Stop parsing PDFs. Get the API. Request Access

AI Terminal

MODULE: AI_ANALYST
Interactive Q&A, Risk Assessment, Summarization
MODULE: DATA_EXTRACT
Excel Export, XBRL Parsing, Table Digitization
MODULE: PEER_COMP
Sector Benchmarking, Sentiment Analysis
SYSTEM ACCESS LOCKED
Authenticate / Register Log In

ABN AMRO Bank N.V.

Legal Proceedings Report Apr 19, 2021

3800_iss_2021-04-19_2dc5db3c-4d7a-4976-9fbf-09b9084b0ce6.pdf

Legal Proceedings Report

Open in Viewer

Opens in native device viewer

Amsterdam, 19 April 2021

IR/Press release

ABN AMRO accepted settlement offer in the anti-money laundering investigation in the Netherlands

Today ABN AMRO Bank N.V. (ABN AMRO) announced that it has accepted a settlement offer from the Dutch Public Prosecution Service (DPPS) in connection with the previously announced investigation by the DPPS into ABN AMRO's compliance with its obligations under the Dutch Anti-Money Laundering and Counter Terrorism Financing Act (Wet ter voorkoming van witwassen en financiering van terrorisme, AML/CTF Act) between 2014 and 2020. As part of this settlement, ABN AMRO will pay EUR 480 million.

ABN AMRO fully cooperated with the DPPS throughout the investigation. Based on the investigation, the DPPS identified serious shortcomings in ABN AMRO's processes to combat money laundering in the Netherlands, such as the client acceptance, transaction monitoring and client exit processes (the so-called 'Client Life Cycle' processes) in the period between 2014 and 2020, as a result of which, in certain instances, clients were able to abuse ABN AMRO accounts.

ABN AMRO deeply regrets the situation and recognises the seriousness of the matter, and that it has fallen short in the fulfilment of its role as gatekeeper aimed at combatting money laundering. ABN AMRO will continue to make every effort to fulfil its role as gatekeeper.

ABN AMRO CEO Robert Swaak: "As a bank we do not merely have a legal, but also a moral duty to do our utmost to protect the financial system against abuse by criminals. In fulfilling this duty, we aim to make a meaningful contribution to a safer society. Regretfully, I have to acknowledge that in the past we have been insufficiently successful in properly fulfilling our important role as gatekeeper. This is unacceptable and we take full responsibility for this."

In recent years, ABN AMRO had itself already identified shortcomings in the way it implemented its 'Client Life Cycle' processes. To address these shortcomings, the bank has prioritised remediation and enhancement programmes in each of the business lines of the bank over the years, as well as bank-wide with respect to transaction monitoring. ABN AMRO has invested heavily in these remediation and enhancement programmes over several years, including investments in its systems and the growth of its staff . Unfortunately, ABN AMRO has to recognise that, despite all of its efforts and intentions, its improvement programmes have not always had the desired effect, and that several shortcomings, some of which serious, have been identified in its 'Client Life Cycle' processes.

In response to the identified shortcomings in its 'Client Life Cycle' processes and in order to address increasingly strict regulations and continuously evolving forms of financial crime, ABN AMRO decided to centralise the execution of the 'Client Life Cycle' processes in October of 2018. To this end, ABN AMRO set up the Detecting Financial Crime (DFC) programme and made substantial additional (financial) resources available for investments in staff, systems and processes. The DFC programme is progressing according to the timetable as agreed upon with DNB, and the programme is expected to be completed by the end of 2022. By the end of 2020, the total number of full-time employees involved in ABN AMRO's 'Client Life Cycle' processes had increased to 3,800 (one in five jobs at ABN AMRO). The bank is convinced that its current approach is the right way to systematically remediate shortcomings across the bank, and to embed this remediation in its day-to-day operations. Besides this, ABN AMRO is also actively involved in various public-private partnerships aimed at of contributing to safer society.

As part of the settlement announced today, ABN AMRO agrees to pay a fine of EUR 300 million and EUR 180 million as disgorgement. The amount of the fine reflects the seriousness, scope and duration of the identified shortcomings. The amount of the disgorgement reflects the amount of costs that ABN AMRO saved according to the DPPS. The total amount of EUR 480 million will impact the bank's first quarter results in 2021.

Robert Swaak: "This settlement marks the end of a painful and disappointing episode for ABN AMRO. The lessons we have learned from this experience drive us in our continued effort as gatekeepers to achieve a safer society and a financial system that meets the highest standards of integrity."

Jarco de Swart Ferdinand Vaandrager Media Relations & Public Affairs Investor Relations +31 20 6288900

ABN AMRO Press Relations ABN AMRO Investor Relations [email protected] [email protected]

This press release was published by ABN AMRO Bank N.V. and contains inside information within the meaning of Article 7(1) to (4) of the Regulation (EU) No 596/2014 (Market Abuse Regulation)

Table of contents

PART I: Statement of Facts 4
1 Introduction 4
1.1 Purpose and contents 4
1.2 Short description of ABN AMRO 4
1.3 Reasons for and course of the criminal investigation 5
2 Legal framework 6
2.1 Anti-Money Laundering and Counter Terrorism Financing Act (AML/CTF Act) 6
2.2 Objective of the AML/CTF Act: to protect the integrity of the financial system 6
2.3 Applicable obligations arising from the AML/CTF Act 7
2.3.1 Articles 3 and 8 AML/CTF Act: conducting (enhanced) client due diligence 7
2.3.2 Article 5 AML/CTF Act: entering into and compulsory termination of a business
relationship 8
2.3.3 Article 16 AML/CTF Act: reporting of unusual transactions 9
3 Investigative findings 9
3.1.1 'Client Life Cycle' processes at ABN AMRO 9
3.1.2 'Three lines of defence' model 10
3.1.3 Identified shortcomings 10
3.2 Missing or incomplete client data/files 11
3.3 Not or insufficiently carrying out (enhanced) client due diligence before
entering into a relationship 11
3.4 Shortcomings in risk assessment and risk classification 12
3.5 Role of cash use in risk assessment and risk classification 13
3.6 Insufficient execution of ongoing monitoring 14
3.6.1 Shortcomings in reassessments (review process) 14
3.6.2 Shortcoming in the transaction monitoring system 15
3.7 Not or not timely reporting unusual transactions 16
3.8 Not or not timely terminating client relationships 17
3.9 Specific examples (cases) 17

4 Remediation and enhancement programmes 20

Part II: Conclusions of the NPPS 21

5 Causes of the shortcomings in compliance with the AML/CTF Act 21
6 Seriousness of the facts 23
6.1 Systemic bank 23
6.2 Gatekeeper function 23
6.3 Insufficiently effective measures after external and internal warnings 23
6.4 Scope and consequences of non-compliance with the AML/CTF Act 24
6.5 Conclusion 25
7 Criminal allegations against ABN AMRO 26
7.1 Criminal offences 26
7.2 AML/CTF Act 26
7.3 Culpable money laundering 27
7.4 Attribution of offences to the legal entity 27
8 Decision to reach a settlement 28
8.1 Statement of reasons 28
8.2 Cooperation with the investigation 29
8.3 Acknowledgement of shortcomings 30
8.4 Detecting Financial Crime unit 30
9 Conclusion of the criminal case 30
9.1 Content of the settlement agreement 30
9.2 Fine and unlawfully obtained gains 30
9.2.1 Fine 30
9.2.2 Unlawfully obtained gains 31

PART I: Statement of Facts

1 Introduction

1.1 Purpose and contents

This statement of facts describes how and why ABN AMRO Bank N.V. (ABN AMRO) became the subject of a criminal investigation in 2019 by the Dutch Fiscal Information and Investigation Service (Fiscale inlichtingen- en opsporingsdienst, hereinafter referred to as FIOD) under the direction of the Netherlands Public Prosecution Service (hereinafter referred to as the NPPS), under the name Guardian. The investigation focused on suspected violations of the Anti-Money Laundering and Counter Terrorism Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme, hereinafter referred to as AML/CTF Act) by ABN AMRO in its activities in the Netherlands and a suspicion of culpable money laundering by ABN AMRO related to these suspected violations of the AML/CTF Act. This statement of facts sets out the facts and circumstances that emerged from this investigation.

1.2 Short description of ABN AMRO

ABN AMRO is a bank with a Dutch banking licence. ABN AMRO offers a wide range of products, including checking accounts, deposits, real estate finance, loans, mortgages, corporate finance, private banking and trade finance. ABN AMRO serves various segments, including private persons, small and medium-sized enterprises, large corporate clients and financial institutions, both national and international.

A consortium consisting of Royal Bank of Scotland, Fortis Bank Nederland N.V. and Banco Santander made a bid for the former ABN AMRO in 2007 under the joint name RFS Holdings B.V., which led to a formal acquisition by the consortium on 17 October 2007. ABN AMRO was subsequently split into three parts between the three members of the consortium. Business units of ABN AMRO were also divested in order to comply with competition law requirements.

In 2008, the international financial crisis started. Fortis, the Belgian-Dutch insurance and banking group, also encountered difficulties. Fortis was ultimately nationalised in its entirety on 3 October 2008. The Dutch government acquired the Dutch activities of Fortis Bank, the insurance branch of Fortis and Fortis's share in ABN AMRO. In 2009, a new entity (the current ABN AMRO) was established, in which the stake in ABN AMRO (formerly held by Fortis) acquired by the Dutch State in 2008 was contributed. Subsequently, on 1 July 2010, a legal merger of ABN AMRO and Fortis Bank Nederland took place.

At the time, the newly merged bank consisted of two separate banks, both still with their own processes and systems. The subsequent integration of both banks into an independently operating bank took place during the period 2010-2013.

Since 20 November 2015, ABN AMRO has been publicly listed again. ABN AMRO is still partly state-owned via the shares held by the Stichting Administratiekantoor Beheer Financiële Instellingen (NLFI).1 The remaining (depositary receipts for) shares are listed on the Amsterdam stock exchange Euronext.

ABN AMRO has over 5 million account holders in the Netherlands and processes more than a billion transactions per year.

In addition, De Nederlandsche Bank N.V. (DNB) qualifies ABN AMRO as one of the systemically important banks in the Netherlands. Systemic banks are essential to the financial system and thus to the functioning of the economy and society.

1.3 Reasons for and course of the criminal investigation

As part of its supervisory duties, DNB has over an extended period of time (in any event between 2013 and 2019) conducted a number of investigations into ABN AMRO's compliance with the AML/CTF Act and has found several violations of the AML/CTF Act. According to DNB, these violations were repeatedly found to be serious and culpable and in this respect DNB took enforcement action on several occasions. In 2018, DNB also identified shortcomings by ABN AMRO in the area of client due diligence and transaction monitoring in a thematic investigation of identifying and managing the risk related to terrorism financing. In addition, several criminal investigations by the police and the FIOD yielded indications that there may have been a violation of the AML/CTF Act by ABN AMRO.

