Ruthlessness reaches a new high!
Despite ongoing criminal proceedings for culpable money laundering, despite pledging to the Dutch prosecutor to remedy compliance shortcomings under the oversight of DNB, and despite being fully aware of the dirty business Payvision B.V. was in, ING Bank N.V. — one of the world’s largest banks — acquired 100% of Payvision’s shares in January 2018 at an excessive purchase price. In addition to consolidating a cybercrime enabler, ING entered a “strategic partnership” with Payvision, providing access to ING bank accounts for Payvision’s business.
From at least 2013 to January 2019, Payvision allegedly supported international cybercriminal organisations in scamming tens of thousands of retail investors. The money flowed through ING accounts
From at least 2013 to January 2019, Payvision B.V. allegedly supported international cybercriminal organisations in scamming tens of thousands of innocent retail investors. The money flow was done via ING Bank N.V. bank accounts.
ING Groep NV is a global, systemically important bank!
ING Groep N.V. is the holding company of the ING group and ranks among the top European banks by market capitalisation. Hundreds of millions of transactions run through its accounts every month. As a systemically important institution, ING bears a particular responsibility for the stability of the financial system — and for society.
In its glossy annual reports, ING hails its gatekeeper role and its commitment to fighting cybercrime and financial crime. Big words must be judged by deeds.
"Business over Compliance" : the Houston probe (2010–2016)
In February 2016, the Dutch Public Prosecution Service (FIOD), under the guidance of the National Bureau for Serious Fraud, Environmental Crime, and Asset Recovery (Functioneel Parket) and the National Bureau (Landelijk Parket), initiated a criminal probe named “Houston” into ING Bank N.V. (ING NL). This action stemmed from multiple criminal investigations by the FIOD, which disclosed that various suspicious individuals and legal entities held one or more accounts with ING Bank N.V. (ING NL).
Subsequent investigations covering the period from 2010 to 2016 exposed significant and severe structural shortcomings within the Dutch ING Group regarding the enforcement and execution of its group-wide, risk-based compliance strategy, particularly the Financial Economic Crime (FEC) Customer Due Diligence (CDD) policy. Consequently, the scope of the investigation was broadened.
The investigation pinpointed the following deficiencies (refer to section 3.2 of the Houston report, Annexe 1):
- Lack or incompleteness of CDD files.
- Misclassification of risk categories.
- Deficiencies in the (regular) CDD review process.
- Delayed termination of business relationships despite clear signs of fraud.
- Inefficiencies in the post-transaction monitoring system.
- Incorrect segmentation of customers.
- Inadequate qualitative and quantitative staff resources.
Regarding transaction monitoring, the prosecutor found that ING Bank N.V. configurations were adjusted so that numerous accounts received limited scrutiny. ING staff employed a method known as “capping” or “topping” to minimise alerts during transaction monitoring. The system was structured to halt monitoring specific categories of money laundering indicators each day after reaching a pre-set threshold of signals (potential money laundering indicators). This threshold was capped at three daily alerts for several key categories of money laundering indicators.
The investigation revealed that the system’s limit on alerts was primarily dictated by the available staff capacity at ING NL to examine these alerts thoroughly. For instance, an internal recommendation from ING NL concerning alert evaluation suggested: “Adjust (…) parameters to contain the surplus of alerts, thereby decreasing the workload.
In summary, the prosecutor found that ING NL has structurally underinvested in meeting its legal obligations over a long period. One reason for this was that carrying out appropriate compliance procedures was often considered less important than the business. ING NL’s focus was mainly on the profitability of the organisation and achieving its commercial objectives. The board of management failed to understand the importance of appropriate compliance measures.
Culpable money laundering!
Based on the criminal investigation, the Netherlands Public Prosecution Service found that from 1 January 2010 up to and including 31 December 2016, ING NL was guilty of violating several provisions of the AML/CTF Act and of culpable money laundering, which is made punishable by Article 420quater of the Dutch Criminal Code on several occasions during this period.
