Account of the case
The customer tried to make a cash deposit of 100,000 euros to his account at the bank on 2 January 2023. He provided the bank with documents about the origin of the funds: an affidavit of gift between his father and himself and an agreement of sale-purchase of the apartment (17 March 2020). The bank refused to accept the deposit on 5 January 2023.
The customer’s complaint
The customer visited a branch office of the bank with his parents to make a cash deposit of 100,000 euros. He brought the required documents (an affidavit of gift between his father and himself and an agreement of sale-purchase of the apartment on 17 March 2020) that legitimize the background of the money which he was intending to deposit. The purchase-sale agreement has been notarized and translated. The receipt of cash withdrawal from the account was also translated by the bank the money was withdrawn from and sent to the bank. The documents were taken under review by the bank. On 5 January 2023, the customer received an email from the bank employee informing him of the rejection of the deposit of money to his own bank account.
The money was withdrawn from a Russian bank account and later changed to euros. The money was given to the customer in cash by his father.
The cash was not declared to Customs, as the sum was transferred gradually on several trips over the years, in amounts that remained under the declaration threshold.
The customer needs the money on his bank account in order to pay for his living expenses and private life expenses such as rent, sports expenses, electricity bills, purchasing a new car, water bills etc.
The clause in the General Terms and Conditions for Accounts titled “Bank's right not to accept the use of account” states that the bank can restrict the use of the account due to a list of reasons among which none can be applied to this case. The bank’s General Terms and Conditions Agreement does not mention a condition limiting large deposits. All the documents legitimizing the source of the deposit that were mentioned by the customer advisor have been submitted.
The customer demands that the bank should accept the deposit of the funds.
The bank’s reply
The bank has stated that the decision to accept or not to accept cash deposits is always based on a case-by-case assessment. In this case, the bank's decision not to accept the deposit was based on an overall assessment and the conclusion that the bank was unable to carry out the customer due diligence measures laid down in chapter 3 of the Act on Preventing Money Laundering and Terrorist Financing. Therefore, the bank was not able to conclude the transaction either fully or partially.
Banking in Finland is highly regulated, and banks are supervised by the FIN-FSA. A failure to comply with the obligations of customer due diligence by a bank or its employee can result in severe punishment.
The bank is fulfilling its regulatory requirements. The cash deposit is considerable, and based on a thorough, overall assessment, the bank has concluded that the deposit cannot be accepted. Due to regulatory requirements, the bank is not able to disclose its reasoning. Therefore, the bank stands by its original decision not to accept said cash deposit.
Reports
In addition to the communications between the parties, the Banking Complaints Board was provided with the following documents:
- Translation of an agreement of sale and purchase of an apartment in the Moscow region, dated 17 March 2020. The value of the apartment is stated to be 8,200,000 rubles. The seller is the customer’s father.
- Affidavit of gift, dated 29 June 2020. The gift consists in the amount of 105,751 euros received as a result of the sale by the customer’s father. The money was exchanged from rubles to euros on 26 June 2020.
Resolution recommendation
Formulation of the question
In order to resolve the dispute between the parties, the Banking Complaints Board must assess whether or not the bank had the right to decline the customer’s cash deposit on the basis of the information it had received from the customer.
The applicable norms of law and terms and conditions
According to Laki rahanpesun ja terrorismin rahoittamisen estämisestä (444/2017, Act on Preventing Money Laundering and Terrorist Financing), chapter 3, section 1:
“Asiakkaan tunteminen ja riskiperusteinen arviointi.
Jos ilmoitusvelvollinen ei pysty toteuttamaan asiakkaan tuntemiseksi tässä luvussa säädettyjä toimia, ilmoitusvelvollinen ei saa perustaa asiakassuhdetta, suorittaa liiketointa tai ylläpitää liikesuhdetta. Jos ilmoitusvelvollinen on luottolaitos, se ei myöskään saa toteuttaa maksutapahtumaa maksutilin kautta, jos se ei pysty toteuttamaan asiakkaan tuntemiseksi säädettyjä toimia. Ilmoitusvelvollisen on myös arvioitava, onko sen tarpeellista tehdä tapauksesta epäilyttävää liiketoimea koskeva ilmoitus. Ilmoitusvelvollisen on keskeytettävä asiakkaan tuntemista koskevat toimet, jos ilmoitusvelvollinen perustellusti arvioi tuntemista koskevien toimien vaarantavan epäilyttävää liiketoimea koskevan ilmoituksen tekemisen.