In the Steering and Weighing Committee (Stuur- en Weegploeg) of 15 August 2019, based on the results of the most recent DNB investigation and indications from the police and the FIOD, it was decided that a criminal investigation into these facts would be conducted by the FIOD under the direction of the National Office for Serious Fraud, Environmental Crime and Asset Confiscation and the National Office of the NPPS. In the context of this investigation, a first search of ABN AMRO's premises took place on 27 September 2019. In the period that followed, several other seizures took place at ABN AMRO. In order to obtain data, several requests for information were issued to third parties and other special investigative powers were used.

From the start of the investigation in September 2019, ABN AMRO informed the NPPS that it would cooperate with the criminal investigation. The NPPS establishes that ABN AMRO indeed cooperated throughout the investigation.

1 NLFI was specifically established for the management of shares of nationalised companies in the Netherlands to avoid possible conflicting responsibilities that the Minister of Finance might face, as shareholder and supervisory authority, and to prevent unwanted political pressure from being exerted.

2 Legal framework

2.1 Anti-Money Laundering and Counter Terrorism Financing Act (AML/CTF Act)

In order to have a clear understanding of the criminal conduct that ABN AMRO is accused of, this chapter explains the background and objective as well as the obligations under the AML/CTF Act that are relevant to the criminal investigation.

2.2 Objective of the AML/CTF Act: to protect the integrity of the financial system

Partly as a result of the international efforts to combat money laundering, the AML/CTF Act was introduced in August 2008. The AML/CTF Act is a combination of the Identification in Services Act (Wet identificatie bij dienstverlening) and the Disclosure of Unusual Transactions Act (Wet melding ongebruikelijke transacties), which had been in force since February 1994. This legislation has its origins in the recommendations to combat money laundering that were made by the Financial Action Task Force on money laundering (FATF), an international partnership established by the G7 in 1989. It was considered crucial to protect channels through which the money laundering process could take place from being misused for criminal purposes. Disguising the criminal origin of the proceeds of crime enables offenders to benefit from these assets undisturbed, and this has an undermining effect on society.2

The starting point of the AML/CTF Act is described in Article 2a:

"In order to prevent money laundering and terrorism financing, an institution will conduct client due diligence and report unusual transactions that have taken place or are intended. (...) In doing so, an institution shall pay particular attention to unusual patterns of transactions and to transactions which, by their nature, present a higher risk of money laundering or terrorism financing."

The purpose of the AML/CTF Act is to combat money laundering and the financing of terrorism and the AML/CTF Act has four key obligations for the institutions that fall within the scope of this Act:

    1. carrying out thorough client due diligence based on a risk assessment;
    1. reporting unusual transactions to the Financial Intelligence Unit of the Netherlands (FIU)3;
    1. providing periodic training to employees so that they can identify unusual transactions and conduct client due diligence properly and completely;
    1. adequately recording the results of the risk assessment in order to be made available to regulators upon request.

2 See Dutch Parliamentary Papers (Kamerstukken), Lower Chamber 2007-2008, 31 238, no. 3, pg. 1 and following. 3 Organisationally, the FIU Netherlands is part of the national police force and is an independent body of the State of the Netherlands. Internationally, the FIU Netherlands is part of a global network of FIUs. The FIU analyses the unusual transactions that are reported and can make them available to various enforcement and investigation services as 'designated suspicious' (source: www.fiu-nederland.nl).

Service providers therefore have a role to play in protecting the financial system against money laundering and terrorism financing, and thereby safeguarding the integrity of the financial system. These institutions act as 'gatekeepers' protecting the integrity, stability and reputation of the financial system.

2.3 Applicable obligations arising from the AML/CTF Act

The criminal investigation focused mainly on the obligations under the AML/CTF Act to conduct (enhanced) client due diligence and to report unusual transactions to the FIU. These obligations are explained below.

2.3.1 Articles 3 and 8 AML/CTF Act: conducting (enhanced) client due diligence

Article 3(1) AML/CTF Act requires institutions to conduct client due diligence in order to prevent money laundering and the financing of terrorism. Client due diligence must be conducted both before and during the business relationship. Opening an account with a bank qualifies inter alia as a business relationship. The client due diligence to be conducted by institutions is also known as the Customer Due Diligence (CDD).

Article 3(2) AML/CTF Act describes the result of such client due diligence. The legislature has opted for a so-called 'principle-based' approach; how the client due diligence should be carried out has not been outlined in detail, only what the result of the client due diligence should be. In a number of cases, Article 8 of the AML/CTF Act also prescribes enhanced client due diligence, for example in case of a business relationship with politically exposed persons.

Client due diligence prior to entering into and during the business relationship must enable the bank to:4

  • identify the client and verify his identity;
  • identify the client's ultimate beneficial owner (UBO) and take risk-based, adequate measures to verify the identity;
  • if it is a legal entity, take risk-based and adequate measures to understand the ownership and control structure of the client;
  • determine the purpose and intended nature of the business relationship;
  • perform ongoing monitoring of the business relationship and of transactions carried out for the duration of that relationship, in order to assess the institution's knowledge of the client and its risk profile, including, where appropriate, an examination of the source of the funds being used;
  • determine whether the natural person representing the client is authorised to do so, and to identify that person and verify his identity;
  • take risk-based and adequate measures to verify whether the client is acting on its own behalf or on behalf of a third party;
  • determine whether the client is a politically exposed person (hereinafter referred to as a PEP) on the basis of risk-based procedures.5

4 See also the 'DNB Leidraad Wwft en SW, Voorkoming misbruik financiële stelsel voor witwassen en financieren van terrorisme en beheersing van integriteitsrisico's'.

5 What is to be understood by a politically exposed person is described in Article 1(1)(e) of the AML/CTF Act. As of 25 July 2018, these measures also apply to family members and close associates of PEPs.

Pursuant to Article 33 AML/CTF Act, institutions must record documents and data used for complying with the provisions of Articles 3 and 8 AML/CTF Act in a retrievable manner.

Conducting client due diligence contributes to the recognition and management of risks associated with certain clients or certain types of services. Institutions should achieve all prescribed results of client due diligence, but the intensity with and manner in which this takes place can be tailored to the risk posed by a particular type of client, relationship, product, or transaction. This is also referred to as the 'risk-based' approach; if the institution assesses the risks of money laundering or terrorism financing to be at a higher level, it must take additional measures.

Article 3(5) AML/CTF Act describes the situations in which client due diligence must be carried out after the relationship is entered into. This would be the case if, for example, there are indications of involvement in money laundering or the financing of terrorism and if the institution has doubts as to the reliability of data previously obtained. The obligation to perform 'ongoing monitoring' of the business relationship as described in Article 3(2) AML/CTF Act also entails an obligation to perform a (periodic) assessment or reassessment and to keep the available information about the client up to date. In other words: client due diligence does not end after the client has been accepted by the bank.

The determination as to whether a client is a PEP is necessary in connection with the obligation under Article 8 AML/CTF Act; enhanced client due diligence must be carried out with regard to those persons. Entering into business relationships with PEPs requires additional measures to address increased risks, as well as in the context of international anti-corruption policies.

An important measure that institutions should take in combatting money laundering or terrorism financing by clients, is monitoring client transactions in order to identify unusual transactions that, by their nature, present a higher risk of money laundering or terrorism financing. This is also known as post-event transaction monitoring; i.e. monitoring transactions that have already taken place. This is part of the obligation to conduct 'ongoing monitoring' of the client relationship and client transactions and of the general obligation of institutions that is included in Article 2a(1) AML/CTF Act. Institutions can also structure this transaction monitoring process using a riskbased approach. This means that more attention is given to transactions which, by their nature, represent a higher risk of money laundering or terrorism financing. The legislature leaves it to the institutions to design also this process themselves.

2.3.2 Article 5 AML/CTF Act: entering into and compulsory termination of a business relationship

Pursuant to Article 5 AML/CTF Act, an institution is prohibited from entering into a business relationship or executing a transaction on behalf of a client unless client due diligence as referred to in Article 3 AML/CTF Act has been carried out and this has led to the result prescribed by law. In addition, the institution must record all the identification and verification data of the client, representatives and ultimate beneficial owners.

Where an institution cannot meet the requirements regarding client due diligence in respect of an existing business relationship, it should terminate that relationship.6 This is the case, for example,

6 The obligation to terminate the business relationship was included in Article 5(2) AML/CTF Act until 25 July 2018. Since that date, the obligation is contained in Article 5(3) AML/CTF Act.

when the identity of the client is unknown. In such case, institutions may not (or may no longer) provide services to that client.7

In situations where there are significant risks, no business relationship may be entered into, the transaction may not be executed, or the existing relationship must be terminated (at the next reasonable opportunity). Significant risks exist where it is impossible for an institution to identify the client or the ultimate beneficial owner or where the client is a legal entity that is part of a structure of international companies that is difficult to understand. Failure to conduct proper client due diligence can occur both during the client acceptance phase and during the business relationship.

2.3.3 Article 16 AML/CTF Act: reporting of unusual transactions

Article 16 AML/CTF Act stipulates that institutions must immediately report any unusual transactions that have occurred or are scheduled to the FIU after the institution has become aware of the unusual nature of the transaction. This means that if there is reason to assume that a (proposed) transaction is related to money laundering or terrorism financing, an institution must report this to the FIU.

This obligation should be seen in conjunction with the obligation to conduct client due diligence. The various components of the client due diligence as set out above could, in combination but also separately, lead to unusual transactions being detected by institutions and then reported to the FIU in a timely manner. Monitoring of client transactions is an important means of identifying unusual transactions.

A transaction reported as unusual will subsequently be further investigated by the FIU. This investigation may lead to the transaction being declared suspicious and to the investigating authorities being informed. As such, reports of unusual transactions can lead to a criminal investigation into money laundering or the financing of terrorism.

3 Investigative findings

3.1.1 'Client Life Cycle' processes at ABN AMRO

The AML/CTF Act allows institutions in certain areas the discretion to achieve the required results in a risk-based manner. ABN AMRO has set out its policies and work processes in relation to compliance with and implementation of the obligations under the AML/CTF Act in various policies, including the CAAML policy (Client Acceptance & Anti Money Laundering-policy) and since 2017 in Global Standards. These policies have subsequently been implemented in Customer Due Diligence/Know Your Customer (CDD/KYC) – processes within the so-called 'Client Life Cycle'. Within ABN AMRO, the 'Client Life Cycle' is used to capture all the work processes related to the implementation of the obligations arising from the AML/CTF Act. This concerns the client acceptance process ('New Client Take On' or NCTO process), monitoring processes such as

7 See the explanatory memorandum (memorie van toelichting) to the bill combining the Dutch Identification in Services Act (Wet identificatie bij dienstverlening) and the Dutch Disclosure of Unusual Transactions Act (Wet melding ongebruikelijke transacties) (Wwft), Dutch Parliamentary Papers (Kamerstukken), 31 238, no. 3, 16 October 2007, p. 20.

reassessment of clients ('periodic review' and 'event-driven review'), 'client filtering' and transaction monitoring, as well as reporting unusual transactions and exit processes.

