The Financial Services Agency (hereinafter, "FSA") issued a business improvement order as follows to AEON Bank, Ltd. (corporate number: 1010601032497; hereinafter, the "Bank"), pursuant to the provisions of Article 26 (1) of the Banking Act, today.
Note.
Ⅰ. Content of the business improvement order
- Implement the following in order to develop a sound risk control culture focusing anti-money laundering and combating financing of terrorism (hereinafter, "AML/CFT"), and build an effectively control money laundering and the financing of terrorism (ML/FT) risks, as well as ensure appropriate business operations concerning Suspicious transaction reporting (STR):
-
(1) Promptly establish a control framework for STR in a timely and appropriate manner;
-
(2) Regarding transactions that had been detected by the transaction monitoring system but were left unaddressed without making judgments as to whether they fall under suspicious transactions, make judgments concerning the necessity to submission STR and promptly make reports if judged necessary;
-
(3) Take measures as required for the matters left unaddressed, out of those for which actions are required in the Guidelines for Anti-Money Laundering and Combating the Financing of Terrorism (published by FSA in February 2018; hereinafter, the "Guidelines"); and
-
(4) Clarify where the responsibility rests based on the imposed disposition, and fundamentally strengthen governance regarding the control environment for managing ML/FT risks, in a manner where the board of directors and the management team make positive efforts to ascertain reality and play a leading role by giving necessary instructions or otherwise positively getting involved in the process, on the premise of utilizing internal audits, in order to implement the above without fail and entrench such attitude as the corporate culture.
-
- Submit a plan for improving business operations regarding 1. above by Friday, January 31, 2025,
and carry it out immediately. - Regarding the improvement plan mentioned in 2. above, make a report on the progress and the achieved improvements once every three months by the 15th of the following month (the first base date for submission shall be February 28, 2025).
Ⅱ. Reasons for the administrative action
As a result of FSA's on-site inspection and the reviews of the report which the Bank was requested to submit under the provisions of Article 24 (1) of the Banking Act, points to be improved were found regarding the Bank's inappropriate business operations and problems in its business attitude and governance regarding AML/CFT as below.
- Inappropriate business operations regarding countermeasures against ML/TF
-
(1) Inappropriate handling of STR
-
(i) Ignored transactions detected by the transaction monitoring system
From June to November 2023 and from July to September 2024, the Bank is suspected to have left at least 14,639 transactions, out of all transactions detected by the transaction monitoring system, without making judgements as to whether they fall under suspicious transactions, and have failed to make reports on transactions that should have been reported. It was found that the Bank's handling of the reporting in this manner may constitute a violation of the Act on Prevention of Transfer of Criminal Proceeds.
-
(ii) Accumulation and prolongation of STR
It was found that the Bank has continued to require a long period of time to make reports after detecting suspicious transactions since May 2023 (the average number of days was the largest, at 152 days, in February 2024).
-
-
(2) Non-completion of the Guidelines by the deadline
The Bank has failed to take measures for its systems necessary for developing the relevant control environment as requested by the Guidelines, and has not also completed the development of rules, etc.
With regard to the matters for improvements pointed out by FSA in the previous on-site inspection, the Bank made no improvements as of the time of the latest inspection despite having had sufficient time. It was found that the Bank has not taken measures for the matters for which actions are required by the Guidelines and has not completed the development of its control environment by the deadline as requested by FSA (end of March 2024).
-
- Problems in the business attitude and governance
In consideration of the increasing global request and the recent expansion of damage caused by bank transfer fraud, AML/CFT should be positioned as one of the priorities in management policies in the financial sector. FSA has also requested financial institutions to surely develop their governance for managing ML/FT risks based on the Guidelines by the deadline and has repeatedly disseminated related information.
Under such circumstances, the Bank is found to continue inappropriate business operations as mentioned in 1. above and have problems in its business attitude as described in (1) and (2) below, which are direct causes of such inappropriateness. Its board of directors and management team have had multiple opportunities for ascertaining those facts based on the situation where business operations regarding STR were delayed and prolonged, or through reports on the status of responses to the matters pointed out in the previous inspection and the points indicated in internal audits, but they have failed to exercise initiative by positively ascertaining reality or giving instructions for the development of the control environment.
Such attitude of the board of directors and the management team must have fostered the Bank's risk control culture disregarding the establishment of the control environment for managing ML/TF risks, and have hindered its autonomous improvements.-
(1) Problems in the control environment related STR
The Bank has not allocated personnel necessary for the business operations regarding the reporting of suspicious transactions, and as a result, it has left detected transactions without making judgments as to whether they fall under suspicious transactions as mentioned in 1.(1) (i) above, and has failed to ascertain such situation appropriately on a timely basis.
In addition, even after business operations regarding STR was actually delayed and prolonged, the Bank did not investigate the causes nor has it developed a control environment necessary for performing the relevant business operations appropriately on a timely basis. -
(2) Problems in the control environment wherein the Bank could not complete actions as required by the Guidelines by the deadline
With regard to improvements to the matters pointed out in the previous inspection, the Bank misconstrued that it would be all right if only the Bank makes a plan for measures for its systems necessary for developing the control environment by the deadline even though it does not actually introduce the relevant systems, and has yet to introduce them even at present without considering adverse effects that may be caused by the delay in the introduction of systems, such as increases in work load.
Furthermore, the Bank overlooked the situation where the departments in charge have failed to fulfil their function to check the progress in improvement measures and the sufficiency and validity of the details thereof, and did not make corrections to such situation. The Bank has not conducted confirmation as to the effectiveness of the measures for strengthening its control environment that it took after the previous inspection, including confirmation using external consulting companies.
The Bank left responses to the matters for improvements pointed out in internal audits completely to the departments in charge, and did not follow up on the progress by the deadline.
-
