Lietuvos bankas revoked UAB Foxpay licence due to serious and systematic breaches
Lietuvos bankas revoked the electronic money institution licence of UAB Foxpay (hereinafter, Foxpay) for serious and systematic breaches of legal acts regulating the prevention of money laundering and terrorist financing, safeguarding of client funds and other legislation.
Following the decision, Foxpay can no longer provide financial services.
Lietuvos bankas notes that Foxpay’s operational shortcomings and breaches of legislation were identified in all areas inspected:
I.T., the controlling shareholder of Foxpay, does not meet the requirements of the legislation applicable to shareholders;
- Foxpay infringed the following key requirements for the prevention of money laundering and terrorist financing (AML/CTF):
- Failed to ensure that its internal control system for AML/CTF was effective and sound. The institution failed to ensure the management of conflicts of interest when providing services to clients related to the controlling shareholder and board members. The lack of appropriate measures to manage the conflict of interest increased the associated ML/TF risks;
- AML/CTF processes implemented in practice were not in line with internal procedures. Members of the Management Board and the staff whose functions and responsibilities were not directly related to the performance of the AML/CTF function were involved in implementing AML/CTF measures, the employees of the undertakings related to the controlling shareholder were provided with information relating to the implementation of the AML/CTF measures in the absence of any justification for doing so;
- Failed to ensure adequate identification of clients, their representatives and beneficiaries, including enhanced client identification. While the clients of Foxpay with higher ML/TF risk represented a significant proportion of the total turnover of the institution’s clients, Foxpay failed to take appropriate measures in relation to these clients to identify the sources of assets and funds and to apply additional measures of client and beneficiary identification;
- Failed to establish sufficient measures for monitoring client’s business relationships and operations/transactions. The measures were inadequate and insufficient to detect unusual and/or suspicious client activity and/or payment transactions in a timely and effective manner, to conduct proper investigation and to ensure adequate management of ML/TF risks, taking into account the risks posed by Foxpay clients and ongoing transactions. Foxpay did not always initiate internal investigations into suspicious or unusual monetary operations, or they were formal. No internal payment transactions between Foxpay clients were monitored during a significant part of the inspection period;
- Failed to ensure that clients’ individual ML/TF risks were properly identified and assessed. Accordingly, the institution failed to take sufficient measures to manage risks.
- During the inspection period, Foxpay did not ensure proper compliance with the requirements for the safeguarding of client funds and a reliable, effective and properly functioning internal control system in this area, which threatened the ownership of electronic money holders/clients:
- By failing to ensure the proper compliance with the requirements for the safeguarding of client funds, on certain dates it had less client funds held in safeguarding accounts than the estimated amount of client funds to be safeguarded;
- In the absence of effective internal controls, taking into account the specific nature of the company’s activities, it did not ensure the ongoing and appropriate compliance with the requirements for the reconciliation, segregation and safeguarding of client funds;
- By failing to ensure an effective internal information system for the safeguarding of client funds, it failed to comply with the obligation to ensure that its management and staff received, in a timely manner, the information on the processes for the safeguarding of client funds for the performance of their functions;
- By failing to comply with the requirements for carrying out internal audits, it did not ensure the proper performance of the internal audit function in the area of safeguarding client funds, adequate auditor accountability and guarantees of its independence;
- It failed to ensure the provision of accurate data to the supervisory authority on all special accounts for the safeguarding of client funds;
- Foxpay carried out its activities through a company associated with its controlling shareholder, which did not appear on the list of intermediaries acting on behalf of the institution, and failed to inform Lietuvos bankas thereof. The gravity of the infringement was exacerbated by the fact that the company disposed funds of Foxpay clients without valid justification. The internal control processes of Foxpay for the safeguarding of client funds included the sharing of internal information related to client funds and financial data; these matters were discussed among the employees of companies related to the controlling shareholder of the institution;
- The identification and access management control procedures applied by Foxpay had shortcomings and in practice failed to ensure that the identification and access management process was properly implemented;
- During the inspection, the institution provided Lietuvos bankas with inaccurate and incomplete information, resulting in inconsistency in the inspection process.
It was also found that, during the inspection period, a person closely linked with the controlling shareholder of Foxpay who had been convicted several times was involved in the activities of the institution, even though the institution denied that. As a result of these links, the Government of the Republic of Lithuania acknowledged that the main shareholder of Foxpay was not in line with national security interests. These circumstances jeopardised the safety and soundness of the institution’s operations.
Lietuvos bankas considered the violations identified particularly serious and claimed that there were no grounds to expect that the institution would be able to operate on a stable and credible basis, ensure an appropriate compliance culture and risk management and comply with the regulatory requirements. As a result, the licence of Foxpay was revoked.
Following the decision of Lietuvos bankas, Foxpay must inform its clients about the settlement procedure within 5 working days at the latest. Clients who hold fuds in the accounts opened with the company must apply directly to Foxpay for their return. The funds must be returned to the account specified by a client opened with a credit or other electronic money or payment institution.
Lietuvos bankas launched a non-routine inspection of Foxpay in March. The company’s activities were severely restricted in July, followed by an in-depth assessment of the breaches identified and the explanation provided by the institution.
Foxpay was issued an electronic money institution licence at the end of September 2017. It was acquired by the current controlling shareholder in 2022. In terms of income from licensed activities, Foxpay ranked 34th among electronic money and payment institutions, and 41st in terms of turnover.
Timeline:
- From 18 March 2024 to 9 July, Lietuvos bankas conducted a non-routine inspection of Foxpay, inspecting the activities of the institution from 30 September 2022 to 20 March 2024.
- On 14 June, defending the public interest, Lietuvos bankas partially restricted the rights of Foxpay to submit payment orders and receive transfers via the CENTROlink payment system. The restrictions did not apply to Foxpay payments related to services provided to the public sector.
- On 12 July, Lietuvos bankas restricted the activities of Foxpay and appointed Grant Thornton Baltic UAB as a temporary representative to oversee the institution’s activities.
- On 13 August, after it was found that Foxpay had failed to comply with the instruction to execute payments exclusively related to the provision of public services via the CENTROlink payment system, Lietuvos bankas put in place additional control measures.
- On 27 September 2024, Lietuvos bankas extended the work of the temporary representative responsible for supervising the activities of Foxpay until 30 November 2024.
- On 22 November, Lietuvos bankas revoked the electronic money institution licence of Foxpay for serious and systematic breaches of legal acts regulating the prevention of money laundering and terrorist financing, safeguarding of client funds and other legislation.
***
Information on enforcement measures applied by Lietuvos bankas, complaints concerning the imposed sanctions and the results of their investigations can be found here.