3.1.2 'Three lines of defence' model

Within ABN AMRO, risks are managed and controlled by the 'three lines of defence' model. The 'first line of defence' consists mainly of the Business Lines that are responsible for the risks the bank takes, such as the risk that the bank's clients use bank accounts at ABN AMRO to launder money. Since 1 January 2019, the 'Detecting Financial Crime' unit (hereinafter also referred to as the DFC unit) has been part of the 'first line of defence'. The work processes relating to the 'Client Life Cycle' are concentrated within the DFC unit. The 'second line of defence' consists mainly of the Compliance department and the 'third line of defence' is comprised by Audit.

The 'first line of defence' is responsible for the execution of the CDD/KYC processes and is responsible for the risk ('risk ownership'). As the 'second line of defence', Compliance is responsible for controlling the risk ('risk control'). The Compliance department supports, coordinates and monitors the implementation of risk management by the 'first line of defence'. It translates legislation and regulations into the bank's policy. Finally, the Compliance department monitors the implementation of this policy by the 'first line of defence'. It monitors, tests and makes recommendations for improvement.

As the 'third line of defence', Audit has the key task of providing 'risk assurance': confirming with sufficient certainty, on the basis of objective and professional analysis, that the internal policy is being complied with. Audit evaluates governance and risk management processes and their implementation by the 'first' and 'second line of defence' and makes recommendations for improvement.

The investigation showed that both Compliance and Audit conducted structural and periodic reviews of the 'Client Life Cycle' processes during the investigated period, and reported several shortcomings to the Managing Board8 and the Supervisory Board of ABN AMRO via (quarterly) reports, 'deep dive' reports and audits.

3.1.3 Identified shortcomings

The criminal investigation revealed several shortcomings in the period 2014 to 2020.

The findings concern:

  • 1) absence or incompleteness of client files/client data;
  • 2) not or insufficient conducting (enhanced) client due diligence before entering into a relationship;
  • 3) shortcomings in risk assessments and risk classifications;
  • 4) insufficient consideration of cash use in risk assessment and risk classification;
  • 5) insufficient execution of ongoing monitoring of the client relationship and transactions by:
    • a. shortcomings in the reassessments (review process);
    • b. shortcomings in the transaction monitoring system;
  • 6) not or not timely reporting unusual transactions;
  • 7) not or not timely terminating client relationships.

8 For the purpose of this document, the Managing Board means the Board of Directors (Raad van Bestuur) of ABN AMRO and as from 2017 the Executive Board and Executive Committee.

The findings in the criminal investigation concern the four Business Lines within the bank. A number of findings are elaborated on below.

3.2 Missing or incomplete client data/files

In a client file, the results of client due diligence should be recorded, such as the purpose and nature of the business relationship and the data showing the identification and verification thereof. For client files in which data is missing, it cannot be determined whether the data concerned has been requested and assessed by the bank in accordance with the AML/CTF Act. In addition, the proper and correct identification and verification of a client and the complete and correct recording of client data, such as the purpose and intended nature of the relationship, are – among other things – necessary to be able to carry out ongoing monitoring of the relationship and of transactions carried out during this relationship, on the basis of the risk classification assigned pursuant to a risk assessment.

The criminal investigation found, with regard to each of the four Business Lines, that at several moments in time client data and/or documents were missing or the source of data in client files was unclear.

For instance, in 2014 and 2015, there were Third Party Banking client files which turned out to be incomplete and the risk classification of these clients had not always correctly been recorded in ABN AMRO's systems. This could lead to, inter alia, less strict transaction monitoring of these clients than would be necessary based on the actual risk classification. In 2017, for instance, a 'deep dive' by Compliance relating to a sample of 19 files with regard to the segment commercial real estate showed that not all relevant client information had been recorded in the client files. In June 2018, it appeared that the first name of 1,000 private banking clients and 7,000 retail clients was not known to the bank. This means that adverse media screening on these clients possibly may not have yielded the envisaged result.

Finally, reports from Compliance and Audit showed that the quality and completeness of client files in 2019 was not adequate.

3.3 Not or insufficiently carrying out (enhanced) client due diligence before entering into a relationship

At ABN AMRO, client acceptance consists of the 'New Client Take On' (NCTO) process, during which client data is collected. Pursuant to the AML/CTF Act, the bank must, among other things:

  • identify the client and verify the client's identity;
  • identify the ultimate beneficial owner (UBO) of the client and, if the client is a legal entity, gain insight into the ownership and control structure;
  • establish the purpose and intended nature of the business relationship.

The legally required client information is meant to enable the bank to determine the possible risks of, for example, money laundering that the bank faces by entering into a business relationship with the client. In this context, it is for instance important that insight is obtained into the purpose and nature of the relationship with the client, the ownership and control structure, the involvement of a politically exposed person/PEP, and that a check is conducted against inter alia ABN AMRO's

internal lists. If no client due diligence has been conducted, or if client due diligence has not resulted in, for instance, the identification of the client, a bank may not enter into a business relationship with a client and may not execute any transactions.

The criminal investigation revealed that ABN AMRO at several moments in time and in several Business Lines did not properly conduct client due diligence.

For example, as a result of its Private Banking theme investigation in 2014, DNB found that client due diligence at ABN AMRO in that Business Line was carried out in an insufficiently critical manner. In addition, in several files of clients with indications of an increased money laundering risk, the identification and verification of the clients was not in order. In several of the files examined, the purpose and intended nature of the business relationship was unclear or incompletely recorded and the origin of the assets of several clients was insufficiently substantiated with objective and verifiable documentation. In a number of files, it was insufficiently assessed whether the client or the ultimate beneficial owner was a PEP, in which case an enhanced client due diligence should have been conducted. DNB concluded that ABN AMRO did not meet the statutory requirements for client due diligence and enhanced client due diligence. Consequently, in 2015, DNB imposed an order subject to a penalty instructing ABN AMRO to review all Private Banking Nederland client files, remediate files where necessary to ensure compliance with the AML/CTF Act, and ensure that its client due diligence in respect of new clients would be conducted in accordance with the requirements laid down in the AML/CTF Act.

In other Business Lines it was also found that the bank did not always meet the requirements applicable when entering into a business relationship. For example, in 2016-2017, the 14 client files investigated by DNB of correspondent banks with which a relationship had been entered into were found no to meet the client due diligence requirements in one or more areas and it was found that no enhanced client due diligence had been carried out. In the Business Line Commercial Banking, during a few months in 2017 – 2018, the NCTO process did not entirely meet the requirements.

Finally, reports from Compliance and Audit revealed that in 2019, client due diligence at the start of the business relationship was still insufficient for part of the client base.

3.4 Shortcomings in risk assessment and risk classification

An important part of client due diligence is the risk assessment and the resulting risk classification. This risk assessment and risk classification are very important throughout the entire business relationship with the client.

The risk assessment and risk classification are carried out on the basis of the client data. Based on this data, the client is given one of the following risk classifications: neutral, medium, increased risk or unacceptable risk. If an unacceptable risk is found during the client acceptance process, the client will be rejected.

The risk classification also determines the extent to which and the way in which ABN AMRO monitors its clients and their transactions. For example, a '00 neutral' or 'neutral' risk classification for certain clients meant that these were not subject to periodic reviews. These clients were only reassessed on an event-driven basis, i.e. if certain developments or events gave reason to do so.

Such events could include changes in the ownership and control structure, (adverse) media coverage or an alert from the transaction monitoring system.

ABN AMRO's transaction monitoring system uses different criteria for each Business Line and client group (and within such a group, per risk category) in order to classify a transaction as potentially unusual. Categorisation in the lowest risk category can result in ABN AMRO's transaction monitoring system to not or less readily respond to unusual transactions by the client in question.

The investigation showed that ABN AMRO assigned risk classifications to a considerable part of its clients, in particular in Mass Retail, in an incorrect manner.

DNB's 2018 thematic investigation into financing of terrorism, for example, revealed that ABN AMRO did not comply with key provisions of the AML/CTF Act in respect of around 5.5 million Mass Retail clients. The clients in the Mass Retail group were classified in the lowest risk category, i.e. '00 neutral', on the basis of an automated analysis of client data - thus without adequate risk analysis. ABN AMRO also did not inquire during client acceptance why the client opened the bank account and did not have insight into the source and amount of the client's income. DNB concluded in its investigation, inter alia, that for these clients, ABN AMRO structurally carried out client due diligence with insufficient depth. As a result, once a client had been accepted as a Mass Retail client, no periodic reviews took place, and it could possibly take a long time before possible increased integrity risks became clear. As a result of ABN AMRO's approach, the large group of Mass Retail clients presumably included several clients that did not belong there and remained under the radar for a long time. DNB's file research showed, for instance, that several Mass Retail clients (also) used their payment accounts for business purposes, ranging from trading in real estate and crypto currencies to art, jewellery and shipbuilding.

In 2014, 96% of the clients in Private Banking turned out to be classified as 'neutral risk'. DNB noted that ABN AMRO had not adequately identified the inherent integrity risks with respect to this group of clients. DNB noted that the client due diligence underlying the risk classification was conducted in an insufficiently critical manner in files that were examined.

In the commercial real estate segment, in 2017 one third of the clients were found to be registered as '00 neutral' risk. This means that no risk analysis of these clients had taken place at the time of entering into the relationship.

3.5 Role of cash use in risk assessment and risk classification

In the criminal investigation shortcomings were found in relation to how the use of cash was included as a risk indicator in client due diligence in determining the risk profile and risk classification.

It is generally known that crime involves the use of cash and that cash is used to launder criminal proceeds. The advantage of cash is that it can be spent, transferred and transported anonymously without leaving traces. Cash use therefore carries an inherently high integrity risk.

DNB's review of ABN AMRO's cash services in 2019 found that, for the majority of clients that use cash services, the bank did not sufficiently assess the purpose and nature of the client relationship, the expected transaction profile and, in particular, the role of cash use related thereto. ABN AMRO's policy did identify the use of cash as a risk indicator requiring enhanced client due

diligence, but in practice, the expected cash use was not sufficiently taken into account when determining the risk profile and risk classification of clients. For Mass Retail clients, for instance, cash indicators are not part of the automated process that determines the risk classification. This means, inter alia, that no enhanced client due diligence is carried out at the start of a client relationship in connection with cash use, and that possibly a lower risk classification may be incorrectly assigned. The consequence of a lower risk classification could be that no periodic assessment is performed and it may take some time before any possible increased integrity risks or potential unusual transactions become clear.

