Luxembourg’s financial regulator has fined Rakuten Europe Bank €185,000 after an inspection revealed prolonged and unresolved weaknesses in its anti-money laundering controls, including failures in transaction monitoring, reporting and due diligence.
Luxembourg’s financial regulator has imposed a €185,000 fine on Japanese-owned Rakuten Europe Bank after identifying serious and long-standing breaches of anti-money laundering requirements. The Commission de Surveillance du Secteur Financier, known as the CSSF, said the bank had demonstrated persistent weaknesses in its control framework, prompting regulatory action.
The penalty was imposed on 19 May last year and has now been disclosed publicly, with the regulator noting that the amount represents roughly one per cent of Rakuten Europe Bank’s annual turnover at the end of 2022. The sanction followed an extensive on-site inspection focused on AML compliance, which took place between February and November 2023.
According to the CSSF, the inspection assessed remedial actions introduced after deficiencies had previously been highlighted by another European national competent authority. Despite earlier warnings, inspectors concluded that Rakuten Europe Bank had not established an effective transaction monitoring system, with monitoring scenarios found to be outdated and insufficiently comprehensive. The regulator also said the system could no longer be properly configured following the departure of key staff in IT and compliance roles, while the bank continued to rely on a version of the monitoring tool that was no longer supported by its supplier.
The CSSF noted that similar shortcomings had already been identified by another European supervisory authority in 2019 and 2020, yet corrective measures remained incomplete several years later. Delays in replacing the monitoring system were cited, alongside interim compensatory controls that the regulator deemed inadequate. The inspection further uncovered substantial backlogs in the handling of transaction alerts.
In addition, Rakuten Europe Bank was found to have submitted several suspicious activity reports to Luxembourg’s Financial Intelligence Unit weeks after the required deadlines, even where indicators of potential money laundering or terrorist financing had been identified in numerous cases. In one instance involving a customer previously subject to terrorism-related asset freezes in France, the bank failed to submit a report altogether.
The regulator also highlighted deficiencies in simplified due diligence procedures, pointing to weaknesses in customer risk assessments and failures to properly take into account the country of residence of beneficial owners. While the CSSF acknowledged that Rakuten Europe Bank had recognised the issues and submitted an action plan, it said meaningful remedial measures were only implemented during and after the inspection process.
Responding to the decision, a Rakuten spokesperson said the bank accepted the findings and the sanction, acknowledging that its compliance measures had not met regulatory standards at the time of the investigation. The spokesperson added that the bank was continuing to work diligently to implement and verify all necessary measures to achieve full compliance with legal requirements.