Koos Timmermans is to step down from his position as chief financial officer and executive board member at ING Group and will leave the company, having presided over bad know-your-customer controls at ING Netherlands. The compliance department, it has emerged, was understaffed and badly trained under his command.

The bank has stated that his resignation "follows the announcement on 4 September 2018 of the settlement regarding shortcomings in the execution of customer due diligence policies to prevent financial economic crime." During the investigated period (2010-2016) he was a member of the "management board banking" and was responsible for ING Netherlands for several years.

Hans Wijers, the chairman of the supervisory board of ING, told reporters something that the Dutch regulators - who are extremely keen on senior management responsibility - might have thought slightly listless and lacking in commitment to that principle: "Given the seriousness of the matter and the many reactions among stakeholders since the announcement and in the interest of the bank, we came to the conclusion it is appropriate that responsibility is taken at executive board level."

On 4th September ING Bank NV in Amsterdam accepted and paid a settlement of €775 million (£590 million) offered by the Dutch Public Prosecution Service (the Openbaar Ministerie or NPPS). The NPPS accused the Dutch arm of ING of having broken the Anti-Money Laundering and Counter Terrorism Financing Act or Wet ter voorkoming van witwassen en financieren van terrorisme for many years and "on a structural basis." This took place in such a way that the bank was also accused of 'culpable' money laundering: the bank failed to prevent bank accounts held by ING clients from being used to launder hundreds of millions of euros. The true figure will never be known. In addition, ING had to 'disgorge' €100 million (£89.16 million). This is the amount that ING NL saved by not employing enough people to implement its compliance policy.

ING is an internationally active bank. According to the NPPS, ING NL did not properly fulfil its role as a 'gatekeeper' of the Dutch financial system, as outlined in the Act, which requires such gatekeepers to conduct 'client due diligence' (CDD/KYC) and report unusual transactions to the Financial Intelligence Unit.

The criminal investigation revealed that ING NL was seriously deficient in this respect because clients were using their accounts at the bank for criminal activities "virtually undisturbed," according to the NPPS.

A structural absence of attention

The investigation by the Dutch Fiscal Information and Investigation Service (the Fiscale inlichtingen- en opsporingsdienst or FIOD) started at the beginning of 2016 because companies and people that had come under suspicion in several criminal investigations held accounts with ING NL, which led the FIOD to suspect that ING NL was bad at investigating clients, monitoring bank accounts reporting unusual transactions, or at any rate reporting them too late.

ING NL, it transpired, accepted clients without investigating the risks associated with them properly. It also classified clients wrongly - presumably in terms of high or low risk. The bank did not monitor its relationships with them, or their accounts, well enough and did not end relationships with suspect clients in a timely manner. The compliance department was understaffed and inadequately trained. Partly because of the small headcount, the bank set up its system for monitoring transactions to generate only a limited number of money laundering signals. The NPPS's press release states that "only the proverbial tip of the iceberg was investigated."

It's not unusual...

The criminal investigation found actual money laundering in four cases. An international telecom provider transferred bribes worth tens of millions of dollars through its bank accounts with ING NL to a company that the daughter of the president of Uzbekistan owned and did little to investigate the identity of the actual owner of the company.

According to the NPPS, a women's underwear trader was also able to wash approximately €150 million (£133.7 million) through its bank accounts. It should have been clear to the bank that the monetary flows had little to do with the lingerie trade and were therefore unusual. Here, too, the bank looked the other way and classified the company in the wrong 'segment' (the NPPS's word). The monitoring system did spot unusual monetary flows, but the bank set them aside "wrongfully and almost without further investigation," claiming that they were 'not unusual'.

Another case concerns a one-man business in building materials with no address in Holland. The company had a business account at ING NL to which 15 mobile cashpoints were linked. Contrary to ING’s rules, these machines were placed and used by the one-man business in Surinam. They were allegedly to be used for purchases. Investigations have shown that the one-man business actually acted as a currency exchange office. A total amount of €9 million was transferred to the one-man business’ bank accounts with ING NL, even though no building materials were purchased for that amount.  In reality, debit cards were used in the mobile cashpoints in Surinam in exchange for cash. ING NL carried out almost no "client due diligence" (KYC) and the did not monitor the company's transactions properly.

In another case, more than €500,000 was deposited in cash into the ING bank accounts of two connected companies, which were apparently involved in the import of (and trade in) fruit and vegetables from South America. This was probably a front for money laundering, according to the prosecutors. The bank only thought that one of the cash deposits was suspect but sent off its 'unusual transaction' report to the FIU far too late.

According to the NPPS, ING NL should and could have realised that the funds that its customers held in these cases probably originated from crime. It failed to do so and then failed to respond adequately even when it realised the fact. Other criminal investigations might have played their part.