The breaches, which took place between 2010 and 2014, relate to life assurance products sold by Intesa in Italy and Slovakia. The firm is also the largest 'cross-border' life insurer authorised to operate in Ireland by the Central Bank of Ireland.
Intesa has admitted to four breaches of Ireland's Criminal Justice (Money Laundering and Terrorist Financing) Act (CJA), which came into force in 2010.
Brenda O'Neill, the Central Bank's head of enforcement investigations, said that the Central Bank had "responsibility for monitoring and enforcing the compliance of life insurers based in Ireland with the CJA".
"This includes insurers such as Intesa that 'passport' in order to operate in other EU member states on a freedom of services basis without establishing branches in those other member states," she said.
Financial enforcement expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said that the fine "highlights that AML is a high priority for a variety of regulators and prosecuting agencies worldwide".
"Despite Intesa not selling its life assurance products in Ireland, this case highlights that firms authorised in Ireland and 'passporting' into other European Union financial markets will remain subject to Irish AML/CFT legislation. This approach will likely be mirrored elsewhere and lead to significant financial penalties even when the firms in question bring the matters to light," he said.
The Central Bank of Ireland is responsible for monitoring and enforcing the compliance of financial firms based in Ireland with the CJA. This includes firms that 'passport' into Ireland from other EU member states without themselves establishing branches in Ireland.
Intesa informed the Central Bank in June 2014 that it had commissioned an independent third party to review its anti-money laundering controls, and that that third party had identified suspected non-compliance with the CJA. The Central Bank then began its own investigation. It identified four breaches of the legislation, which included inadequate risk assessment, inadequate due diligence on certain 'politically exposed persons' and inadequate reporting lines for reporting suspicious transactions to the regulators. The firm also failed to incorporate a review mechanism into its AML policies and procedures.
The Central Bank based the size of the penalty on what it viewed as the seriousness of Intesa's conduct, particularly given the firm's status as the largest cross-border insurer operating in Ireland; as well as the extended period of time over which the breaches occurred. The fact that Intesa cooperated with the investigation and settled at an early stage meant that the regulator was able to apply the maximum 30% settlement penalty discount.