Whistleblowing complaints at the European Investment Bank have revealed a disregard for anti-money laundering rules when providing billions of euros to projects around the world, according to a trove of internal documents and emails seen by the Luxembourg Times.
The EU bank has called for an inquiry into a pattern of wrongdoing, misconduct and obstruction, alleged in the whistleblowing complaints made last summer.
Group chief compliance officer Gerhard Hütz, a 20-year EIB veteran who oversaw the bank’s beleaguered compliance unit for seven years, left office just a few months after the complaints and a damning audit report.
EU finance ministers, who make up the board of governors – the bank’s highest decision-making body – were aware of failures to conduct proper “know your customer” or KYC checks. Several ministers at a board meeting in June 2019 said it was an immediate and urgent priority to “remove gaps” in anti-money laundering and counter-terrorism financing (AML/CFT) practices, according to one of the documents.
The bank confirmed that the audit report had identified “gaps”, partly related to an “incomplete adaptation” of the bank’s policies in line with the latest AML/CFT regulations. Hütz’s departure and his appointment into a new role were in line with the bank’s policy on internal mobility, a spokesperson for the EIB said.
Banks typically collect information on clients before signing off on deals to ensure that loans will be used for their stated purpose, and not to finance illegal activities such as drug trafficking, prostitution or terrorism. The Luxembourg-based EIB’s activities extend into several countries where regulatory standards are lower than in the EU.
It has invested €1.2 trillion in start-ups and larger companies in 162 countries from Fiji, Pakistan, Gabon to Argentina since it was set up 62 years ago. The bank raises its funds on capital markets – mainly by issuing bonds – and has financed 12,716 projects in telecoms, transport, waste, energy and infrastructure through loans and equity.
While the EIB is a non-profit public bank, it chooses to adhere to sound commercial and international principles. The flaws identified in the audit report do not conform with EU rules on anti-money laundering and terrorism financing, nor with best practices and standards prescribed by the Basel Committee on Banking Supervision and the world’s anti-money laundering watchdog, the Paris-based Financial Action Task Force (FATF).
The bank only adopted AML/CFT procedures – a standard market practice for decades in commercial banking – three years ago, a draft audit report published in May last year said. A few months later, it made it mandatory for clients to provide documentation, so that it could carry out due diligence at any time during the business relationship, an internal presentation showed.
[su_quote] “I see the current crisis situation offering great opportunities for achieving true compliance [/su_quote]
– Gerhard Hütz
At the same time, the EIB decided to review all its existing deals with nearly 4,000 counterparties, known as the ‘legacy project.’ Still, the EIB has since entered new business relationships to finance projects without the full compliance checks being carried out on the loan recipients, according to several
emails Hütz sent to his team.
In January, the EIB unlocked €47 million for Volán Buszpark, a Hungarian state-owned bus company, to modernise half of its fleet and reduce carbon emissions. In September 2019, the bank granted a €220 million loan to build and maintain the A49 motorway between Schwalmstadt and Ohmtal-Dreieck in Germany, a project heavily contested by environmentalists.
In an email to his team, and referring to those projects, Hütz said: “Obviously, eventually we need to receive verification of documents and additional information”.
The internal audit process had functioned as intended, an EIB spokesperson said, adding that the shortcomings had been dealt with in a transparent way, and that there was no evidence that the bank and its clients and partners had suffered any “damage in practice”.
Skeletons on the books
The whistleblowing allegations that Hütz overlooked compliance gaps led the bank to hire PricewaterhouseCoopers for a “fact-finding exercise”. The consulting firm is currently investigating the claims that Hütz, who reported directly to EIB President Werner Hoyer, signed off on the legacy project, which was then approved by the bank’s nine-strong management committee despite Hütz’s team pointing out “huge gaps”.
The EIB said it would not comment on “any ongoing complaint”.
[su_quote] “Most of these findings could have been avoided [/su_quote]
- Gerhard Hütz
Last year’s internal audit report showed due diligence and risk-scoring of the existing 4,000 clients were not complete. The report found that 80% of the legacy projects were rated “low risk by default”. One in five of those cases had been given that rating despite being from countries considered to have AML standards below those of the EU. Exceptions were granted for 45% of all counterparties, allowing the bank to accept non-certified documents and not collect ID cards. Explaining the gaps, Hütz said the “EIB has been living with a non-remediated portfolio of some thousands counterparts for many years … and still all repayments [were] coming in,” according to one whistleblowing complaint.
Attributing risk scores to clients and transactions was difficult since the EIB did not have a ‘compliance risk assessment’ to set policies and procedures, which is normally required by the Basel Committee on Banking Supervision for commercial banks.
Timeline of events
Prior to 2019, the bank was manually monitoring politically exposed persons (PEPs) – politicians and their families who are likely more susceptible to fraud – and only to a limited extent, according to the audit report. While an estimated 8,000 PEPs are linked to EIB projects, the bank only monitors those who are beneficial owners of high-risk projects and does not identify beneficial owners for all its loans.
In one email, Hütz said the bank received part of “long-requested” documents from Austrian construction company Strabag, including a passport from an oligarch, only after the projects had been approved. “Still, having the copy of the passport of the oligarch before my eyes did not necessarily raise my comfort level,” he said.
