News

France’s financial regulator fined Credit Agricole €1.5 million for anti-money laundering violations in its first enforcement action stemming from the use of an artificial intelligence tool that allowed examiners to analyze hundreds of millions of the bank’s transactions and other data.

The Paris-based Autorite de controle prudentiel et de resolution, or ACPR, disclosed Wednesday that an onsite inspection of Credit Agricole’s division in the southern province of Languedoc uncovered shortcomings in the bank’s transaction-monitoring systems, customer due diligence processes and procedures for investigating suspicious payments that persisted from January 2018 to June 2020.

With 2,700 employees and a million customers in the region, the cooperative lender dominates the region’s financial services market. But its transaction-monitoring system was based on an “incomplete set of scenarios which did not enable it to detect certain types of atypical transactions,” the ACPR found.

For example, the bank’s systems would only flag cash deposits by individual customers for further investigation if they exceeded €14,000 a week—an amount far higher than the average monthly salary in Languedoc.

After assessing a sample of customer due diligence files related to dozens of high-risk clients, including private banking customers and nonprofit organizations, the ACPR also found that key pieces of due diligence information, such as clients’ sources of wealth and regular income, were frequently missing.

The bank also failed to investigate customers displaying red flags for financial crime, including clients who received transactions that far outstripped their income, or made unusually large cash deposits and withdrawals, according to the regulator.

These all too common failings were far less noteworthy than the fact that they were uncovered through use of an artificial intelligence tool, LUCIA, which the ACPR began deploying last year following several years of tests, and which allowed regulators to collect and analyze 540 gigabytes of data on 750 million transactions.

The technology enabled regulators to analyze payment references, the currencies used and the location of the beneficiaries of transactions and other data, and cross-reference this information with customer due diligence files to identify suspicious financial activity.

The ACPR, for example, identified several customers who made payments abroad via money services businesses and online crowdfunding sites in a manner indicative of terrorist financing, then looked more closely at what controls the bank had in place to mitigate the risks posed by these clients.

Matthias Laporte, an inspector with the ACPR who led the LUCIA pilot project, told the regulator’s annual conference in November last year that not only is the tool able to process massive amounts of data, its algorithm is able to recognize new patterns of suspicious activity by itself in ways that data analytical tools based on monetary thresholds and pre-defined transactional scenarios are not.

The ACPR’s sanctions committee, which is responsible for assessing inspection reports and imposing penalties, rejected a complaint from Credit Agricole that a failure by regulators to inform the bank of their intention to use the LUCIA tool when they first requested data from it was unfair and its use “excessive” and “disproportionate.”

Florence Mercier-Baudrier, a former ACPR inspector, told ACAMS moneylaundering.com that tools such as LUCIA will allow supervisors to assess the compliance controls of financial institutions going back for longer periods—for example three years instead of the “standard” 12-month timeframe—and select “more and more varied” customer files for closer examination.

“But it will be interesting to see if the use of this tool does not also cause a boomerang effect,” said Mercier-Baudrier, now an independent AML consultant based in Paris. “Because with this tool, the expectations of the sanctions committee will be higher, and it therefore will be necessary to show more deficiencies [for monetary penalties to be imposed].”

Contact Gabriel Vedrenne at gvedrenne@acams.org