Culpable money laundering (two years of imprisonment) is intended for cases in which the money laundering is less objectionable, for instance, the partner of a criminal who should have wondered where all the money came from and did not do anything (dolus eventualis).
Settlement agreement announced as of September 4, 2018
According to the settlement agreement reached between ING NL (signed by Ralph Hamers and Steven van Rijswijk) it was decided not to bring the case to the criminal court for the following reasons:
- Insufficient evidence to charge individuals with criminal offences,
- Payment of a total fine of €675 million and a disgorgement payment of €100 million for any AML/CFT facts and shortcomings of the ING NL from 2010 up to the date of the settlement (beginning September 2018).
- ING Bank NV. stated that it had taken remedial measures that serve (in part) to prevent the aforementioned criminal offences and that the remedial measures to improve the compliance and governance policy will be done under the supervision of the De Nederlandsche Bank (DNB).
As stipulated in section 1.4 of the agreement, the settlement’s validity hinged on the condition that no appeals would be filed against it. However, the situation became complicated when Pieter Lakeman, representing the shareholder organisation SOBI (Stichting Onderzoek Bedrijfs Informatie), appealed. This, coupled with the continuing criminal investigation involving Ralph Hamers, suggests that the resolution of the settlement agreement remains unresolved.
ING announced the strategic investment in PAYVISION in January 2018!
Amidst the ongoing criminal investigation, ING’s legal team was fervently striving to persuade the Dutch prosecutor of the management board’s newfound recognition of its crucial role in protecting the financial system. Concurrently, Ralph Hamers engaged in negotiations with Rudolf Booker to acquire PAYVISION. This Amsterdam-headquartered, high-risk regulated payment institution was well-known in Amsterdam and across Europe for its extensive merchant portfolio, notably encompassing industries such as pornography, gambling, and various scams.
Ralph Hamers celebrated the acquisition of Payvision B.V. as bringing digitalisation to ING Bank N.V. at the end of January 2018: Payvision’s founding team has developed a great business with proven technology in an area where ING wants to grow. “We are confident our customers will strongly benefit from this investment.”
ING had already done business with Payvision before!
According to the publicly accessible court ruling, ref.: C/13/604101/KG ZA 16-261 PS/MB, of the Amsterdam Court of Justice, dated March 15, 2016. ING NL had already provided bank accounts to Payvision B.V. as early as 2015. The dispute in question, underscored by the Amsterdam judgment, revolved around Payvision B.V. and its client, LOPOCA. Payvision B.V. had adopted a common practice among high-risk payment service providers of imposing substantial early termination fees. LOPOCA contested that the retention of €16,414,118.73 was unjustifiable. Amidst the legal contention, LOPOCA initiated a move to freeze Payvision’s bank accounts held at ING NL. Following a court order issued on March 8, 2016, ING NL was compelled to act. The seizure of Payvision’s accounts presumably prompted ING NL to scrutinise its client’s operations more closely, likely leading to insights about the problematic nature of the clientele Payvision B.V. was serving. Warnings and Criminal proceedings against LOPOCA for being a purely fraudulent MLM system have been pending for many years (already before PAYVISION onboarded them).
ING had already done business with Barak's companies before!
ING Bank N.V. payment accounts had already appeared in Barak and Lenhoff`s criminal files in 2016. Back then, victims from the fraud website optionstars.com were requested to transfer their money via the payment account of MoneynetINtel Ltd—an FCA-regulated e-money payment provider—held with ING Bank Slaski (Polish subsidiary of ING Bank NV).
MoneyNetInt Ltd was owned by Israelis and has been known for many years as one of the leading payment service companies serving big binary options companies, including LBinary and NRGBinary. Back in 2016, MoneyNetInt Ltd marketed its services to binary options brokers at the industry’s conferences and trade shows.
MoneyNetInt Ltd has processed tens of millions via the Polish ING payment bank account and sent the money to the Bulgarian bank accounts of E & G Finances Ltd (beneficial owner: Gal Barak).