3.6 Insufficient execution of ongoing monitoring

The information the bank collects prior to entering into the relationship with the client about the purpose and nature of the relationship and the expected transaction profile are to enable the bank to determine the appropriate risk classification and the expected transaction profile, so that the mandatory ongoing monitoring by the bank is possible. In the context of that ongoing monitoring, a bank should assess whether the behaviour and the client's products and transactions correspond with its knowledge regarding the client. The monitoring of transactions contributes to the prevention of money laundering and terrorism financing by clients and is therefore an important element of client due diligence. If this process is carried out adequately, it contributes to, for example, the identification of unusual transactions that subsequently have to be reported to the FIU without delay.

Ongoing monitoring of the business relationship and transactions requires, in addition to an appropriate initial risk assessment and classification, periodic reassessment of that risk and classification and the expected transaction profile, as well as a well-functioning client and transaction monitoring system.

It is important that a bank periodically assesses whether the client still meets the risk profile and classification assigned at the start of rendering services. If a bank knows its clients well, this contributes to being able to identify potentially unusual transactions. Conversely, monitored transactions may reveal deviations from the assigned profile. Other information about the client may also indicate that the assigned risk profile and risk classification no longer suffice. In that case, a bank must examine the risks that this entails and, if necessary, adjust the risk classification or exit a client if the latter poses an unacceptable risk.

The criminal investigation revealed shortcomings in these processes at ABN AMRO.

3.6.1 Shortcomings in reassessments (review process)

At ABN AMRO, during the relevant period at various times, all Business Lines experienced large work stocks in the execution of periodic or event-driven reviews. At Commercial Banking, for example, delays in client reassessments occurred from October 2017 to May 2018.

In addition, for its Mass Retail and Private Banking clients with a '00 neutral' and 'neutral risk' classification, only event-driven reviews were carried out. As a result, ABN AMRO ran the risk of not detecting information that had been incorrectly submitted and/or of not timely becoming aware of changes relating to the client or its activities, which could potentially affect the client's risk assessment and risk classification.

In addition, the process of event-driven reviews did not function properly. Within Private Banking, for example, in 2014-2015 DNB found that the necessary event-driven reviews were in practice only carried out to a limited extent, which meant that there was no ongoing monitoring of the business relationship.

In addition, the criminal investigation shows that the systems and processes of ABN AMRO that were supposed to generate the information to trigger such an event-driven review did not function properly. This concerned in particular the 'Client Filtering' process and the transaction monitoring system.

First, the Client Filtering process. This process is meant to mitigate the risk of ABN AMRO serving clients and associated business contacts who attract negative media coverage. Client Filtering also plays a role in identifying politically exposed persons. A hit in the Client Filtering process can trigger an event-driven review. Until September 2018, screening for negative media coverage ('bad press' or 'adverse media') was not carried out automatically but manually in the event of, among other things, a reassessment. In addition, at a certain point in time, large work stocks occurred in processing hits as a result of this screening. In 2019, Audit found that the 'Client Filtering' process was marginally satisfactory and needed improvement.

Secondly, many signals were missed in the transaction monitoring system due to the risk classification used and the way the system was set up. For instance, ABN AMRO used different thresholds for the '00 neutral' risk classification in its transaction monitoring. Moreover, at least until 2019, there were backlogs9 in processing the alerts generated by the transaction monitoring system. This means that alerts that could give rise to an event-driven review were not available on time.

Finally, in a number of specific instances, it appeared that information available within the bank about a client was not (immediately) utilised for carrying out a reassessment, although the content of the information would give reason to do so (see below, in section 3.9).

In addition, for Mass Retail clients, the '00 neutral' classification was assigned through an automated assessment of the client, as a result of which a reassessment only took place in the event of specific developments (event-driven). However, the systems and processes that were supposed to generate information to trigger an event-driven review were not adequate, suffered delays or did not generate signals because of the risk classification used, with the result that the necessary reassessment of the client and its risks did not always take place and possibly necessary adjustments to the risk classification were not made. As a result, there was no ongoing monitoring of the business relationship regarding these clients.

3.6.2 Shortcoming in the transaction monitoring system

ABN AMRO uses an automated system to monitor the transactions of its clients. This system uses scenarios and thresholds to detect possibly deviating transaction behaviour and to generate socalled alerts. These alerts can be handled automatically or can be investigated by a staff member. This investigation can ultimately lead to the reporting of unusual transactions to the FIU, an eventdriven review and/or a decision to exit a client.

9 See also section 3.7.

In section 3.2-3.5 it is described that client due diligence, including risk assessment and risk classification, recording of client data and client due diligence, showed shortcomings in each of the Business Lines. The investigation showed for instance that ABN AMRO assigned a risk classification to a substantial part of its Mass Retail clients in an incorrect manner at the start of the business relationship.

This information about clients and the appropriate risk classification is important to adequately design the transaction monitoring process, for example by setting scenarios targeted at client groups to detect the transactions that pose the highest risks. However, the scenarios used by ABN AMRO to generate alerts were not always or not always properly deployed. Among other things, the relevant client group was not taken into account.

In addition, the methodology deployed in ABN AMRO's transaction monitoring system meant that in certain cases, remarkable cash transactions did not generate any alerts. An internal review by ABN AMRO in 2020 revealed that, among other things, the thresholds for the cash scenarios implemented in the transaction monitoring system were too high in a number of situations, so that alerts on, for instance, some large cash withdrawals were not generated.

ABN AMRO was also not fully able to monitor indirect cash deposits, for example through cash transportation companies. Such cash deposits were regarded as wire transfers and therefore not appropriately monitored.

But also when handling alerts, a (complete) client file is important in order to be able to assess transactions. Because of shortcomings in client due diligence and the expected cash use of clients, generated alerts could not always be assessed adequately. As a result, analysts may not be in a position to assess whether the transaction is appropriate for the client or whether it may concern an unusual transaction.

In 2019, Audit found that the effectiveness of the transaction monitoring process was still weak. This was partly due to the quality of the handling of alerts by staff members.

3.7 Not or not timely reporting unusual transactions

The criminal investigation revealed that ABN AMRO had large backlogs in processing the alerts generated by the transaction monitoring system. This concerns the assessment and processing of the alerts by analysts/handlers in order to determine whether it concerns an unusual transaction, and the subsequent reporting of unusual transactions to the FIU without delay.

From 2014 onwards, both Compliance and Audit internally and DNB externally pointed out backlogs in the assessment and handling of alerts generated by the transaction monitoring system to ABN AMRO. A backlog means that an alert is not timely assessed by an employee, which can result in unusual transactions not being reported to the FIU without delay. Backlogs in the handling of alerts continued to be mentioned in compliance reports from 2017 onwards and even increased in 2019.

The criminal investigation showed that the transaction monitoring system structurally generated more alerts than the available capacity of employees could handle. The periodic adjustments in thresholds and scenarios also regularly led to a higher numbers of alerts than expected. Although ABN AMRO has expanded the available capacity of employees over time, it has faced a delay in the assessment and handling of alerts for several years. Over the years, the delay in processing further increased due to various reasons, resulting in a delay in 2019 of approximately 20,600 alerts that were left open longer than the internally applied standard of 90 days. At ABN AMRO, approximately 7% of the alerts result in a report of an unusual transaction, so there could be over 1,400 unusual transactions that were not reported in time. By 2020 the delays were resolved.

3.8 Not or not timely terminating client relationships

The risk assessments in the client acceptance process and the ongoing monitoring of the client relationship can lead to the conclusion that a client poses an unacceptable risk regarding money laundering and terrorism financing. If this is the case, the potential client is rejected and, in the case of an existing client, a process is followed aimed at exiting that client ('exit process'). This process is carried out in accordance with the obligations that a bank must observe under civil law in that case (e.g., the right to be heard). An exit process may be warranted if there are indicators that a client is involved in money laundering or terrorism financing or if a client does not provide all information that is required to conduct sufficient client due diligence.

The criminal investigation showed that there were shortcomings in ABN AMRO's exit process, as a result of which it could happen that ABN AMRO did not exit or did not timely exit undesirable clients (clients with an 'unacceptable' risk classification), or that clients that were exited could become a client again. Undesirable clients in this context include clients that present a high risk of using ABN AMRO's products and services to launder money. For example, from October 2017 to May 2018, Commercial Banking had a large work stock in the execution of almost 3,000 exits of clients with an 'unacceptable' risk classification.

As part of its investigation into the cash services provided by ABN AMRO, DNB concluded that, in instances where reports of unusual transactions were made to the FIU and additional investigations were carried out, the client files investigated did not sufficiently show what process is followed with regard to the question of whether the bank should consider exiting the client. According to DNB, the selected client files did not contain sufficient records indicating whether and when a decision to exit was considered and the considerations in that respect. Particularly in client files in which several filings are made to the FIU, it should be recorded whether the risk of money laundering or terrorism financing is still manageable and therefore acceptable to ABN AMRO.

3.9 Specific examples (cases)

Before and during the criminal investigation, the FIOD received specific signals and indications regarding dozens of ABN AMRO clients that ABN AMRO had possibly fallen short in fulfilling its role as a gatekeeper with regard to these clients. A number of these signals were extensively investigated by the FIOD, revealing that various shortcomings had actually led to abuse of accounts and other services of ABN AMRO.

The cases described below demonstrate this.

  • A client with a risk classification '00 neutral' was an (indirect) shareholder and director of 97 companies. On behalf of 49 companies, this client had opened 192 ABN AMRO bank

accounts in the period 2014-2018. The accounts were mostly inactive. For many of these companies, the client submitted a total of 106 false quarterly VAT returns to the Tax Authorities. On the basis of these false returns, the client received almost €200,000 from the Tax Authorities on his business accounts. The client transferred around €120,000 to his private ABN AMRO bank accounts. Most of this money was subsequently spent by the client or withdrawn in cash. Despite a number of signals and doubts within ABN AMRO regarding this client, the risk classification of this client remained '00 neutral'. ABN AMRO did not report unusual transactions regarding this client or its companies to the FIU. After the start of the criminal investigation, ABN AMRO did report transactions. Two years after ABN AMRO established that this client had a multitude of business bank accounts at ABN AMRO, which were virtually inactive, ABN AMRO exited this client.

  • Another ABN AMRO client with a risk classification of '00 neutral' worked in the finance department of a wholesaler. The client had a gambling addiction, had debts and his account was constantly overdrawn. ABN AMRO was aware of the client's gambling addiction and his debts to third parties. To provide for his gambling addiction, the client modified the details of the funds of his employer's debtors, which resulted in these funds being transferred to his own bank account at ABN AMRO. In total, over a period of nine months, an amount of more than €4.3 million was transferred to the client's private ABN AMRO bank account. Subsequently, over €4.2 million was transferred by the client from his private ABN AMRO bank account to various online payment service providers in order to provide for his online gaming accounts and wallets. The money was then spent on gambling.

