On September 4, the Netherlands Openbaar Ministerie (Public Prosecution Service) (NPPS) announced, in English and Dutch, that ING Bank N.V. (ING), a global financial institution headquartered in Amsterdam, had accepted and paid a settlement of €775,000,000 (equivalent to US$900 million) to resolve an investigation focused on violation of the Dutch Wet ter voorkoming van witwassen en financieren van terrorisme (Anti-Money Laundering and Counter Terrorism Financing Act) (Wwft) by ING’s business unit ING Bank Netherlands (ING NL). The NPPS specified that ING NL’s Wwft violation had occurred “for many years and on a structural basis”, and took note of ING NL’s culpable money laundering involving its failure “to prevent bank accounts held by ING clients in the Netherlands between 2010 and 2016 from being used to launder hundreds of millions of euros.” The settlement consisted of a fine of €675,000,000, disgorgement of €100,000,000, and compliance and remediation measures.
Because of the size of the criminal resolution and the NPPS’s inclusion of both a detailed summary of the case and a detailed statement of facts, in the manner of the U.S. Department of Justice and the UK Serious Fraud Office, the NPPS announcement warrants a detailed review. According to the NPPS summary (ING NL) ”did not properly fulfil its role as gatekeeper of [the Dutch] financial system, as outlined in the [Wwft], which requires financial gatekeepers to conduct client due diligence and report unusual transactions to the Dutch Financial Intelligence Unit (FIU). The NPPS found ING to be “seriously deficient in this respect,” allowing ING NL clients to use accounts held with ING NL for criminal activities for many years, “virtually undisturbed.” The NPPS also criticized ING NL for having wrongly taken insufficient action, as “ING NL should have seen that certain cash flows through bank accounts held by ING NL clients were possibly the result of crime.”
The investigation by the Dutch Fiscale inlichtingen- en opsporingsdienst (Fiscal Information and Investigation Service (FIOD), which began in early 2016, focused on suspicions “that ING NL was not sufficiently investigating clients, was insufficiently monitoring bank accounts and did not report unusual transactions, or reported them too late.” The FIOD became concerned that ING NL had structural shortcomings that included (1) the absence of or insufficient conduct of client due diligence, (2) misclassification of clients that could lead to high-risk clients being subject to less stringent anti-money laundering measures, (3) insufficient monitoring of client relationships and bank accounts (and, when necessary, failure to terminate such relationships and accounts in a timely manner, (4) understaffing and inadequate training of the compliance department, (5) establishment of a transaction-monitoring system that generated only a limited number of money laundering signals, and (6) irregular or late reporting of unusual transactions to the FIU.
The summary also cited four specific cases it examined in detail as illustrative examples of actual misuse of bank accounts by ING NL clients. One was an “international telecom provider” – unnamed in the summary, but named as Vimpelcom (now VEON) in the statement of facts — that transferred bribes worth tens of millions of dollars via its ING NL accounts to a company owned by Gulnara Karimova, the daughter of the then-president of Uzbekistan. Another was an unnamed
The NPPS further noted that De Nederlandsche Bank N.V. (the Dutch Central Bank) (DNB) had warned ING NL on multiple occasions and taken unspecified “formal measures,” and was consulted by the NPPS when the NPPS decided to approach ING NL’s conduct as criminal activity. According to a Reuters article, Dutch prosecutors said that the DNB “had warned ING as early as 2008 that its procedures were insufficient, but lead prosecutor Margreet Frohberg told Reuters that it had failed to act in earnest until 2016.”
Ultimately, the NPPS decided to attribute the offenses in question to the organization as a whole, and not to pursue individuals for criminal prosecution for two reasons. The first was the fractured structure of ING NL’s compliance risk management. As the NPPS explained, “The responsibility for compliance with the AML/CTF Act rests with three different divisions of the bank. None of these divisions oversaw the whole picture. This in part explains why senior management was not fully aware of the seriousness of the shortcomings, and their persistence.” The second was the standard of proof that Dutch courts require for prosecutions of individuals in such a setting:
Many individual persons are responsible for part of the culpable behaviour. The offences are therefore not individually attributable to specific persons, not even the management at ING NL. The Supreme Court (Hoge Raad) sets a high bar for prosecuting individuals for directing criminal offences. In this case, not only must awareness be proven, but also that those persons consciously instigated criminal offences or deliberately failed to stop them. The ING NL investigation did not demonstrate that this was the case.
In its statement of facts, the NPPS identified five factors that led to its decision to offer a resolution to ING:
- “ING NL publicly acknowledges and regrets the mistakes made;”
- “ING NL cooperated in the criminal investigation and investigated the matter internally and the outcomes have been reported to the NPPS;”
- “ING NL will continue to actively allow the NPPS to investigate possible criminal offenses arising from shortcomings in the FEC [Customer Due Diligence] policy to which the settlement relates;”
- “ING NL, under the supervision of DNB, has developed and implemented a remediation plan. ING NL also provided the NPPS with insight into the progress of this remediation plan throughout the criminal investigation;”
- “As part of this settlement, ING NL is taking responsibility for criminal offenses committed over a period of several years.”
On the same day, ING issued a press release regarding the settlement. The release, which it also submitted to the U.S. Securities and Exchange Commission (SEC) via a Form 6-K, stated that ING “has fully cooperated” with the NPPS investigation, but added that that investigation and its own internal investigation “established serious shortcomings in the execution of policies to prevent financial economic crime (FEC) at ING Netherlands in the period investigated (2010-2016),” with specific reference to the six NPPS-identified defects listed above. It also said that ING “sincerely regrets that as a result of the above shortcomings ING Netherlands did not adequately fulfil its role as gatekeeper to the financial system, helping fight financial crime.”
As part of its remediation response, ING noted that it has initiated measures – including “holdbacks of variable remuneration and suspension of duties” – “against a number of (former) employees in senior management positions who had a broader responsibility for the safeguarding and execution of FEC CDD policies and procedures in the Netherlands. In addition, the members of the Executive Board of ING Group, in consultation with the Supervisory Board, agreed “to forego their variable remuneration over 2018.”
Moreover, ING listed various initiatives it was taking at ING NL to strengthen compliance risk management: (1) an enhancement program to ensure compliance with “know your customer” (KYC) and “client activity monitoring” requirements; (2) centralization and simplification of operational KYC activities into a single “KYC Centre” across divisions; (3) establishment of Client Risk Committees across business units, to decide “on client on-boarding and exit escalations to ensure KYC risk mitigation”; (4) an engagement program “to strengthen the internal compliance culture and awareness by better enabling employees to act in both the letter and the spirit of the law”; and (4) active involvement in and contribution to the Financieel Expertise Centrum (FEC)-raad (Council) taskforce, in which “Dutch authorities that have supervisory, control, prosecution or investigation tasks cooperate with financial sector actors to strengthen the integrity of the sector.”
Finally, ING expressed its hope that based on the settlement agreement with the NPPS, the U.S. Securities and Exchange Commission, with whose information request ING had been cooperating, would take no further action and not require “further payment or the imposition of further conditions.”
Postscript: In a September 5 release, ING stated that it “has received a formal notification from the SEC that it has concluded its investigation. In the letter the Division of Enforcement states that, based on information as of this date, it does not intend to recommend an SEC enforcement action against ING.”