Russian national Oleg Deripaska, who owns a 25% stake in Strabag, is on a US sanctions list as he is being investigated for money laundering, according to the US Treasury. He has also been accused of threatening the lives of business rivals, illegally wiretapping a government official, and taking part in extortion and racketeering, the Treasury’s website shows.
No procedure was in place at the bank to systematically find out the identity of payers. The report found the institution allows loan repayments by third parties, raising the possibility that they stem from laundered assets. Around 30% of 53,000 incoming payments in 2018 were missing payer information, only showing the date, amount and name of the contract, according to the audit report. Most of them came from the EIB’s correspondent banks.
Shortcomings identified as ‘high risk’ in the audit report:
- No formalised and documented ‘compliance risk assessment’
- No KYC on an unidentified number of fund managers through which the bank lends money
- No systematic tool to monitor PEPs in line with the 4th AML directive. PEP monitoring is performed manually and to a limited extent
- No systematic identification of beneficial owners as required by the 4th AML directive
- A plan for conducting periodic KYC reviews for ‘legacy exceptions’ was still pending
- The bank never made any report of suspicious transactions to the Luxembourg Financial Investigation Unit (FIU), part of the ministry for justice. It is relying on paper as opposed to an online reporting platform.
Conflicting agenda
In June 2019, discussions about the report’s findings with the audit committee became tense, emails between Hütz and his team show. The committee, unhappy with the numerous medium and high risk and other AML/CFT shortcomings, escalated the matter to the highest level, the board of governors, who represent the countries that are the bank’s shareholders.
“Several ministers of finance referred to [the] importance of AML/CFT and [the] need to remove gaps as high priority and as quickly as possible,” Hütz said in an email, describing the session as “likely the most difficult meeting I had in my long years at [the] EIB”.
The EIB confirmed the gaps were escalated to the board of governors in June 2019 and that the governors “expressed concern”. The bank worked towards closing the gaps with the help of external consultants, a spokesperson said.
[su_quote] “I trust that the wake-up call was so loud that everybody will have heard it [/su_quote] – Gerhard Hütz
The board of directors often is involved in giving the green light to projects, but their deliberations – and that of the board of governors, one level up – can be highly political, the documents show, and compliance takes a relatively more marginal focus.
In one case, “serious compliance” issues were found in an investment linked to Saudi Arabian crown prince Mohamed bin Salman and the country’s sovereign wealth fund in Luxor, Egypt. The management said it was worried about the bank’s reputational risk, following the murder of journalist Jamal Khashoggi, widely reported to have been connected to the crown prince.
In a separate instance, board representatives from Cyprus and Greece said that Turkey’s president Recep Tayyip Erdogan’s grip on power, and his meddling in elections were another reputational risk, advocating for a freeze on money for the country. A board of directors meeting in 2019 did not reach an agreement on the matter, though it did approve a €50 million project for glass manufacturer Sisecam in Balikesir, Turkey.
The European Commission – represented on the board of directors – voted against a project in Nigeria, saying tax due diligence was “not sufficient” and that the “complex structure appeared ‘fishy'”, despite Hütz saying in an email “extensive tax due diligence” had been carried out.
Unravelling culture
Following a series of high-level meetings in June, Hütz seemed uncertain about his future, saying in an email to his team: “What does all this mean for me? Unclear at present, I am still in function but the above has led and will continue to lead to very difficult discussions with the audit committee and management committee.”
Looking back at the escalation of events, he came to the conclusion that the culture within compliance played a role in the shortcomings identified in the audit report, saying that “most of these findings could have been avoided or at least mitigated had we driven forward respective files with more vigor and a cooperative spirit”.
Despite the difficulties, he hoped compliance would be more ingrained in the bank’s culture and would be “no longer ‘nice to have’ but an indispensable and very important component”.
The following week Hütz travelled to Helsinki for a management committee event – cancelling a scheduled trip to FATF in the US – to discuss the way forward for his team. On his return, Hütz’s emails sounded more confident: “I trust that the wake-up call coming from the AML/CFT audit was so loud that everybody will have heard it.”
“I see also the current crisis situation offering great opportunities for achieving true compliance which many of you missed when coming from the market to [the] EIB,” he said.
Drawing a list of 10 principles his team should follow, he said they should not question colleagues in other units, who work on the ‘first line of defence’, generating deals for the institution. The audit report pointed to the fact that the split of responsibilities between the two functions needed to be more clearly defined.
But despite what he branded the “AML/CFT saga”, Hütz spoke proudly of his track-record on what were his last few days at the helm of the compliance department. He urged his team to leave complaints and conflicts aside and focus on getting “back on track”.
The fact-finding exercise and the examination of the whistleblowing reports by PwC are continuing. The complaints attribute the shortcomings in compliance to a culture of fear and blame. The bank acknowledged the tensions and launched a “compliance culture change” programme, the latest audit committee annual report shows.
In September, the EIB nominated Hütz to represent the bank as member of the London-based European Bank for Reconstruction and Development’s (EBRD) board of directors, where he started his new role at the beginning of February.
Hütz declined to comment on his departure, the inquiry and the gaps in the audit report, but said he had a “long and successful career at [the] EIB, in the legal service and then in compliance”.
The EIB has yet to fill the position of group chief compliance officer.