ABN AMRO hardly performed client due diligence on this client, the client file was incomplete and ABN AMRO's transaction monitoring system did not generate alerts regarding deviations from the usual transaction pattern.

  • Two Dutch companies suspected of being involved in one of the biggest international corruption cases held bank accounts at ABN AMRO. Payments worth tens of millions of euros were transferred through the accounts of these two clients between 2010 and 2017. The corruption case was widely covered in national and international media since 2015. Despite the fact that ABN AMRO could have known that business was being carried out by companies linked to the corruption case by screening adverse media and the fact that several alerts were generated by ABN AMRO's transaction monitoring system, it took ABN AMRO until March 2019 to first report an unusual transaction to the FIU. It was also found that there were shortcomings in ABN AMRO's client due diligence regarding these two companies. For instance, one of the accounts had been active for years before ABN AMRO performed client due diligence, because the company fell under the scope of a trust management company. As a result, the company was not assessed individually, but in the context of the client due diligence done on the trust management company. Several documents were missing, including the opening documents and insight into the organisational structure. The assigned risk classification was too low and did not take into account, for example, the complex international structure, and the media coverage of this corruption case was not included in the client monitoring until 2019. The accounts of both companies were eventually terminated at the request of the clients.
  • Another Dutch company was a client of ABN AMRO since April 2016, initially classified as a '00 neutral' risk. The company is suspected of being involved in international VAT carousel

fraud, and the Dutch company's bank account at ABN AMRO has been fed mainly by other international industry-related companies since 2016. ABN AMRO failed to act on a number of signals pointing to the risks of the payments. For example, in the period from September 2016 to August 2018, a total of almost €17.5 million was withdrawn from the ABN AMRO bank account using 17 bank cards that were linked to this account. In total 10 different cardholders were involved and not all identifying data of cardholders was included in the relevant individual client files. ABN AMRO first reported an unusual transaction on 2 November 2016 for transactions totalling €665,000 in the period from September 2016 - October 2016. The FIU subsequently classified these transactions as suspicious on 5 November 2016 and informed ABN AMRO accordingly. This did not prompt ABN AMRO to perform event-driven reviews and/or adjust the risk profile. In the subsequent period, ABN AMRO did not report unusual transactions without delay either. A cash withdrawal totalling €80,000 within half an hour from this client's account on 29 August 2017 using eight different bankcards linked to seven different cardholders, was ultimately reported to the FIU on 10 December 2018. This notification was presumably prompted by publicity regarding a criminal investigation into the company. This was followed by an event-driven review and the assignment of a 2A risk classification (unacceptable: no new products and transactions under this regime). Despite this, the company still retained the 'neutral' risk score it was given in 2017 by another department of ABN AMRO in 2019. Furthermore, in 2019, the risk score of natural persons connected to this company was not in all cases changed from "00 neutral" to increased risk, despite the advice of Compliance to do so.

  • From another client it emerged that since 1995, this person had been known within ABN AMRO to be involved in fraud. In 2014, the client was able to open a bank account at ABN AMRO again and was assigned the '00 neutral' risk classification. This meant that, with regard to his private account, this client was not reassessed periodically. In 2014 and 2015, the client acquired three shell companies that already held bank accounts at ABN AMRO. The client became a director and the ultimate beneficial owner of the companies and the statutory names of the various companies were altered. ABN AMRO did not carry out an event-driven review in respect of those companies and did not notice that this person had become a director and ultimate beneficial owner. In 2014-2019, a total of over €2.2 million was transferred through the bank accounts of the three companies. Large sums were transferred between the accounts and the transactions did not fit the business activities as registered with the Chamber of Commerce. ABN AMRO asked the client multiple times to provide an explanation of the transactions in his capacity as director, but he did not properly give an explanation for the transactions or produce sufficient evidence. In addition, until December 2018 cash amounts were deposited, including €500 notes. The use of €500 notes is an indication of money laundering. ABN AMRO accepted these deposits, including from a company to which ABN AMRO had communicated through letters in December 2016 and October 2017 that it would no longer accept €500 notes and cash deposits. The deposits were not reported to the FIU. Two companies were dissolved in 2017 and 2018. The bank accounts of these dissolved companies were still active in September 2019.

The client is suspected by the police and the NPPS of laundering money for criminal groups related to drug crime, using among other things the accounts of his companies at ABN AMRO.

4 Remediation and enhancement programmes

The investigation has shown that, during the period 2014 to 2020, the Compliance and Audit departments periodically reviewed the way in which ABN AMRO exercised its role as a gatekeeper and reported their findings. Compliance and Audit also performed thematic reviews or 'deep dives'. On several points relating to different aspects of the 'Client Life Cycle' and in the four Business Lines, Compliance and Audit identified shortcomings. These shortcomings were reported directly to the Managing Board and the Supervisory Board and discussed with them. In addition, DNB carried out several investigations in the same period. These investigations also revealed several shortcomings in the fulfilment of the role as gatekeeper.

ABN AMRO initiated several remediation and enhancement programmes from the end of 2014 with the aim of addressing the shortcomings that had been identified. These processes were largely initiated in response to internal reports and investigations by DNB. ABN AMRO has, for example, set up remediation programmes over several years, within, inter alia, Private Banking, a limited part of Retail Banking, Commercial Banking and Corporate & Institutional Banking and (bank-wide) with respect to transaction monitoring.

Since the remediation and enhancement programmes proved to be insufficiently effective, in October 2018 the Managing Board decided to no longer organise the work processes of the 'Client Life Cycle' per Business Line, but to combine them in a central 'Detecting Financial Crime' programme and to make additional investments in staff, systems and procedures. The Detecting Financial Crime programme was launched on 1 January 2019 and now employs around 3,000 full-time employees in this department.

Part II: Conclusions of the NPPS

5 Causes of the shortcomings in compliance with the AML/CTF Act

During the criminal investigation, amongst other things, the bank's organisation was analysed in view of the 'three lines of defence' model. It was investigated how ABN AMRO had organised its business operations with regard to managing money laundering risks and its policies and governance in this area. Within the scope of this - non-exhaustive - investigation, the causes of long-lasting violations of the law by ABN AMRO were investigated. The FIOD and NPPS have derived the following picture from this investigation.

As described in section 1.2 of the Statement of facts, the legal merger between ABN AMRO and Fortis Bank Nederland took place on 1 July 2010.

Subsequently, from August 2013 on, preparations were made within ABN AMRO for the IPO. This eventually took place on 20 November 2015. A next relevant development was a change in the Managing Board, which took place between 2016 and early 2017: six members of the Board of Directors were replaced by four new members. The way the bank was managed was also changed: the statutory Board of Directors (from then on called the Executive Board) became responsible for the day-to-day management of the bank together with a newly established Executive Committee. In addition, part of the management level below the Managing Board was revised. The impression is that, during this period, at board level the focus was more on other matters than business processes and procedures connected to, among other things, compliance with the AML/CTF Act. This despite internal and external signals that there were shortcomings in compliance.

Furthermore, the culture within ABN AMRO played a role in non-compliance with the AML/CTF Act. The criminal investigation indicates that there was a culture within the bank in which matters were sometimes presented more positively than they really were, with the underlying thought being "we will solve it as part of the Business as Usual". Although the Managing Board communicated that "money is no problem", a budget was not established. Employees therefore had to submit requests for specific budgets for investments in, among other things, AML/CTF Act-related processes.

The investigation also revealed that the bank's organisation in Business Lines contributed to the formation of silos. This organisational structure resulted in Business Lines not always communicating with each other sufficiently, which also contributed to a limited overview within the bank of issues relating to compliance with the AML/CTF Act. These issues were not addressed centrally across the bank.

It also appeared that since the merger between ABN AMRO and Fortis Bank Nederland the IT landscape was fragmented. During the merger, choices were made for ABN AMRO systems on the one hand and Fortis Bank Nederland on the other, which is partly why there was no integral CDD/KYC system within the bank. Also, certain processes within the 'Client Life Cycle' were performed manually and most processes were carried out on a decentralised basis. Investments necessary to implement an integral and centralised IT system were not made or not made timely.

The policies that ABN AMRO had created to implement its obligations under the AML/CTF Act were inadequate for a considerable period; the 'CAAML policy' was unclear, inconsistent and set out in several (underlying, implementing) documents, resulting in an impractical framework. Furthermore, unlike other Business Lines, no specific policy had been created for Retail Banking. For that Business Line the Private Banking CAAML policy was used instead. ABN AMRO has since revised its policies and adopted these in the Global Standards.

Another consequence of the inadequate policies was that (senior) management - including the Managing Board and the Supervisory Board – did not have sufficient management information. This lack of management information about the 'Client Life Cycle' was internally repeatedly reported, since at least 2015, by Compliance and Audit to the Managing Board and the Supervisory Board. The Business, i.e. those responsible for the risks ('risk owners'), were as a result insufficiently able to manage money laundering risks effectively. A lack of good management information also made it difficult for senior management to effectively manage such risks. Since 2019, management information within ABN AMRO has improved as a result of, among other things, the group-wide remediation programme 'Detecting Financial Crime' and the centralisation of the 'Client Life Cycle' processes within the DFC unit.

Finally, ABN AMRO was structurally confronted with shortages in personnel needed to perform 'Client Life Cycle' operations. Since ABN AMRO launched DFC in 2019, many employees in various positions have been hired to conduct these operations. By the end of 2020, the DFC unit consists of approximately 3,000 FTEs.

On the other hand, the investigation shows that within the 'three lines of defence' model, the departments Compliance ('second line of defence') and Audit ('third line of defence') continuously signaled issues in the Business Lines ('first line of defence') in the execution of the 'Client Life Cycle' processes through (quarterly) reports, deep dives and audits.

As from the end of 2014, several remediation programmes were initiated by ABN AMRO to address the identified shortcomings. These remediation programmes were implemented in Private Banking, a limited part of Retail Banking, Commercial Banking and Corporate & Institutional Banking. However, these remediation programmes did not have the desired (structural) result and deadlines for completion were not always met. For example, in 2018 it turned out that most of ABN AMRO's client due diligence was still not (fully) compliant and there were still (large) backlogs in assessing alerts generated by the transaction monitoring system. With the DFC programme and the establishment of the DFC unit, as of the beginning of 2019 ABN AMRO has implemented structural, organisational changes that are to lead to sustainable remediation and so to compliance with the AML/CTF Act. The DFC unit is part of the remediation programme supervised by DNB. In the opinion of the NPPS, the decision to centralise the 'Client Life Cycle' for all Business Lines and to sustainably and significantly invest in this, could and should have been made earlier.

