Germany’s financial supervisory authority issued total fines of 1.45 million euros (U.S. $1.6 million) against Commerzbank AG to settle allegations of inadequate monitoring and anti-money laundering (AML) controls, along with breaches of its supervisory duty and enhanced due diligence requirements.

BaFin announced Monday fines of €375,000 (U.S. $400,000) and nearly €1.1 million (U.S. $1.2 million) against Commerzbank. The alleged violations related, in part, to issues at Comdirect Bank AG, to which Commerzbank is the universal successor.

The details: Employees violated AML obligations by “not updating customer data on time or sufficiently and by taking inadequate internal security measures,” according to a translated fine notice published by BaFin. The regulator said because of the breach of supervisory duty, enhanced due diligence requirements were inadequately applied in three cases.

In an emailed statement, a bank spokesperson said a review to integrate Comdirect into Commerzbank was carried out that “looked at the specifications in place for new customer identity checks and at the processes and checks for updating customer data” at Comdirect.

The review found “changes needed to be made,” with processes adapted and data updates fully completed in early 2022, the spokesperson noted.

Compliance considerations: Under Germany’s Money Laundering Act, credit institutions must create work instructions for the “practical implementation” of the act’s requirements, which includes updating customer data.

Proper relationship management is a key obligation credit institutions must abide by to “prevent accounts from being opened anonymously and misused for money laundering,” BaFin said. Because of these obligations, credit institutions must identify all their customers when starting a business relationship and properly document their information.

With customer data changing over time, credit institutions must update the data regularly or as needed, BaFin noted. In the case of a politically exposed person, enhanced duties of care will apply, like obtaining additional information to adequately address the higher risks of these business relationships, the regulator said.

Bank response: “The bank remained in continual close contact with the relevant authorities and … fulfilled BaFin’s requirements,” the spokesperson said.