As we wrote in Part 1, stability is a critical factor for every financial market participant, and the Bank of Lithuania plays a key role in ensuring the credibility of these market participants. The role of the Bank of Lithuania as a supervisor is not only to stimulate economic growth, but also to ensure that financial sector participants adhere to high standards in terms of risk management, customer protection and the legislation that governs their activities, while ensuring transparency, stability and fairness of this sector. Its powers allow to take measures, including fines and warnings, in the event of non-compliance by financial market participants with their obligations or breaches of applicable requirements.
In 2023, the Bank of Lithuania imposed impact measures on 32 financial market participants. The largest number of sanctions was imposed on electronic money institutions, with 28 of them being sanctioned. But who and why were penalized with the harshest sanctions?
The most stringent impact measures
In 2023, two payment institutions and two electronic money institutions had their licenses revoked. This is the most severe sanction available, so let's take a brief look at which infringements have been assessed as the most serious.
The payment institution UAB SHIFT Financial Services LT has seriously and systematically violated the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing: the institution's internal control measures related to the identification of the customer, the implementation of international financial sanctions and restrictive measures were insufficient and did not comply with the requirements. In addition, serious deficiencies were found in the transaction monitoring system of UAB SHIFT Financial Services LT: the measures in place did not allow for timely and effective detection and investigation of suspicious transactions. In practice, the institution did not ensure adequate monitoring of remittances, did not analyze unusual customer remittances, did not take appropriate measures to determine the origin of the funds of such remittances, did not carry out internal investigations of suspicious customer activity or remittances and did not report such cases to the Financial Crimes Investigation Service. The firm did not designate a board member responsible for the implementation of measures to prevent money laundering and terrorist financing and did not ensure compliance with internal control procedures in this area.
Another payment institution - UAB Lock Trust - did not approve the set of annual financial statements within the deadlines set by the legislation, and was more than a year late in submitting the annual financial statements to the Bank of Lithuania. The institution has already been fined for failure to submit financial statements, banned from concluding contracts with clients and providing them with payment services, and the previous CEO of the company has been suspended from her duties. The institution did not elect a new manager complying with the requirements of the legislation within the deadlines set by the Bank of Lithuania and did not fully remedy the violations of the legislation previously identified. The institution did not provide financial services and did not hold client funds.
The electronic money institution UAB PAYRNET lost its license for serious, systemic and multiple violations of legal acts: the Bank of Lithuania found that the institution had violated the Law on Electronic Money and Electronic Money Institutions, the Law on Prevention of Money Laundering and Terrorist Financing and the Law on Payments. The business model of PAYRNET UAB was exclusively focused on activities through intermediaries. During the period under review, the institution provided financial services through 90 intermediaries, distributors or other legal entities distributing the institution's financial services. In most cases, the institution entered into business relationships with these intermediaries without due diligence, or without assessing their suitability, reputation and risk, or inadequately. The institution did not monitor how and to whom the intermediaries provided the institution's services, how they carried out the AML/CFT functions delegated to them, and did not comply with the requirement to periodically train, audit or otherwise assess intermediaries. PAYRNET UAB has been sanctioned by having its license revoked, which means that it cannot provide any financial services and must repay its clients within a set time limit. It is also important to stress that the Bank of Lithuania will apply to the court for opening bankruptcy proceedings against this financial market participant and also intends to apply to law enforcement authorities.
Another e-money institution, Rebellion Fintech Services UAB, did not start operations for well over a year after receiving its license. In addition, irregularities were found which confirm that the institution was not adequately prepared to provide financial services. Rebellion Fintech Services had not adopted a detailed organizational structure, descriptions of the responsibilities and accountabilities of its staff, its risk management strategy was not prepared in accordance with the legal requirements, and it had incorrectly calculated its own funds requirement for two reporting periods (third and fourth quarters of 2022). There were also irregularities in the area of prevention of money laundering and terrorist financing (AML/CFT): Rebellion Fintech Services UAB did not ensure adequate internal control procedures for the assessment of the institution's overall AML/CFT risk, the identification of customers, the monitoring of business relationships and transactions, and did not designate persons responsible for AML/CFT. As a result, the institution was fined EUR 10 000 and had its electronic money institution license revoked.
The largest fine in 2023 was imposed on the electronic money institution TransferGo Lithuania UAB, which had deficiencies in its procedures for assessing and managing the risk of money laundering and terrorist financing of its customers by failing to adequately identify and assess risk factors for its products, services and transactions. The institution was given a warning and fined as much as EUR 310 000. The Bank of Lithuania obliged the institution to remedy all the identified breaches and deficiencies no later than 1 December 2023. TransferGo Lithuania has already submitted a remediation plan to the Bank of Lithuania and indicated that some of the identified deficiencies have already been addressed.
What lies ahead for financial sector players in 2024?
The Bank of Lithuania has announced this year's financial market participant examination plan. It includes 34 financial institutions. The focus will be on the prevention of money laundering and terrorist financing and on the management of information technology and cyber security risks.
According to the plan, this year the Bank of Lithuania specialists plan to examine the following financial market participants: 17 electronic money and payment institutions, 5 insurance companies, 4 banks, 3 independent real estate credit intermediaries, 2 issuers, 1 credit union, a brokerage and a management company. They have been selected on the basis of the principles of risk-based supervision and expert judgment. The screening plan is available to financial market participants here: 2024_finansu_markt_dalyviu_patikrinimu_planas.pdf (lb.lt)
A detailed review of the Bank of Lithuania's fines imposed on financial institutions in 2023 shows that the regulator is actively moving forward to ensure transparency, accountability and stability in the financial sector. The different types of fines (ranging from warnings and requests to remedy deficiencies, to monetary sanctions, to licence revocation) show that the Bank of Lithuania is using a variety of tools to encourage financial institutions to comply with high regulatory standards.
The examination of specific breaches and their consequences makes one thing clear: financial sector players are forced to monitor their activities more closely and to strengthen their internal controls, to adhere to high standards and to co-operate with the regulator, which is an integral part of the security and stability of the financial sector.