6 Seriousness of the facts

The AML/CTF Act encompasses a set of measures to prevent abuse of the financial system for money laundering and financing of terrorism. The criminal investigation revealed that ABN AMRO fell short in implementing these measures throughout the bank as from 2014. For several reasons, the NPPS is of the opinion that this can be qualified as very serious.

6.1 Systemic bank

Firstly, as a systemic bank in the Netherlands, ABN AMRO bears a great responsibility, a responsibility that goes beyond clients or shareholders. It shares responsibility for the reliability of our financial system and can and should make an important contribution to the integrity of that system. ABN AMRO can therefore also be expected to act in a socially responsible manner and to uphold integrity.

In addition, ABN AMRO, in which the State holds the majority of shares, has a good reputation. Once a payment is processed through an ABN AMRO account, the payment is likely to be viewed as approved, and in national and international trade people generally rely on it.

6.2 Gatekeeper function

Secondly, ABN AMRO has an important gatekeeper function in combatting financial and economic crime. The legislature has explicitly assigned this task to institutions such as ABN AMRO. The explanatory memorandum (memorie van toelichting) to the AML/CTF Act is clear on this point: institutions must take reasonable measures, proportional to the nature and size of the institution, to determine and assess the risks of money laundering and the financing of terrorism. The gatekeeper function means that a bank should, where necessary, identify undesirable elements in our financial system, ward them off and counteract or report undesirable transactions. This is because banks are ideally placed to detect indications of money laundering, as they have an overview of clients' transactions. Compliance with the AML/CTF Act contributes to the prevention of abuse of the financial system, for example, for the purpose of laundering criminal money. In addition, ABN AMRO, as a mayor Dutch bank, runs a real risk of being involved in money laundering and terrorism financing because of its business profile and market share.

An institution such as ABN AMRO can and should therefore be expected to comply with its legal obligations and achieve the required result. However, ABN AMRO has seriously failed to comply with the AML/CTF Act for several years.

6.3 Insufficiently effective measures after external and internal warnings

Thirdly, the shortcomings in its compliance with the AML/CTF Act and the risks associated with these shortcomings were pointed out to ABN AMRO by DNB throughout the investigated period. In addition, Compliance and Audit and, from 2016 onwards, the Supervisory Board of ABN AMRO have also noted shortcomings in the 'Client Life Cycle' processes and the associated risks.

Since 2013, in connection with its (thematic) investigations DNB has repeatedly (formally) addressed ABN AMRO in respect of, among other things, insufficient compliance with the AML/CTF Act. In three instances these investigations in The Netherlands led to administrative action by way of a formal measure: in 2013 an administrative fine was imposed, in 2015 an order subject to a fine was imposed and in 2019 DNB gave ABN AMRO a direction following the thematic investigation into terrorism financing. DNB's findings from this thematic investigation also led to a formal conversation ('normoverdragend gesprek') in 2019, which also involved findings from previous AML/CTF Act investigations by DNB in 2016 and 2017. The results of the thematic investigation into terrorism financing, also taking into account the previous findings and measures by DNB, were in part the reason for initiating this criminal investigation.

The investigation also showed that Compliance and Audit within ABN AMRO had almost continuously identified shortcomings in the bank's 'Client Life Cycle' processes. These shortcomings had been reported for a number of years in quarterly reports, 'deep dives' and thematic audits by Compliance and Audit.

Finally, since 2016 the Supervisory Board also several times noted shortcomings in compliance with the AML/CTF Act.

Since the end of 2014, ABN AMRO has executed various remediation programmes in relation to the AML/CTF Act. The remediation programmes were initiated partly in response to findings by DNB and mostly at the explicit request of or following a formal measure by DNB, and mainly focused on putting client files in order. There was also a remediation programme aimed at improving the IT systems ABN AMRO uses to monitor and filter its clients and their transactions. However, the remediation and enhancement programmes do not alter the fact that the applicable legal requirements have to be met from the start of the client relationship. This has been pointed out to ABN AMRO by DNB on several occasions in the past.

In the opinion of the NPPS, the earlier internal remediation programmes did not lead to structural solutions to (sufficiently) comply with the obligations under the AML/CTF Act. Even after the completion of those remediation programmes, significant shortcomings in complying with the AML/CTF Act were still found. Ultimately, ABN AMRO decided in the autumn of 2018 to relocate the 'Client Life Cycle' processes from the Business Lines to a centralised new unit called 'Detecting Financial Crime'. This unit started operating in January 2019. Subsequently, in (the course of) 2019, the ongoing remediation programmes were transferred to the DFC unit. Full remediation is to be achieved by the end of 2022. DNB is strictly supervising this.

6.4 Scope and consequences of non-compliance with the AML/CTF Act

Finally, the NPPS is of the opinion that the scope and consequences of non-compliance with the AML/CTF Act in the period 2014-2020 contribute to the seriousness of the facts.

It is unknown how many clients that engage in criminal activities ABN AMRO could have identified during these years if it had fulfilled its role as a gatekeeper. It is therefore impossible to determine the amount of money that was actually laundered through ABN AMRO bank accounts over the years. Nor is it possible to provide an indication of the number of transactions that were possibly connected to other financial economic crime. However, in view of the number of ABN AMRO clients and the number of transactions carried out by its clients, it can be assumed that the number of violations of the AML/CTF Act and missed signals of money laundering and other forms of financial economic crime must have been quite substantial during the relevant period. On the basis of the investigation, it is justified to assume that there has been a large number of unusual transactions that were not (timely) identified by ABN AMRO.

Section 3.9 describes a number of specific cases in which ABN AMRO did not comply with the AML/CTF Act. In addition, the picture of the NPPS of ABN AMRO structurally falling short in fulfilling its role as gatekeeper is confirmed by several comparable signals coming from the media or criminal investigations at the disposal of the FIOD.

In the opinion of the NPPS, the examples described in section 3.9 also show that ABN AMRO actually missed signals of money laundering and other forms of financial economic crime because of non-compliance with the AML/CTF Act. In those cases, ABN AMRO repeatedly appeared to be unable to effectively combine the existing signals and to respond to them adequately and in accordance with the AML/CTF Act.

6.5 Conclusion

The objective of the AML/CTF Act is to combat money laundering and the financing of terrorism. Service providers are required to protect financial transactions against money laundering and terrorism financing, thereby safeguarding their integrity. In doing so, these institutions act as gatekeepers protecting the integrity, stability, and reputation of the financial system. This applies in particular to a systemic bank such as ABN AMRO.

The criminal investigation showed that, despite several external and internal warnings, ABN AMRO had and continued to have structural and serious shortcomings in its compliance with the AML/CTF Act. For several years, ABN AMRO fell short in its role as gatekeeper and consequently did not sufficiently enable investigative authorities to act in response to unusual transactions.

The lack of compliance with the AML/CTF Act also meant that several clients who were engaged in criminal activities were able to abuse bank accounts and services of ABN AMRO for a longer period of time. A number of examples describing the ease with which this was possible have been set out in section 3.9. The NPPS considers these examples illustrative of the way in which ABN AMRO has (not) complied with the AML/CTF Act, as well as of the way in which it has not identified a considerable number of signals of money laundering and other forms of financial economic crime in the years from 2014 to 2020.

7 Criminal allegations against ABN AMRO

7.1 Criminal offences

The criminal investigation focused on the activities of ABN AMRO in the Netherlands. In the opinion of the NPPS, the investigation shows that ABN AMRO had serious shortcomings in its compliance with the AML/CTF Act in the period from 1 January 2014 up to and including 31 December 2020.

In view of the results of the criminal investigation as described above, the NPPS is of the opinion that ABN AMRO was guilty of violating a number of provisions of the AML/CTF Act in the Netherlands in the period from 1 January 2014 up to and including 31 December 2020, committed several times in 2014 and on a habitual basis in 2015-2020.10 In addition, the NPPS is of the opinion that, during this period, ABN AMRO was guilty of culpable money laundering, which is made punishable by Article 420quater of the Dutch Criminal Code, committed several times.

7.2 AML/CTF Act

With regard to the AML/CTF Act, it concerns a violation of the following articles:

  • Articles 2a, 3 and 33 AML/CTF Act, on the basis of which an institution is required to conduct client due diligence in order to prevent money laundering and terrorism financing, and to record the documents and data used for this purpose;
  • Article 5 AML/CTF Act, which prohibits an institution from entering into a business relationship or carrying out a transaction, if it has not conducted client due diligence or the client due diligence does not lead to the prescribed result. Article 5 AML/CTF Act also requires an institution to terminate a business relationship with a client, if the institution is unable to comply with the provisions of Article 3, first up to and including the fourth paragraph;
  • Articles 2a, 8 and 33 AML/CTF Act, on the basis of which an institution is required to conduct enhanced client due diligence in certain cases and to record the documents and data used for that purpose;
  • Articles 2a and 16 AML/CTF Act, on the basis of which an institution is required to report unusual transactions to the FIU without delay after the unusual nature of the transaction has become apparent.

10 As of 1 January 2015, the Dutch Economic Offences Act (Wet op de economische delicten) criminalises habitually committing an economic offence that qualifies as a crime (misdrijf).

The NPPS is of the opinion that the violations of the aforementioned articles by ABN AMRO qualify as criminal offences pursuant to Article 2(1) of the Dutch Economic Offences Act (Wet op de economische delicten). Furthermore, ABN AMRO committed these offences on a habitual basis as described in Article 6(1)(3) of the Dutch Economic Offences Act from 1 January 2015.

7.3 Culpable money laundering

The obligations of the AML/CTF Act described in chapter 2 form a coherent set of measures aimed at preventing money laundering. The AML/CTF Act is crystal clear on this point; ABN AMRO is required to take these measures in order to prevent money laundering by clients using its bank accounts and other services.

The NPPS is of the opinion that ABN AMRO fell short in using these measures in such a way, that ABN AMRO did not do what can be expected from a financial institution in its role of gatekeeper to combat money laundering by clients through its bank accounts and other services. As described in detail above, ABN AMRO's (transaction monitoring) systems, processes and remediation programmes were inadequate.

In addition, in the opinion of the NPPS, ABN AMRO should have reasonably suspected that certain flows of money passing through the bank accounts of its clients originated from crime. As described in section 3.9, ABN AMRO received various signals about specific clients that should have led the bank to a suspicion of money laundering. These include unusual transactions that do not fit the nature of the business, unclear statements regarding the origin of funds, money laundering signals regarding clients from public sources, alerts from the transaction monitoring system and high cash deposits. The fact that ABN AMRO was repeatedly unable to combine these signals and act upon them adequately can and should be attributed to ABN AMRO. ABN AMRO has therefore been considerably imprudent with regard to the flows of money of these clients. Where the monies of these clients originated from crime, ABN AMRO should have reasonably suspected the criminal origin thereof. These circumstances lead to the accusation of culpable money laundering by the NPPS.

