 for AML failures

Luxembourg’s financial regulator, the Commission de Surveillance du Secteur Financier (CSSF), has imposed a fine of €185,000 on Rakuten Europe Bank for breaches of anti-money laundering and counter-terrorist financing rules.

The fine was imposed on 19 May last year and only made public on Tuesday in a statement issued by the CSSF on its website. The amount represents around 1% of the bank’s annual turnover as of the end of 2022, the financial regulator said.

The sanction follows an on-site inspection carried out between February and November 2023, which examined the bank’s AML/CFT framework and the corrective actions taken after shortcomings previously identified by “another European national competent authority”, the CSSF said.

The inspection uncovered a number of gaps, according to the CSSF, including that Rakuten Europe Bank had failed to implement an adequate transaction monitoring system. Monitoring scenarios were outdated, did not cover all transactions and could no longer be properly configured following staff departures in IT and compliance functions. The bank was also using a version of the monitoring tool that was no longer supported by its supplier.

The regulator noted that similar deficiencies had already been flagged by another European national monitoring authority in 2019 and 2020. However, the CSSF found that required corrective measures had still not been fully implemented four years later, with delays in replacing the transaction monitoring system and insufficient compensatory controls in the interim.

The CSSF also identified significant delays in the processing of alerts generated by the bank’s monitoring tools. Around 9% of alerts were closed more than two months after being created, while thousands of customer screening alerts – including those linked to sanctions, politically exposed persons and terrorism – were awaiting review at the time of the inspection.

In addition, the bank filed several suspicious activity reports with Luxembourg’s Financial Intelligence Unit weeks later than required, despite having identified potential money laundering or terrorist financing indicators in dozens of customer files. In one case involving a customer previously subject to asset freezes in France for terrorism-related reasons, the bank failed to submit a suspicious activity report at all, the CSSF said.

The regulator also found weaknesses in the bank’s application of simplified due diligence measures and in its assessment of customer risk, including failures to properly account for the country of residence of beneficial owners.

In determining the sanction, the CSSF said it took into account the gravity and duration of the breaches, as well as the bank’s financial situation. The regulator also noted that Rakuten Europe Bank had acknowledged the shortcomings, submitted an action plan and began implementing corrective measures both during and after the inspection.

The Luxembourg Times has reached out to Rakuten Europe Bank for comment.