From January 2022, the Danish Business Authority (Erhversstyrelsen) inspected 74 AML-regulated companies in Denmark to assess their compliance with the Money Laundering Act (hvidvaskloven).
Almost half of the organizations inspected were approved auditors and auditing companies (35). The second largest portion (20) included tax advisors and external accountants. Finally, the Danish Business Authority audited real estate agencies (11) and providers of c/o addresses and virtual office hotels (8).
We analyzed all of the Danish Business Authority’s reports to understand the requirements that Danish companies struggle with the most, particularly considering the industry they operate in.
Check out our findings below!
How are Danish companies doing when it comes to AML compliance?
Together, the 74 companies audited by the Danish Business Authority totaled 417 violations of the AML Act in only 9 months.
The biggest number of infractions occurred in the audit sector (188) – however, this may also be due to the fact that the sector represented the majority (47%) of companies inspected. Tax advisors and accountants accounted for one-fourth of the total violations, followed by providers of c/o addresses (16%) and real estate agencies (14%).
Which AML violations were the most frequent?
The vast majority of the violations were related to the insufficiency of the companies’ AML policies, procedures, and controls (83,8%). In particular, the inspected firms had failed to prepare an adequate internal risk assessment (85,1%).
According to the Money Laundering Act, obliged entities must periodically assess the risk their own business is subject to in terms of chances of being exploited for money laundering or terrorist financing. This internal risk assessment is the essential basis for all other measures implemented to meet AML requirements and, therefore, the foundation of the internal policies, procedures, and controls.
The Danish Business Authority also found a big number of infractions in the identification of customers through identity checks (44,6%) and in the verification of whether customers were Politically Exposed Persons, PEP (45,9%). In those cases, the customers’ identity had not been checked based on official identifying documents or information obtained from a reliable and independent source. Similarly frequent were the violations related to not having fulfilled AML requirements in a timely manner as prescribed by the law (40,5%).
Let’s have a closer look at the AML violations per industry:
The Danish Business Authority inspected 35 approved auditors and auditing companies, which together accounted for 188 violations of the Money Laundering Act — almost half of the total infringements.
80% of the companies inspected had inadequate internal risk assessments. This failure resulted in the insufficiency of the companies’ AML policies, procedures, and controls, which was found in 3 out of 4 companies.
Half of the audit firms inspected were found in violation of the requirements set for customer identification (51%), the verification of their status as PEP (45%), and the timely performance of AML duties (43%).
28% of audit firms failed to carry out and document risk assessments of individual customer relationships. Moreover, 1 in 4 of the audit firms inspected had failed to assess the ownership structure of their customers and ascertain the identity of their beneficial owners.
In a few cases, companies violated their requirement to collect information on the nature and purpose of the business relationships (14,3%) and monitor the clients’ risk profiles.
The lowest number of infringements related to the obligation to continuously monitor the clients’ risk level and transactions (8,6%), as well as to notify Hvidvasksekretariatet in case of suspicions that customers might be involved in money laundering or terrorism financing (5,7%).
• Real estate agencies
11 real estate agencies were inspected by the Danish Business Authority, which found 60 infringements of the Money Laundering Act.
The highest number of violations (82%) were related to the timeliness of the performance of AML duties. The law clearly defines when companies are required to apply customer due diligence measures, update the risk assessment on clients, notify the authorities of suspicious activities, and so on. These rules, and the general requirement to promptly comply with AML requirements, are mandatory – just as the procedures refer to. In other words, companies should pay attention to ensure compliance with AML requirements as much as to the timeliness of that compliance.
3 in 4 real estate agencies also failed to sufficiently document their AML policies, procedures, and controls (73%) and to base them on adequate internal risk assessment (66%).
Almost half of the organizations inspected had failed to check the customer’s identity on the basis of official identifying documents or information obtained from a reliable and independent source. Finally, 1 in 3 was found to violate the requirement to assess the ownership structure of their customers and properly determine their risk level.
• Providers of c/o addresses and virtual office hotels
A category that has seen numerous inspections during 2022 is that of providers of c/o addresses and virtual office hotels. All of the companies audited were found non-compliant with the requirements laid down for internal risk assessment, identification of the customers’ beneficial owners, and AML policies, procedures, and controls.
6 out of the 8 organizations inspected failed to comply with the requirements for identifying customers and their ownership structure, and half of them didn’t properly collect information on the nature and purpose of the business relationship.
Ongoing monitoring, proper risk assessments, and timeliness of performance of AML tasks accounted for 25% of the violations committed.
• Tax advisors and accountants
The Danish Business Authority inspected 20 tax advisors and external accountants, which together accounted for 104 violations of the Money Laundering Act — a quarter of the total infringements.
None of them had adequately performed internal risk assessments. Likewise, all of them had insufficient AML policies, procedures, and controls.
1 in 5 of the firms inspected violated the requirements set for customer identification, risk assessment, and timely performance of these duties.
In just a few cases, the committed violations were due to the companies’ failure to assess their customers’ ownership structure and ascertain their beneficial owners’ identities.
Only a couple of companies failed to collect information on the nature and purpose of the business relationships and monitor the clients’ risk profiles.
Taking stock of the situation
The number of violations found in Danish companies by the Danish Business Authority is quite alarming, to say the least.
Even more so if we consider that, after the inspections, it’s up to the Danish Business Authority to decide whether to also submit the case to the police for further investigation, which could lead to criminal prosecution and the issuance of fines. And that was the case for some of the companies audited this year.
It’s worth reminding that, in case of serious law infringements, administrative fines and up to two years of imprisonment could be imposed on the offenders. The size of the penalties is based on the individual/company’s financial situation at the time of the offense — the largest AML fine given in Denmark’s history dates back to 2017 and amounted to DKK 111 Million.
Besides, reputational risk can be just as relevant as compliance fees. After auditing a company, the Danish Business Authority publishes the related report on its website. If a case is submitted to the police for further investigation, the report is kept on the website, publicly available, for 5 years after the publication. The report details the compliance violations and includes the name of the company, which can affect its public image.
Penneo can help you ensure full AML compliance in your firm
With our KYC software, you can fulfill the Money Laundering Act’s requirements easily and digitally:
- Collect your client’s documents and personal information, including information about the nature and purpose of the business relationship
- Screen the data against the official business register to ensure you have a clear picture of the company’s ownership structure and correctly identify the beneficial owners
- Access PEP lists and sanctions lists
- Monitor any changes in your clients’ control structure and risk level and be notified if your documentation needs to be updated
- Store all KYC documentation collected and delete it automatically after 5 years from the end of the business relationship
- Report suspicions to Hvidvasksekretariatet
Moreover, the Money Laundering Act allows you to leverage electronic solutions for your AML activities. So you will just need to specify in your AML policies, procedures, and controls that you rely on Penneo for data collection, identity verification, risk assessment, retention of documents, and so on.
With a single, effective, digital solution, both you and your clients will have a smooth and convenient experience. Try Penneo KYC for free!