As discussed in section 6.5, the NPPS considers these examples illustrative. In the opinion of the NPPS, ABN AMRO has missed more money laundering signals, due to the serious shortcomings in its compliance with the AML/CTF Act in the years from 2014 to 2020.

7.4 Attribution of offences to the legal entity

The criminal investigation shows that until mid-2019, the responsibility of compliance with the AML/CTF Act was primarily assigned to the Business (Lines). They were tasked with carrying out the processes within the 'Client Life Cycle', namely client due diligence at the start of the business relationship (NCTO), through periodic and event-driven reviews, the termination of a business relationship (exit) and the assessment of alerts.

Apart from the fact that it appears among other things from client files that the 'Client Life Cycle' processes were not conducted properly, the NPPS is of the opinion that ABN AMRO's policy could not lead to the results required by the AML/CTF Act. This was mainly due to the risk classification '00 neutral' and 'neutral risk' for the majority of its clients whereby, in accordance with policy, periodic reassessments were not conducted, while at the same time the client filtering and transaction monitoring processes did not function in such a way that they could compensate for the lack of ongoing monitoring by not conducting periodic reassessments. Furthermore, although ABN AMRO's policy did recognise the use of cash as a risk indicator requiring enhanced client due diligence, in practice expected cash use was not sufficiently taken into account when determining the risk profile of clients, and no enhanced client due diligence was performed upon entering into a client relationship.

Finally, there were backlogs throughout the whole period in handling alerts generated by the transaction monitoring system.

In addition, insufficient files, insufficient attention at management level for compliance with the AML/CTF Act, the culture within ABN AMRO, the inadequate and fragmented IT systems, the organisation of the bank in Business Lines functioning as 'silos' and the lack of adequate management information were, in the opinion of the NPPS, an important cause of the criminal offences. Finally, the fact that ABN AMRO suffered from shortages in personnel also played a role.

ABN AMRO did not succeed in effectively resolving these issues for several years. With the DFC programme and the establishment of the Detecting Financial Crime unit, as of the beginning of 2019 ABN AMRO has implemented structural, organisational changes that are to lead to sustainable remediation and so to compliance with the AML/CTF Act.

As a result, ABN AMRO fell short of complying with its obligations under the AML/CTF Act for several years. In the opinion of the NPPS, the Managing Board of ABN AMRO was aware of the shortcomings in compliance with the AML/CTF Act through the reports of Compliance, Audit and the findings of investigations by DNB. This is not changed by the fact that many ABN AMRO employees did their best to comply with these obligations, whether as part of the remediation programmes or otherwise.

The NPPS qualifies the observed conduct as illegal acts performed by a legal company within the normal course of business. The actions are attributable to the organisation as a whole, which is punishable therefor.

8 Decision to reach a settlement

8.1 Statement of reasons

Before the commencement of a trial, the NPPS can set one or more conditions in order to avoid prosecution for crimes punishable by imprisonment for a period not exceeding six years and for offences (Article 74 of the Dutch Criminal Code). In other words, settlement is an option provided for by law to settle criminal cases outside the courts.

Given the size of the settlement amount, it is considered a high settlement. Such a settlement is subject to the "Guidance for High Settlements"

(https://wetten.overheid.nl/BWBR0044047/2020-09-04). The Guidance defines the principles for offering such settlements and provides procedural rules.

Part of the procedure is the mandatory advisory role of the independent High Settlement Review Committee (Toetsingscommissie hoge transacties).

An important condition for entering into a high settlement with a legal entity is that the factual conduct that forms the basis for the settlement is acknowledged by the suspect. This requirement of acknowledgement expressly does not imply an acknowledgement by the legal entity of guilt to any criminal offence.

In line with the principle of discretion, the NPPS always opts for the most appropriate method of concluding a criminal investigation. The decision for a high settlement in order to avoid criminal proceedings requires a tailored approach. The aforementioned Guidance includes the basic principle that there have to be good reasons for a settlement. In every case where a settlement is considered, several factors will be carefully weighed.

In the Guardian criminal investigation, in the opinion of the NPPS, there are good reasons to settle, given that:

  • ABN AMRO regrets the shortcomings in fulfilling its role as gatekeeper aimed at combatting money laundering, recognises the seriousness of the matter and publicly acknowledges this;
  • ABN AMRO cooperated in the criminal investigation;
  • ABN AMRO will continue to actively allow the NPPS to investigate possible criminal offences arising from shortcomings in fulfilling its role as gatekeeper aimed at combatting money laundering to which the settlement relates;
  • ABN AMRO, under strict supervision of DNB, has developed and is implementing a remediation programme covering, among other things, the remediation of existing client files and the improvement of its client and transaction monitoring processes, the improvement of its compliance function and changing its internal governance and culture to prevent further violations of the AML/CTF Act. In doing so, ABN AMRO must structurally ensure that it is effectively fulfilling its role as gatekeeper;
  • ABN AMRO has consistently provided insight into the progress of this remediation programme to the NPPS during the criminal investigation;
  • ABN AMRO with this settlement is taking accountability for the criminal acts identified by the NPPS that were committed over several years.

For these reasons, the NPPS considers a settlement to be more effective than court proceedings.

8.2 Cooperation with the investigation

As soon as ABN AMRO became aware that it was a suspect in the Guardian criminal investigation, it indicated its willingness to cooperate with the investigation. This has also proved to be the case in practice. ABN AMRO has actively cooperated in making available documents relevant to the investigation and has made witnesses available for questioning at short notice.

8.3 Acknowledgement of shortcomings

ABN AMRO has publicly acknowledged the shortcomings in the fulfilment of its role as gatekeeper aimed at combatting money laundering and the seriousness of the matter. The press release of ABN AMRO demonstrates that sufficiently, in the NPPS's opinion.

8.4 Detecting Financial Crime unit

As explained in Chapter 4, at the end of 2018 ABN AMRO announced the 'Detecting Financial Crime' remediation programme. The purpose of this long-term group-wide remediation programme is to expeditiously and sustainably address the identified serious and culpable violations of the AML/CTF Act and to permanently remedy this for the future. This is done by structurally centralising the CDD/KYC processes in the 'Detecting Financial Crime' unit. The development, execution and progress of the aforementioned remediation programme have a multi-year implementation period and are supervised and monitored by DNB. DNB currently observes maximum effort on the part of ABN AMRO in this remediation process under the AML/CTF Act and in fulfilling its role as a gatekeeper adequately and sustainably throughout the ABN AMRO group. The remediation programme will continue up to and including 2022. The NPPS considered this reason enough to settle for the period from 1 January 2014 to the date the settlement agreement is signed.

9 Conclusion of the criminal case

9.1 Content of the settlement agreement

The settlement agreement (with annex) between the NPPS and ABN AMRO will be made public.

9.2 Fine and unlawfully obtained gains

ABN AMRO will pay a total of € 480 million to the Dutch State as part of this settlement. This amount consists of a fine of € 300 million and a € 180 million disgorgement of unlawfully obtained gains.

9.2.1 Fine

In determining the amount of the fine, the fact that only a significant fine does justice to the seriousness, extent and duration of the identified offences was taken into account. The amount of the fine also reflects the fact that, in view of the number of ABN AMRO clients and the number of transactions carried out by its clients, it can be assumed that the number of violations of the AML/CTF Act and missed signals of money laundering and other forms of financial economic crime, must have been quite substantial during the relevant period. On the basis of the investigation, it is justified to assume that there has been a large number of unusual transactions that ABN AMRO did not identify (timely).

Furthermore, the repeated warnings and signals from DNB, Compliance, Audit and the Supervisory Board were taken into account. It was also taken into account that ABN AMRO, according to the NPPS, should function as an example as it is a systemic bank of which the State is a main shareholder.

In determining the fine to be imposed by the NPPS, the financial capacity of the defendant, as intended by the legislature, was also taken into account:

"In addition to the seriousness of the offence and its benefit, a third factor plays an important role in determining the amount of the fine for an offence under criminal law: the offender's capacity to pay. Financial economic crimes are often committed by companies that have sizable assets, relative to private persons. The capacity of legal entities is therefore important in determining whether a fine has a sufficiently deterrent effect.''11

A fine should therefore have a deterrent effect and have an impact on the legal entity. This means that a higher fine is appropriate in the event that a legal entity has a greater capacity to pay.

Taking all facts and circumstances into account, the NPPS considers a fine of € 300 million to be appropriate. In determining the amount of the fine, the NPPS has taken into account the public acknowledgement by ABN AMRO of the shortcomings in the fulfilment of its role as gatekeeper aimed at combatting money laundering and the seriousness of the matter, ABN AMRO's cooperation with the investigation and the remedial measures taken by ABN AMRO to structurally safeguard compliance with the AML/CTF Act.

9.2.2 Unlawfully obtained gains

Part of the settlement is the payment of a € 180 million disgorgement of unlawfully obtained gains.

In view of the observed shortcomings in compliance with the AML/CTF Act, the NPPS is of the opinion that ABN AMRO did not employ enough personnel in the relevant period to be able to sufficiently fulfil its obligations under the AML/CTF Act. In order to arrive at an appropriate disgorgement amount, the NPPS therefore took the personnel costs saved by ABN AMRO as the starting point. The savings consist of the personnel costs that would have resulted in full compliance with the AML/CTF Act, reduced by the actual personnel costs incurred by ABN AMRO.

11 Explanatory memorandum (memorie van toelichting) to the introduction of the Act 'Expanding the possibilities of combating financial and economic crime' (Wet 'verruiming mogelijkheden bestrijding financieel-economische criminaliteit'); Parliamentary Papers (Kamerstukken), 2012-13, 33 685, no. 3, pg. 9-10.