Due to a huge number of retail consumer complaints, the Belgian Supervisory authority – FSMA – banned the marketing of binary options to Belgian retail
In late 2020, it became publicly known that ING Bank Slaski (a subsidiary of ING NL) was implicated in significant money laundering activities involving Russian entities. Dutch shell companies Tristane and Schildershoven, which were operating on behalf of Russian clients, began utilising ING Slaski’s bank accounts in late 2013 for transactions involving Russian securities. As revealed by the FINCEN files, the Polish branch of ING played a crucial role in processing payments totalling at least $675 million to firms that were part of a money laundering network. This figure was recorded for the years 2014 and 2015 alone. This information corroborates our investigative findings.
ING bank accounts used for the BARAK and Lenhoff scam due to the "strategic partnership"!
Under banking and money laundering regulations, ING NL/resp. ING Groep N.V.—as the holding company—was obligated to thoroughly comprehend the risks associated with conducting business with Payvision B.V.. Furthermore, ING Bank N.V. was also mandated to assess the adequacy and effectiveness of the compliance system implemented by Payvision B.V. when consolidating the entity, and, above all, when providing payment accounts to Payvision B.V.
However, as the prosecutor already stated in its report, Business over Compliance appears to have influenced the extent to which CDD ING Bank N.V. actually applied to some of its business opportunities.
1) Payment accounts
ING NL provided the payment accounts, which were essential for Stichting Trusted Third Party Payvision to amass funds from the victims on behalf of Barak and Lenhoff’s criminal networks. The funds from the victims, processed by card companies, were deposited into these accounts. Subsequently, Payvision B.V. transferred these funds, deducting a substantial processing fee, to Bulgarian or offshore bank accounts belonging to the registered merchants, notably Gpay Ltd and Hithcliff Ltd.
All these merchants were essentially shell companies, characterised by a lack of online presence, no historical financial records, and, most importantly, no license required to market binary options to European retail consumers.
Remarkably, a substantial amount, amounting to several million euros, from the accumulated funds of the victims was directly transferred from the ING payment account to a Bulgarian bank account belonging to Winslet Enterprises EOOD. Notably, Winslet and the previously mentioned onboarded merchants had no documented or formal association. Uwe Lenhoff notably financed his luxury lifestyle using the funds transferred to Winslet Enterprises EOOD’s bank account. According to Lenhoff´s criminal court files, the transfers were earmarked as “profit distribution”.
2) ING bank accounts for Barak and Lenhoff's money mules
ING NL also provided a bank account at the Romanian branch for Celtic Pay Ltd, a merchant also onboarded by Payvision B.V. for the card transactions of the fraud websites option888, xmarkets, and tradeinvest90.
Celtic Pay Ltd. was founded in London on 2 February 2018. The parent company was Celestial Trading Ltd., based in the Seychelles. From April/May 2018, Celestial Trading Ltd. was the domain owner for the fraudulent platforms option888.com, tradeinvest90.com, tradovest.com, and xmarkets.com (Lenhoff´s brands)—the first warnings regarding Celestial Trading Ltd. was issued immediately after the start of operations and just about at the time when ING NL onboarded Celtic Pay Ltd.
Payvision B.V. processed approximately €9 million in card payments from retail consumers who invested in binary options through platforms such as Option888 and Xmarkets. These funds were collected on behalf of Celtic Pay Ltd, utilising the payment account facilitated by ING BANK. Subsequently, after deducting processing fees, the funds were transferred to Celtic Pay Ltd’s bank account with ING NL, specifically at the Romanian branch.
A further portion of the money collected for Barak´s and Lenhoff´s brands was forwarded to another unrelated company: 4Com Network SRL. 4Com Network SRL also had an account with the ING Bank NL (again, the Romanian branch) without any documented personal relationship with Payvision B.V.’s onboarded merchants.
