20th May 2021

BaFin Calls N26 Out on Lax AML Controls

BaFin put N26 on warning once again for their lax anti-money laundering controls, according to an announcement made by the German regulator on Tuesday, May 11.

The digital bank has been ordered to “rectify deficiencies both in IT monitoring and in customer due diligence.” Specifically, it must “ensure that it has the adequate personnel, technical and organizational resources to comply with its obligations under anti-money laundering law.”

It isn’t the first time that the young startup has faced scrutiny from BaFin. In 2019, BaFin conducted a special audit of N26’s processes due to reports of fraudulent transactions and security failures. For example, the German news magazine WirtschaftsWoche had announced it was able to open accounts using forged IDs. Reports also surfaced in March of that year that one of the bank’s customers was the victim of a hack that emptied their account of €80,000. According to the victim, N26’s customer support left a bit to be desired as well.

BaFin found similar deficiencies during that audit. Indeed, BaFin’s statement to Reuters about the online bank’s anti-money laundering controls in 2019 — “[N26 must] ensure the existence of…adequate personnel and technical organizational equipment in order to comply with its obligations under money laundering law” — is virtually identical to the one the regulator issued this May.

That fact was likely not lost on the regulator this time around: BaFin has said it intends to appoint a special commissioner to oversee the company’s efforts to comply with this most recent order to remedy its AML deficiencies.

N26 is not the only new fintech that has received scrutiny from regulators. In 2019, for instance, it was reported that a whistleblower had expressed concerns about the UK fintech Revolut’s compliance processes and, separately, that the bank had failed to flag several suspicious transactions flowing through its system. It’s a vulnerability of challenger banks in general, as many are young and take a tech-first perspective. That is, many startups focus on leveraging new technologies to provide customers with a seamless banking experience — which can be a source of friction when navigating the AML compliance landscape.

Further, the lockdowns in response to the coronavirus pandemic have prompted consumers to rapidly embrace mobile banking services. Many fintechs are experiencing the inevitable growing pains that come with onboarding an influx of new customers — and criminals are all too happy to exploit the vulnerabilities those growing pains expose.

Challenger banks worldwide would do well to view the AML challenges N26 and Revolut faced (and continue to face) as lessons learned from afar. Steps were taken now, such as assessing and improving their compliance programs and implementing tools that automate screening processes, can go a long way toward ensuring that these digital-first banks avoid a regulatory nightmare in the future.