Ilmoitusvelvollisen on asiakassuhteeseen liittyviä rahanpesun ja terrorismin rahoittamisen riskejä arvioidessaan otettava huomioon uusiin ja jo olemassa oleviin asiakkaisiin, maihin tai maantieteellisin alueisiin sekä uusiin, kehitettäviin ja jo olemassa oleviin tuotteisiin, palveluihin ja liiketoimiin sekä jakelukanaviin ja teknologioihin liittyvät rahanpesun ja terrorismin rahoittamisen riskit (riskiperusteinen arviointi).
Tässä luvussa säädettyjä asiakkaan tuntemista koskevia toimia on noudatettava riskiperusteiseen arviointiin pohjautuen koko asiakassuhteen ajan. Lisäksi ilmoitusvelvollisen on noudatettava asiakkaan tuntemista koskevia säännöksiä, kun ilmoitusvelvollisella on tai on ollut lakisääteinen velvollisuus hallinnollisesta yhteistyöstä verotuksen alalla ja direktiivin 77/799/ETY kumoamisesta annetun neuvoston direktiivin lainsäädännön alaan kuuluvien säännösten kansallisesta täytäntöönpanosta ja direktiivin soveltamisesta annetun lain (185/2013) tai muun vastaavaa velvoitetta koskevan sääntelyn nojalla ottaa kalenterivuoden aikana yhteyttä asiakkaaseen tosiasiallista edunsaajaa koskevien merkityksellisten tietojen tarkistamista varten.
Ilmoitusvelvollisen on voitava osoittaa valvontaviranomaiselle tai valvomaan asetetulle, että ilmoitusvelvollisen tässä laissa säädetyt asiakkaan tuntemista ja jatkuvaa seurantaa koskevat menetelmät ovat riittävät rahanpesun ja terrorismin rahoittamisen riskin kannalta.”
Translation:
“Customer due diligence and risk-based assessment.
If an obliged entity is unable to carry out the customer due diligence measures laid down in this chapter, the entity may not establish a customer relationship, conclude a transaction or maintain a business relationship. Where the obliged entity is a credit institution, it also may not execute a payment transaction through a payment account if it is unable to carry out the measures laid down for customer due diligence. The obliged entity shall also assess whether it is necessary in this case to submit a suspicious transaction report. The obliged entity shall suspend the customer due diligence measures if, on reasonable grounds, it determines that the customer due diligence measures would endanger the submission of a suspicious transaction report.
In assessing the money laundering and terrorist financing risks in a customer relationship, an obliged entity shall take into account the money laundering and terrorist financing risks relating to new and pre-existing customers and to countries or geographic areas, and to products, services, transactions, delivery channels and technologies that are new, under development or already exist (risk-based assessment).
The customer due diligence measures laid down in this chapter shall be observed throughout the course of the customer relationship on the basis of risk-based assessment. In addition, an obliged entity shall comply with the provisions on customer due diligence when the obliged entity has or has had, under the Act on Administrative Cooperation in Taxation and on National Implementation of the Provisions of Council Directive Repealing Directive 77/799/EEC and on Application of the Directive (185/2013) or any other regulation concerning a corresponding obligation, a legal duty to contact the customer in the course of the calendar year for the purpose of reviewing any relevant information relating to the beneficial owner.
An obliged entity shall be able to demonstrate to the supervisory authority or a body appointed to supervise that their methods concerning customer due diligence and ongoing monitoring laid down in this Act are adequate in view of the risks of money laundering and terrorist financing.”
According to chapter 3, section 3, subsection 1–2:
”Asiakkaan tuntemistiedot ja niiden säilyttäminen
Ilmoitusvelvollisen on pidettävä kaikki asiakkaan tuntemista ja liiketoimia koskevat asiakirjat ja tiedot ajantasaisina ja olennaisina. Tiedot on säilytettävä luotettavalla tavalla viiden vuoden ajan vakituisen asiakassuhteen päättymisestä. Jos kysymyksessä on 2 §:n 1 momentin 1 tai 2 kohdassa taikka mainitun pykälän 2 momentissa tarkoitettu satunnainen liiketoimi, asiakkaan tuntemista koskevat tiedot on säilytettävä viiden vuoden ajan liiketoimen suorittamisesta.
Asiakkaan tuntemista koskevista tiedoista on säilytettävä:
[…]
8) tiedot asiakkaan toiminnasta, liiketoiminnan laadusta ja laajuudesta, taloudellisesta asemasta, perusteet liiketoimen tai palvelun käytölle ja tiedot varojen alkuperästä sekä muut 4 §:n 1 momentissa tarkoitetut asiakkaan tuntemiseksi hankitut tarpeelliset tiedot; […]”
Translation:
”Customer due diligence data and their retention
Obliged entities shall ensure that all documents and data concerning customer due diligence and customer transactions are up to date and relevant. The data shall be retained in a reliable manner for a period of five years after the end of the permanent customer relationship. In the case of occasional transactions referred to in section 2, subsection 1, paragraphs 1 and 2 or in subsection 2 of the said section, customer due diligence data shall be retained for a period of five years from the conclusion of the transaction.
