In March of 2023, the Bank of Lithuania fined two electronic money institutions for non-compliance with Lithuanian anti-money laundering and counter-terrorist financing requirements. Paylar, UAB has received a fine of EUR 40,000, while Verse Payments Lithuania UAB has received a fine of EUR 280 000, and the director, who was also a board member responsible for the organization of AML/CTF measures, of the company received a fine of EUR 75,000. What did the institutions exactly do wrong and what can be learned from their mistakes?
Fine on Paylar, UAB
On March 10, 2023, the Bank of Lithuania found that Paylar, UAB did not perform enterprise-wide ML/TF risk assessment, customer risk assessment procedures did not ensure the proper distribution of customers into risk groups, identification procedures were inadequate, internal control systems were not tested for suitability and effectiveness. In addition, Paylar, UAB has provided false information, stating a significantly lower number of customers and their turnover.
What can we learn from this decision?
- One of the most important parts of the AML/CTF program is an enterprise-wide and customer risk assessment. Without a proper risk assessment, a company cannot apply adequate customer due diligence measures. Supervisory authorities are looking more strictly at the systems used by financial market participants for the implementation of AML/CTF requirements, therefore FMPs should ensure that the systems used are effective, efficient, and in line with the nature and scale of the business activities.
- FMPs should refrain from lying, falsifying documents, or undertaking other activities to hide the actual situation after identifying shortcomings in their activities. Supervisory authorities always consider the company’s efforts to self-correct and provide softer restrictive measures where there is a reason.
Fine on Verse Payments Lithuania UAB
On March 15, 2023, the Bank of Lithuania found that Verse Payments Lithuania UAB did not perform adequate identification and verification of customers and their beneficial owners, the KYC procedure was inadequate to understand the purpose and nature of the business relationship, the company did not comply with simplified due diligence requirements and therefore opened anonymous accounts and/or accounts with fictitious names. What is more, Verse Payments Lithuania UAB did not have internal controls and procedures for the implementation of financial sanctions, did not perform appropriate enhanced due diligence on high-risk customers, internal control function responsible for organizing the prevention of ML/TF was not independent of business interests.
In addition, the Bank of Lithuania has fined the director of the company for not ensuring the safe and reliable operation of the institution, for not taking effective measures to eliminate violations, and not ensuring the compliance of the institution’s activities with the established requirements, although he was aware of the information about the violations committed by the institution for a long time.
What can we learn from this decision?
- The decision should be a reminder that not only FMPs are responsible and liable for the implementation of AML/CTF measures, but also persons organising and implementing AML/CTF measures in the organisation, including CEO, MLRO, responsible board member and other heads of the FMP.
- FMPs must understand the importance of customer identification, verification, and KYC procedures to ensure that their customers are legitimate, the purpose and nature of business relationships are understood, and appropriate due diligence procedures are applied. In addition, FMPs must ensure that AML/CTF standards are not compromised by business interests and that potential conflicts of interest are avoided.
Prepared by Greta Šlimaitė, junior lawyer of ECOVIS ProventusLaw