Know Your Customer and Anti Money Laundering measures at ING

... min read Listen

ING announced on 4 September 2018 that it had reached a settlement agreement with the Dutch Public Prosecutor related to an investigation that found serious shortcomings in the execution of customer due diligence and transaction monitoring requirements related to fighting financial economic crime. The up-to-date information collected on this page will help you understand the steps that ING has been taking and continues to take, to improve and enhance its compliance risk management.

The September 2018 settlement

As announced in March 2017, ING Bank has been the subject of criminal investigations by Dutch authorities regarding various requirements related to client on-boarding, money laundering and corrupt practices. We fully cooperated with the investigations and requests, and also conducted our own investigation.

The investigations found serious shortcomings in the execution of policies to prevent financial economic crime (FEC) at ING in the Netherlands in the period investigated (2010-2016). These shortcomings include: customer due diligence (CDD) files missing or being incomplete, assignment of incorrect risk classifications, the failure to have the (periodic) CDD review process in order, failure to exit business relationships in a timely manner, insufficient functioning of the post-transaction monitoring system, classifying clients in the wrong segments and insufficient availability of qualitative and quantitative personnel.

We deeply regret that our business in the Netherlands did not adequately fulfil its role as gatekeeper to the financial system helping fight financial crime. Not meeting the required standards is unacceptable and ING takes full responsibility. Even though our policies and procedures in the Netherlands resulted in us terminating the relationships with thousands of clients, it was not enough.

On 4 September 2018 we announced that ING reached a settlement agreement with the Dutch Public Prosecution Service (DPPS). Under the terms of the settlement, ING paid a fine of €675 million, with an additional amount of €100 million for ‘disgorgement’. In determining the amount of the fine, the DPPS has taken ING’s financial strength (‘ability to pay’) into account, as well as the seriousness, extent and duration of the identified shortcomings. The ‘disgorgement’ amount represents the underspend by ING in the Netherlands on staffing for the implementation and execution of financial economic crime CDD policies and procedures over the period in scope (2010-2016).

ING has regular scheduled on-site visits and inspections by regulators across our franchises and we have a pro-active dialogue with them on many topics including KYC/AML.

As previously disclosed, after our settlement with Dutch authorities, and in the context of significantly increased attention on the prevention of financial economic crime, ING has experienced heightened scrutiny by authorities in various countries. The interactions with such regulatory and judicial authorities have included, and can be expected to continue to include, onsite visits, information requests, investigations and other enquiries. Such interactions, as well as ING’s internal assessments in connection with its global enhancement programme, have in some cases resulted in satisfactory outcomes, and also have resulted in, and may continue to result in, findings, or other conclusions which may require appropriate remedial actions by ING, or may have other consequences. We intend to continue to work in close cooperation with authorities as we seek to improve our management of non-financial risks in terms of policies, tooling, monitoring, governance, knowledge and behaviour.

Also as previously disclosed in March 2019, ING was informed by the Banca d’Italia of their report containing their conclusions regarding shortcomings in AML processes at ING’s Italian branch, which was prepared based on an inspection conducted from October 2018 until January 2019. ING is also in discussion with Italian judicial authorities concerning these conclusions and related investigation. In line with the enhancement programme announced in 2018, ING is taking steps intended to improve processes and management of compliance risks as required by the Banca d’Italia. In consultation and in agreement with the Banca d’Italia, ING Italy has agreed that it will refrain from taking on new customers during further discussions on the enhancement plans with the Banca d’Italia. ING will continue to fully serve existing clients in Italy and is working hard to address the shortcomings and resolve the issues identified.

Ralph Hamers, CEO of ING

Statement Ralph Hamers, CEO of ING

As a bank we have the obligation to ensure that our operations meet the highest standards, especially where it comes to preventing criminals from misusing the financial system. Not meeting those standards is unacceptable and ING takes full responsibility.