The following customer due diligence data shall be retained:
[…]
8) information on the customer’s activities, nature and extent of business, financial standing, grounds for use of transaction or service and information on source of funds as well as the other necessary information referred to in section 4, subsection 1 acquired for the purpose of customer due diligence;[…]”
According to the chapter 3, section 4:
“Asiakasta koskevien tietojen hankkiminen, jatkuva seuranta ja selonottovelvollisuus
Ilmoitusvelvollisen on hankittava tietoja asiakkaansa ja tämän tosiasiallisen edunsaajan toiminnasta, liiketoiminnan laadusta ja laajuudesta sekä perusteista palvelun tai tuotteen käyttämiselle. Ilmoitusvelvollinen saa hyödyntää asiakkaasta tai tämän tosiasiallisesta edunsaajasta eri tietolähteistä saatavilla olevia tietoja asiakasta koskevan riskiarvion laatimiseksi ja ylläpitämiseksi, rahanpesun ja terrorismin rahoittamisen estämiseksi sekä tässä laissa tarkoitetun ilmoitusvelvollisuuden ja selonottovelvollisuuden täyttämiseksi. Ilmoitusvelvollisen on kiinnitettävä erityistä huomiota tietolähteen uskottavuuteen ja luotettavuuteen. Luonnollisten henkilöiden suojelusta henkilötietojen käsittelyssä sekä näiden tietojen vapaasta liikkuvuudesta ja direktiivin 95/46/EY kumoamisesta (yleinen tietosuoja-asetus) annetussa Euroopan parlamentin ja neuvoston asetuksessa (EU) 2016/679, jäljempänä tietosuoja-asetus, ja tietosuojalaissa (1050/2018) säädetään henkilötietojen käsittelystä.
Ilmoitusvelvollisen on järjestettävä asiakkaan toiminnan laatuun ja laajuuteen, asiakassuhteen pysyvyyteen ja kestoon sekä riskeihin nähden riittävä seuranta sen varmistamiseksi, että asiakkaan toiminta vastaa sitä kokemusta ja tietoa, joka ilmoitusvelvollisella on asiakkaasta ja tämän toiminnasta.
Ilmoitusvelvollisen on erityisesti kiinnitettävä huomiota liiketoimiin, jotka rakenteeltaan tai suuruudeltaan taikka ilmoitusvelvollisen koon tai toimipaikan osalta poikkeavat tavanomaisesta. Samoin on meneteltävä, jos liiketoimilla ei ole ilmeistä taloudellista tarkoitusta tai ne eivät sovi yhteen sen kokemuksen tai tietojen kanssa, jotka ilmoitusvelvollisella on asiakkaasta. Tarvittaessa liiketoimeen liittyvien varojen alkuperä on selvitettävä.”
Translation:
“Obtaining customer due diligence data, ongoing monitoring, and obligation to obtain information
Obliged entities shall obtain information on their customers’ and their beneficial owners’ activities, the nature and extent of their business, and the grounds for the use of the service or product. Obliged entities may use available data from different information sources on the customer or its beneficial owner for the purpose of preparing and maintaining a risk assessment of the customer, preventing money laundering and terrorist financing and meeting the reporting obligation and the obligation to obtain information referred to in this Act. Obliged entities shall pay special attention to the credibility and reliability of the information source. Provisions on the processing of personal data are laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereafter the Data Protection Regulation, and in the Data Protection Act (1050/2018).
Obliged entities shall arrange monitoring that is adequate in view of the nature and extent of the customers’ activities, the permanence and duration of the customer relationship and the risks involved in order to ensure that the customers’ activities are consistent with the obliged entities’ experience or knowledge of the customers and their activities.
Obliged entities shall pay particular attention to transactions that differ from the usual in respect of their structure or size or with regard to the size or office of the obliged entity. The same also applies in the event of transactions which lack an obvious economic purpose or are inconsistent with obliged entities’ experience or knowledge of the customer. When necessary, steps shall be taken to establish the source of the funds involved in the transaction.”
According to General Terms and Conditions for Accounts section 10.1:
“Bank's right not to accept use of account
The bank has the right not to accept use of the account if
– the customer has not provided the bank with information about the customer needed by the bank in accordance with this agreement or binding legislation;
– the signature on the document intended for withdrawal differs from the specimen signature in the bank's possession;
– the account user cannot reliably prove his/her identity;
– the authorisation issued by the account holder does not fulfil the requirements set for it by the bank;
– a cheque is cashed after the period for cashing; or
– the bank has otherwise reason to suspect the validity of use of the account”
Evaluation of the case
Under the Act on Preventing Money Laundering and Terrorist Financing (hereafter referred to as the Anti-Money Laundering Act), banks must know their customers. The obligation of customer due diligence applies throughout the duration of the customer relationship. Using a risk-based approach, banks must obtain sufficient information in order to evaluate the risks related to the customer relationship and to determine the customer’s individual risk level. If necessary, banks must obtain information on the origin of funds, for example. If the bank is unable to carry out the measures laid down for customer due diligence, it may be obliged to refuse to conduct the business transaction or to maintain the business relationship at all. The evaluation should be conducted on the basis of a comprehensive risk-based assessment.
