Ulster Bank has been hit with a €3.3m fine by the Central Bank after an investigation found it had left itself vulnerable to money-laundering and terrorist financing.
The fine is the biggest ever issued by the Central Bank for breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010, and brings the total number of fines it has issued this year to various financial institutions to €7.5m.
Ulster Bank Ireland admitted the breaches and settled for the fine of €3.325m, with the Central Bank stating that all matters were concluded last Thursday.
It has emerged that the breaches at the bank were linked to outsourcing and occurred over a six-year period, beginning in 2010.
The Central Bank launched its probe into the problems last year and the resulting fine is the second time in recent years it has reprimanded Ulster Bank.
In November 2014, Ulster Bank was hit with a record €3.5m fine for a serious IT systems failure in June and July 2012, which left 600,000 customers without essential and basic banking services over a 28-day period.
In explaining the issuing of the latest fine, the Central Bank said its investigation had identified a number of areas of non-compliance with regulations and Central Bank director of enforcement Derville Rowland lambasted Ulster Bank over its failings.
“Ulster Bank Ireland’s breaches are especially concerning as they point to unacceptable weaknesses in key aspects of its anti-money laundering framework, systems and controls over an extended period of time,” she said.
“As one of the largest retail banks in Ireland, Ulster Bank Ireland provides a gateway to the financial system for more than one million customers through its extensive network of branches, online and telephone banking.
“Therefore, it is imperative that it vigorously applies the highest levels of anti-money laundering compliance in order to protect, not only itself, but its customers and the wider financial system.”
Ulster Bank has 1.1m customers, and since July 2010, has been required to comply with the CJA 2010.
However, the Central Bank’s investigation identified eight breaches, including “two significant failings”: that it failed to put an outsourcing policy in place from July 15, 2010, for 11 months, and that it failed to put a service level agreement in place for 19 of the 25 outsourced activities when the outsourcing commenced.
The Central Bank also said Ulster Bank failed to conduct an assessment of the ML/TF risks of its business for a period of over two years and that until April 2014, its risk assessment was inadequate as it failed to provide “any quantitative and/or qualitative evaluation of its exposure to the identified risk factors”.
The probe also found that the bank provided new products to 64,900 customers without completing customer due diligence in circumstances where a relevant section of the CJA applied.
There was also inadequate training for non-executive directors on CJA 2010 until 2013.
This is the Central Bank’s seventh settlement in 2016 and brings the total amount of fines imposed this year to just over €7,45m.
It is the 104th enforcement case concluded by the Central Bank, with the amount of fines imposed to date totalling over €49.72m.
© Irish Examiner Ltd. All rights reserved