Settlement Agreement

Parties

  1. The State of the Netherlands (Netherlands Public Prosecution Service, in this matter the National Office for Serious Fraud, Environmental Crime and Asset Confiscation and the National Office), having its seat in The Hague and in this matter legally represented by the public prosecutors A. Rogaar and F. Heus, employed at the aforementioned Public Prosecutor's Offices, choosing as their address for service IJdok 163 (1013 MM) in Amsterdam, hereinafter to be referred to as: the State and/or the Netherlands Public Prosecution Service;

and

  1. The public limited liability company ABN AMRO Bank N.V., having its registered office in Amsterdam at Gustav Mahlerlaan 10 (1082 PP), in this matter legally represented by R.A.J. Swaak and T.J.A.M. Cuppen, and represented in this matter by P.N. Ploeger and M.J.C. Somsen, attorneys in Amsterdam, hereinafter referred to as: ABN AMRO;

The State and/or the Netherlands Public Prosecution Service and ABN AMRO shall hereinafter also be referred to jointly as: parties,

The parties consider the following:

a) Under the direction and responsibility of the public prosecutors of the National Public Prosecutor's Office for Serious Fraud, Environmental Crime and Asset Confiscation and the National Public Prosecutor's Office, a criminal investigation was initiated by the Dutch Fiscal Information and Investigation Service (Fiscale inlichtingen- en opsporingsdienst, hereinafter referred to as FIOD) into ABN AMRO under the name "Guardian" as of 2019, with fraud information system number (gefisnummer) 64757 and Netherlands Public Prosecution Service number (parketnummer) 13/845074-19;

b) This settlement agreement must be viewed in conjunction with the Statement of Facts in Part I of the annex and the Netherlands Public Prosecution Service's Conclusions in Part II of the annex, which annex is attached to this settlement agreement and forms an integral part of it;

c) Based on the criminal investigation, the Netherlands Public Prosecution Service is of the opinion that ABN AMRO committed criminal offences in the period from 2014 up to and including 2020 arising from shortcomings in fulfilling its role as gatekeeper in aimed at combatting money laundering, as identified in the Guardian investigation, namely violating Articles 2a, 3, 5, 8, 16 and 33 of the Anti-Money Laundering and Counter Terrorism Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme, hereinafter referred to as the AML/CTF Act), punishable under Article 2(1) of the Economic Offences Act (Wet op de economische delicten, hereinafter referred to as EOA), and doing so habitually as referred to in Article 6(1)(3) EOA as of January 2015, as well as culpable money laundering, punishable under Article 420quater of the Dutch Criminal Code (Wetboek van Strafrecht, hereinafter referred to as DCC);

d) ABN AMRO has cooperated with the criminal investigation Guardian. ABN AMRO shall, also after the conclusion of this settlement agreement, continue to actively allow the Netherlands Public Prosecution Service to investigate possible criminal offences arising from shortcomings in fulfilling its role as gatekeeper aimed at preventing money laundering to which this settlement relates;

e) ABN AMRO regrets the shortcomings in fulfilling its role as gatekeeper aimed at combatting money laundering and recognises the seriousness of the matter;

f) ABN AMRO has taken remedial measures as of January 2019 that are (also) aimed at preventing criminal offences referred to above. In this respect, ABN AMRO has aligned its measures with its regulator the Dutch Central Bank (de Nederlandsche Bank N.V., hereinafter referred to as DNB). The measures taken have been aligned with and approved by DNB and the implementation of these remedial measures is proceeding according to plan;

g) ABN AMRO has stated that it will not claim a tax deduction in relation to the payment referred to in section 1.2 (II) below;

h) The Netherlands Public Prosecution Service has decided, in accordance with the applicable Guidance for High Settlements (Aanwijzing hoge transacties), to offer ABN AMRO a settlement pursuant to Article 74 DCC under the terms and conditions stated below, which proposal has been accepted by ABN AMRO;

i) This settlement agreement includes all facts and circumstances arising from shortcomings of ABN AMRO in fulfilling its role as gatekeeper aimed at combatting money laundering, which facts and circumstances occurred in the Netherlands in the years 2014 up to and including the date this agreement is signed, as established in the Guardian investigation, which the Netherlands Public Prosecution Service regards as a violation of Articles 2a, 3, 5, 8, 16 and 33 AML/CTF Act, while doing so habitually as of 2015 as referred to in Article 6(1)(3) EOA, and culpable money laundering (Article 420quater DCC);

j) In formulating the terms for this out-of-court settlement, the Netherlands Public Prosecution Service has taken into account the cooperation of ABN AMRO in the criminal investigation, the remedial measures taken by ABN AMRO to structurally ensure the effective fulfilment of its role as gatekeeper, as well as the acknowledgement by ABN AMRO of the facts as described in chapter 3 of part I of the annex (the Statement of Facts) that is attached to this settlement agreement. In accordance with the applicable Guidance for High Settlements, this acknowledgement of the facts by ABN AMRO expressly does not imply any acknowledgement of guilt of any criminal offence;

The parties agree and establish the following

Conditions in order to avoid criminal prosecution

Article 1

1.1 The Netherlands Public Prosecution Service offers ABN AMRO a settlement pursuant to Article 74 DCC, which is accepted by ABN AMRO.

1.2 By virtue of this settlement, ABN AMRO shall make the following payments: (I) payment to the State in the amount of € 300,000,000 (in words: three hundred million euros) pursuant to Article 74(2)(a) DCC and

(II) payment to the State in the amount of € 180,000,000 (in words: one hundred eighty million euros) as disgorgement of unlawfully obtained gains pursuant to Article 74(2)(d) DCC.

1.3 The total amount stated under 1.2 sub (I) and (II) shall be transferred to bank account number in the name of "Functioneel Parket Openbaar Ministerie" quoting "ABN AMRO Bank N.V. en parketnummer 13/845074-19" as a reference after signing this agreement. The payment must be received by the Netherlands Public Prosecution Service within one week following signing by both parties, failing which payment, this settlement agreement will be dissolved by operation of law.

1.4 Following the Netherlands Public Prosecution Service's timely receipt of the payments referred to in 1.2 under (I) and (II), the Netherlands Public Prosecution Service's right to criminally prosecute ABN AMRO expires for any and all of the facts and circumstances specified above, more specifically under (c) and (i) in the preamble and in chapter 3 of part I of the annex (the Statement of Facts) arising from the shortcomings of ABN AMRO in fulfilling its role as gatekeeper aimed at combatting money laundering, which facts and circumstances occurred in the Netherlands in the period from 2014 up to and including the date this agreement is signed, as established in the Guardian investigation with fraud information system number 64757 and Netherlands Public Prosecution Service number 13/845074-19, which the Netherlands Public Prosecution Service regards as a violation of Articles 2a, 3, 5, 8, 16, and 33 AML/CTF Act, while doing so habitually as of 1 January 2015, as referred to in Article 6(1)(3) EOA, and culpable money laundering (Article 420quater DCC), except in the event that the Court of Appeal orders the Netherlands Public Prosecution Service to start a prosecution pursuant to proceedings based on Article 12 of the Dutch Code of Criminal Procedure (Wetboek van Strafvordering, hereinafter referred to as DCCP).

1.5 This settlement does not concern any possible criminal offences committed by natural persons.

Further stipulations

Article 2

2.1 The Netherlands Public Prosecution Service will publish a press release on the out-ofcourt settlement of this case that will include this settlement agreement with the annex.

2.2 In its press statements, ABN AMRO will only acknowledge chapter 3 of Part I (Statement of Facts) of the annex. In its press statements, ABN AMRO will not contradict the other chapters of Part I (Statement of Facts) and Part II (Assessment by the Netherlands Public Prosecution Service) of the annex as well as the press release of the Netherlands Public Prosecution Service.

Article 3

3.1 The parties hereby declare that, subject to the provisions of this settlement agreement, they have no further claims against each other in relation to the facts referred to in this settlement agreement and all the consequences that have arisen and may still arise therefrom, of whatever nature. The parties grant each other full and final discharge in connection therewith. This entails that ABN AMRO shall refrain from instituting proceedings against the State that are based on or related to the criminal investigation Guardian with fraud information system number 64757 and Netherlands Public Prosecution Service number 13/845074-19. This shall also include – but not be limited to - requests pursuant to Articles 529, 530, 6:4:18 and 6:6:27 DCCP.

3.2 ABN AMRO warrants that none of its (direct or indirect) affiliates, parent companies, subsidiaries and/or group companies will institute a claim against the State that is based on or related to the aforementioned criminal investigation.

Article 4

4.1 In the event that the Netherlands Public Prosecution Service has to prosecute ABN AMRO following an order from the Court of Appeal pursuant to a complaint based on Article 12 DCCP, this settlement agreement will be deemed to be terminated without any further act being required to this end. In that event, the Netherlands Public Prosecution Service will repay the amounts paid, as referred to under 1.2 (I) and (II), in accordance with Article 74b(2) DCC. There will be no compensation of interest in connection with such a repayment. The parties shall then consult on the practical aspects of handling the dissolution of this settlement agreement, or the termination of the settlement agreed upon in this agreement.

4.2 The parties waive the right to dissolve this settlement agreement (wholly or in part) or to annul it, for whatever reason, even if circumstances become known that were not known or could not have been known at the time when this settlement agreement was concluded. This stipulation shall be without prejudice to dissolution by operation of law in the event of a failure to pay on time (Article 1.3) and any dissolution in the event of a prosecution order pursuant to Article 12 DCCP (Article 4.1).

4.3 Should any provision in this settlement agreement prove to be invalid or be declared non-binding, this will not affect the other provisions of this settlement agreement. In the event a gap is identified, the parties will consult with each other and try to resolve the gap in good faith.

Article 5

All written communication between the parties that is executed on the basis of this settlement agreement, shall be sent to or delivered at the following addresses, fax numbers and/or e-mail addresses:

Netherlands Public Prosecution Service: National Office for Serious Fraud, Environmental Crime and Asset Confiscation

ABN AMRO: De Brauw Blackstone Westbroek N.V., for the attention of P.N. Ploeger and M.J.C. Somsen

Article 6

This settlement agreement is subject to Dutch law. The District Court of The Hague has exclusive jurisdiction to handle any disputes in connection with this settlement agreement.

Article 7

The parties declare that they have read this settlement agreement and the annex, completely understand its contents, have been given the opportunity to seek independent legal advice in this regard, and will sign this settlement agreement voluntarily.

Article 8

This settlement agreement and its annex were drawn up in Dutch. In addition, an English translation of this settlement agreement including the annex will be made available or published by the Netherlands Public Prosecution Service. Where the Dutch text and the English translation differ, the Dutch text will prevail.

Agreed on and drawn up and signed in duplicate,

The State of the Netherlands (the Netherlands Prosecution Service), on its behalf,

[signed] [signed]

.…………………………………………… …………………………………………… A. Rogaar F. Heus Public Prosecutor Public Prosecutor Amsterdam, April 16, 2021 Amsterdam, April 16, 2021

On behalf of ABN AMRO Bank N.V.,

[signed] [signed]

…………………………………………… …………………………………………… R.A.J. Swaak T.J.A.M. Cuppen CEO CRO

Amsterdam, April 19 2021 Amsterdam, April 19, 2021 (place and date) (place and date)

More from ABN AMRO Bank N.V.

Regulatory Filings 2025
Dec 11
Regulatory Filings 2025
Dec 11
M&A Activity 2025
Nov 25
Regulatory Filings 2025
Nov 25
Management Reports 2025
Nov 25
Management Reports 2025
Nov 25
Earnings Release 2025
Nov 12
Earnings Release 2025
Nov 12
Report Publication Announcement 2025
Nov 12
Board/Management Information 2025
Nov 12
View all filings →

Talk to a Data Expert

Have a question? We'll get back to you promptly.