How ING is improving its compliance and customer due diligence

ING is committed to operating in compliance with applicable laws, rules and standards and is permanently working to meet these standards. As we mention in our 2018 Annual Report and as presented on the ING Investor Day 2019, ING continues to work on the global know your customer (KYC) Enhancement Programme, which emphasises regulatory compliance as the key priority. This is a sizeable operation as we have activities in over 40 countries and have more than 38 million customers. The global KYC Enhancement Programme encompasses all client segments in all ING business units, leveraging on experiences from the enhancement programme already started in the Netherlands. The number of FTEs working in KYC-related activities, including our global know your customer (KYC) enhancement programme has increased to over 3,500.

Knowing our customers

Find out more about the global Know Your Customer (KYC) Enhancement Programme

ING announced steps in September 2018 to enhance its management of compliance risks and embed stronger awareness across the whole organisation. This programme started in 2017 and includes enhancing KYC files and working on various structural improvements in compliance policies, tooling, monitoring, governance, knowledge and behaviour.

The programme consists of three large parts:

  • Screening of transactions executed in the past. In case unusual transactions are identified, ING is committed to following the applicable reporting process.
  • A client due diligence (CDD) file enhancement part, where we improve the client documentation, client data & identity verification.
  • A structural solutions part, so we become sustainably better in the execution of our KYC policies.

The structural solutions consist of five pillars:

  • Policies & Risks
    Key elements for this pillar are: development and global roll-out of KYC risk appetite statements, KYC risk assessments on clients, capability structure and maturity assessments.

    • ING has rolled out a global KYC policy and risk-appetite statements across all locations.

    • ING has implemented a Systematic Integrated Risk Approach (‘SIRA’) globally, which takes various elements into account, such as location of the client, type of product and sector to determine client acceptance and type and frequency of monitoring.

  • Development and global roll-out of a bank-wide KYC digital service, including processes and tooling around CDD, screening and workflow management. This includes the fulfilment of the client maintenance life cycle within one global digital platform.

    All required screening components (name screening, pre-transaction screening, adverse media screening) will be incorporated into the client due diligence process. Once a customer is on-boarded, ongoing screening and monitoring of transactions can then be activated.

    • ING is rolling out a global case management system, with feeds from a.o. name & adverse media screening and client activity monitoring. The adverse media screening tool has been rolled out in most locations.

  • Monitoring and screening
    Translation of risk assessment outcomes into scenarios and alert definitions that can be applied in transaction monitoring. This includes the design and definitions of the applicable financial economic crime (FEC) and client activity monitoring (CAM) scenarios per entity, the building of the alert definitions (including data feeds) and, validating and testing the approach from risks to alerts.

    • ING is rolling out the same transaction monitoring tooling globally, supported by risk-based scenarios, with follow-up in terms of alert handling and suspicious activity reporting (SAR).

    • ING works actively together in partnerships with public authorities and other banks on a.o. collective transaction monitoring, as we believe anti-money laundering can be countered more effectively by sharing information. We duly take into account privacy and other legislation.

    • File enhancement and transaction look-back operations are resulting in improved reporting of suspicious or unusual activity to authorities in various countries. Our increased focus on KYC and our efforts to streamline our operations are leading to an increased number of accounts that are being closed, including inactive accounts or accounts of which the customers were insufficiently responsive to information requests. And we have started a re-evaluation of certain client and business relationships.

  • Governance
    • ING set up a central KYC organisation to develop consistent processes, work instructions and roles and responsibilities across the globe.

    • Two core committees have been introduced:
      • KYC Committees in the countries and Wholesale Banking are in place, headed by the local COO and CEO to track and trace progress of the KYC Enhancement Programme, overseen by the Global KYC Committee.
      • Client Integrity Risk Committees in the countries and Wholesale Banking are in place, chaired by the Risk function to decide on client acceptance and exits in case of dilemmas, based on compliance criteria.

  • Development and rollout of KYC communication and awareness initiatives and set up of a behavioural risk department that performs risk assessments.
    • In its internal communications, ING has made it clear that non-financial risk and compliance are just as important as financial risk.