Barak and Lenhoff´s court files include the relevant bank statements of the Bulgarian entities used.
PAYVISION continued its business activities until May 2021!
Since the summer of 2018, the media have reported on Payvision B.V.’s massive involvement in Barak and Lenhoff´s criminal organisation. These media reports forced Payvision B.V. to terminate the business relationship with Barak and Lenhoff at the end of 2018. By now, we know that Payvision B.V. has worked with the cybercriminal organisation around Barak and Lenhoff since 2013 and has processed over €170 million in
By now, we also know that Payvision B.V. worked with Allied Wallet, a vast criminal case in the United States, and served porn companies; some of them are criminally prosecuted now. We also know that Payvision B.V. appears in the Dierlamm files (Wirecard trial) and the 24option criminal court files in Germany.
In 2019, numerous US high-risk merchants started court cases against T1 Payments Ltd (a payment facilitator) and its business partner Payvision B.V. for wire fraud and transaction laundering.
But Payvision B.V. continued its shabby business up to at least May 2021.
In October 2022, Dutch media reported that an on-site audit report, established by DNB in the summer of 2020, showed that
Payvision B.V. has seriously violated the Sanctions Act, the Financial Supervision Act and the Dutch Money Laundering and Terrorist Financing Act (Wwft) since 2015 at the latest;
– that fraud signals were deliberately ignored by Payvision B.V., which intentionally failed to subject some of its customers to the legally required checks
– that customer checks and compliance with anti-money laundering regulations were systematically neglected.
Only at this juncture did ING make an impromptu announcement to the public, revealing its decision to shut down Payvision B.V.. The report highlighted that Payvision B.V.’s compliance and risk management systems had remained separate and were never integrated into ING’s broader infrastructure. ING Bank N.V. affirmed its efforts to rectify the prevailing issues within Payvision B.V., but regrettably, these attempts were unsuccessful.
By then, tens of thousands of trusting European consumers lost their life savings to scammers through transactions involving Payvision B.V. and ING Bank N.V. accounts.
Several open questions
Summarizing the result of the findings above, some material questions remain still open:
Why did ING not act properly when learning about the issues?
Who made the decision to buy this evident cybercrime enabler? and why is no one held accountable for buying this fraud enabler for an enterprise value of €360 mio?
Why did ING Bank N.V. not start an internal investigation in Payvision B.V. already in summer 2018 when the first adverse media reports showed evidence of Payvision B.V.’s involvement in scams?
Why has ING Bank N.V. not yet reclaimed the money paid to Booker for the sale of a cybercrime enabler?
As a publicly traded entity, ING Bank N.V. is required to disclose any ongoing criminal investigations to shareholders. This prompts the question of why the ongoing criminal probe into Payvision B.V., along with any adverse discoveries, was not publicly disclosed at the beginning of 2021.
Why did DNB (the supervisor in charge of ING and Payvision) not act properly and in time?
According to the settlement agreement signed on 4 September 2018, ING Bank N.V.’s compliance improvement process had to be supervised by the Dutch financial supervisory authority DNB.
How is it possible that ING Bank NV bought Payvision B.V., a payment institution known for its involvement in high-risk customers (like Porn and gambling), when ING Bank N.V. already had material money laundering issues?
Why did it take until summer 2020 to actually start an on-site audit of Payvision B.V.?
Why was the information about the on-site audit report never published although the information for sure was of public interest?
What conclusions can be drawn regarding ING’s efforts to overhaul its compliance systems (under DNB´s supervision (!)) upon uncovering Payvision’s extensive engagement in fraudulent activities?
Conclusion
The apparent recklessness demonstrated by ING NL in its acquisition of Payvision B.V., a recognised facilitator of cybercrime amidst an ongoing money laundering investigation, suggests a significant deviation from ING´s board-professed commitments to the Dutch prosecutor.
The situation illustrates that monetary penalties for money laundering offences have no impact. The board appears indifferent, treating such fines as mere expenses paid out of shareholders’ funds.