Concerning customer due diligence, the preparatory materials for the Anti-Money Laundering Act (HE 228/2016 vp, pp. 102–103) indicate that in situations where the customer does not provide sufficient customer due diligence information, the obliged entity should primarily limit the services offered (e.g. by closing a payment instrument) and only resort to termination of the contract as a last resort. However, limitations of services or the closing of a payment instrument should not be resorted to unless the deficiency in the customer due diligence information is material and indispensable in evaluating the customer due diligence measures as provided by law and the risk-based assessment of the customer. If a credit institution, for example, does not receive the necessary customer due diligence information, it should not execute a payment transaction through a payment account. In addition, the preparatory materials indicate that mentions of customer-related risk factors that predict an enhanced customer due diligence obligation include, for instance, the fact that a business transaction was concluded in unusual circumstances or that business activities are conducted in a cash-intensive manner. Furthermore, the preparatory materials mention that geographical risk factors should also be taken into account as part of the customer due diligence obligation. An example of a heightened geographical risk factor would be the fact that the customer received his or her licence or was registered in a state which is, according to reliable estimates, host to widespread corruption or other criminal activities or which the EU or the UN have placed under sanctions.
In the case at hand, the customer attempted to deposit 100,000 euros in cash in his account with the bank. The customer says that the cash was originally a gift from his father. According to the customer, his father received the gifted funds from the sale of an apartment in Russia in 2020. Further according to the customer, his father withdrew in cash the funds constituting the gift and changed them from rubles to euros, which he then gifted to the customer.
On entering EU territory, a person must submit a cash declaration to Customs, if he or she is carrying cash worth 10,000 euros or more. According to the customer, the cash was brought from Russia after the currency exchange in several batches of less than 10,000 euros each, and because of this, customs clearance was not necessary.
As an account of the source of the funds, the customer has provided FINE with an agreement of sale-purchase, according to which his father sold an apartment he owned, and an affidavit of gift, by which his father gifted him the money. No evidence has been presented on e.g. the withdrawal of cash from the father’s Russian bank account or the currency exchange.
The bank has stated that its decision not to accept the deposit is based on an overall assessment and the conclusion that the bank was unable to carry out the customer due diligence measures laid down in chapter 3 of the Anti-Money Laundering Act. Furthermore, the bank has stated that it is not able to disclose its reasoning, based on regulatory requirements.
The Banking Complaints Board notes that the bank has discretionary power over which information and documents it considers necessary for customer due diligence, including verifying the origin of funds. According to Chapter 3, Sections 1 and 4, of the Anti-Money Laundering Act, different risk factors must be taken into account in assessing the matter. In the case at hand, the Banking Complaints Board notes at least the following risk factors mentioned in the Act and in its preparatory materials: the geographical risk relating to the source of funds and potential sanctions, regarding which the Banking Complaints Board takes notice of factors including the limit of 100,000 euros laid down in EU Regulation No. 2022/328 for receiving deposits; the use of cash for the payment transaction; the unusually large amount of the cash deposit; and aspects related to the importation of cash and the avoidance of customs clearance.
On the basis of the information provided, the Banking Complaints Board finds that the bank did not exceed its discretionary power under the Anti-Money Laundering Act in applying the requirements on customer due diligence information. The Banking Complaints Board also finds that under the Anti-Money Laundering Act, the bank has a confidentiality obligation concerning any assessments of the suspicious nature of a business transaction and related obligations.
The customer has also claimed that, according to the terms and conditions of the bank account, the bank did not have the right to decline the cash deposit. According to the General Terms and Conditions for Accounts, the bank has the right not to accept use of the account if the customer has not provided the bank with information about the customer needed by the bank in accordance with this agreement or binding legislation.
Based on the applicable legislation and the contractual terms and conditions, the Banking Complaints Board considers that the bank had the right, and potentially even an obligation, to decline the cash deposit.
Final outcome
The Banking Complaints Board does not recommend that the bank should accept the customer’s cash deposit.
The Banking Complaints Board’s decision was unanimous.
BANKING COMPLAINTS BOARD
Chairman Sillanpää
Secretary Heino
Members:
Atrila
Laine
Makkonen
Punakivi