    • Continuous communication, training including the set up of a global KYC academy.

    • MBB members spent a considerable amount of time engaging with staff to explain and discuss our responsibility as gatekeepers of the financial system. In these meetings, the impact of the settlement, the root causes, the shortcomings and our commitment and efforts to enhance were discussed.

    • In addition, ING started behavioural risk assessments supported by a team with psychological training to detect high risk behaviours and intervene where needed.

Innovation

We’re also working on promising tools that use machine learning and artificial intelligence to increase the effectiveness of our KYC operations. These include a virtual alert handler in the Netherlands that reduces false positives by more than half, a tool (developed by ING in Turkey) that detects instances of fraudulent transactions being broken up into smaller amounts ('smurfing') in order to evade conventional rules- based monitoring systems, and an anomaly-detection model (developed by ING in Belgium) to detect suspicious transactions when we do currency clearing and settlement on behalf of other banks.

We have also made progress in rolling out global KYC solutions that all countries can connect to. In Poland, our MidCorp customers are now connected to our global solution for customer onboarding and review. We’re using our innovation skills and technology to help strengthen our management of non-financial risks. In the Netherlands, a tool was created to improve the fi le enhancement process for SME customers, supporting our KYC centres. It’s called TAPT (transaction analysis pre-processing tool), and it digitalises the data needed for transaction analysis. This changes a cumbersome manual process to an automated one, saving time and reducing the risk of error.

We also created SparQ, a global platform that uses AI to automate the process of turning regulation into policy. It gives insight into applicable regulations, identifies changes, helps analyse documents and can link regulation directly to our policies while documenting all steps taken.

All departments with responsibility for KYC in business, compliance and audit are fully involved. The recruitment policy and the training curriculum have been amended to meet current requirements.

The global KYC Enhancement Programme is expected to run until end-2020 and is carried out under the supervision of the DNB.

Culture-driven change

We’re not only improving processes and procedures, but building the right compliance culture. That starts with ING’s senior leaders

  • To further highlight the importance of KYC/AML in the organisation and to tighten the culture of the organisation in this area, to achieve continuous compliance: a KYC/AML leadership day was held at the beginning of 2018 for senior management, led by the COO and the CRO of ING.
  • In March 2018, the ‘i for integrity’ programme was rolled out at ING in the Netherlands to have an impact not only on the minds, but also the hearts of the ING employees. This programme, aims at strengthening the internal compliance culture.
  • A team with psychological training has been appointed and started the roll out of behaviour risk assessments to detect high risk behaviours and intervene where needed. The head of this team reports to ING’s CRO.
  • In March 2019 KYC/AML enhancement was extensively addressed during the ING leadership days, led by the Management Board Banking.

ING contributes knowledge and capacity to various public-private partnership projects that combat money laundering in the Netherlands

ING welcomes steps by the Dutch and other authorities to achieve wider cooperation between banks, law enforcement and regulators on both a national and European level to strengthen the financial system’s resilience in the fight against financial economic crime. ING is therefore working with the Dutch Banking Association (NVB) and the Dutch central bank (DNB) on harmonising efforts in the fight against FEC and participates actively in various working groups and project teams in this area. As such, ING actively participates in public-private partnerships to combat FEC, such as participating in the FEC Council PPS (‘FEC-RAAD Public Private Cooperation’) in which Dutch authorities and financial institutions cooperate on supervision, control, prosecution or investigation with financial sector parties to strengthen the integrity of the sector. This is done by means of preventative action to identify and combat threats to integrity. ING believes that introducing clear accountabilities and standard processes across the financial industry will allow ING to manage and control KYC activities and integrity risks more effectively. In September, ING and four other Dutch banks took an important step by announcing the ambition to set up an organisation to monitor payment transactions.

Related news


More questions?

Raymond Vermeulen

Head of Media Relations
raymond.vermeulen@ing.com
Tel: +31 20 576 63 69

Back to top