Did ING and PAYVISION partner in crime?

Investigation Houston

Did ING and PAYVISION partner in crime?

Ruthlessness reaches a new high!

Despite being aware of ongoing criminal proceedings for culpable money laundering,  despite pledging to the Dutch prosecutor to try hard to remedy compliance shortcomings (under the oversight of DNB), and despite being very well aware of the dirty kind of business PAYVISION was in, ING Bank NV (one of the biggest banks worldwide)  acquired 100% shares of PAYVISION in January 2018 at an excessive purchase price.  In addition to consolidating the cybercrime enabler,  ING Bank NV entered into a partnership agreement with PAYVISION, promising to provide the payment institution access to ING bank accounts for its (shabby) business.

From at least 2013 up to January 2019, PAYVISION supported international cybercriminal organizations to scam tens of thousands of innocent retail investors. The money flow was done via ING accounts. 

ING Groep NV is a global, systemically important bank!

ING Groep NV is the holding company of the ING group and is ranked among the top European banks in market capitalization. It is expected to be one of the banks with a significant net interest income (NII) increase in 2024, along with other central banks like Santander, BBVA, HSBC Holdings PLC, and Deutsche Bank AG. Hundreds of millions of transactions are processed through its accounts every month.

ING Bank NV (Dutch subsidiary) qualifies as a systemically important bank; therefore, in 2008, the Dutch government injected 10 billion € (tax money) after the financial services company became a victim of the global financial crisis. Big banks bear a great responsibility for the financial stability and reliability of our economic system. ING can, therefore, be expected to act in a gritty and socially responsible manner.

In principle, ING agrees with this approach. In its annual group accounts—nicely and colorfully illustrated—ING talks a lot about the importance of its “gatekeeper role” for a reliable financial system and for society. ING also talks a lot about the banks’ responsibility in fighting cybercrime and financial crime and hails itself for its remarkable achievements in these areas.


But anyway, big words have to be judged by deeds.


"Business over Compliance"

In February 2016, the Dutch Public Prosecution Service (FIOD), under the guidance of the National Bureau for Serious Fraud, Environmental Crime, and Asset Recovery (Functioneel Parket) and the National Bureau (Landelijk Parket), initiated a criminal probe named “Houston” into ING Bank NV (ING NL). This action stemmed from multiple criminal investigations by the FIOD, which disclosed that various suspicious individuals and legal entities held one or more accounts with ING Bank NV (ING NL).

Subsequent investigations covering the period from 2010 to 2016 exposed significant and severe structural shortcomings within the Dutch ING Group regarding the enforcement and execution of its group-wide, risk-based compliance strategy, particularly the Financial Economic Crime (FEC) Customer Due Diligence (CDD) policy. Consequently, the scope of the investigation was broadened.

The investigation pinpointed the following deficiencies (refer to section 3.2. of the Houston report, Annex 1):

  1. Lack or incompleteness of CDD files.
  2. Misclassification of risk categories.
  3. Deficiencies in the (regular) CDD review process.
  4. Delayed termination of business relationships despite clear signs of fraud.
  5. Inefficiencies in the post-transaction monitoring system.
  6. Incorrect segmentation of customers.
  7. Inadequate qualitative and quantitative staff resources.

Regarding transaction monitoring, the prosecutor found that ING configurations were adjusted so that numerous accounts received limited scrutiny. ING staff employed a method known as “capping” or “topping” to minimize alerts during transaction monitoring. The system was structured to halt monitoring specific categories of money laundering indicators each day after reaching a pre-set threshold of signals (potential money laundering indicators). This threshold was capped at three daily alerts for several key categories of money laundering indicators.

The investigation revealed that the system’s limit on alerts was primarily dictated by the available staff capacity at ING NL to thoroughly examine these alerts. For instance, an internal recommendation from ING NL concerning alert evaluation suggested: “Adjust (…) parameters to contain the surplus of alerts, thereby decreasing the workload.

In summary, the prosecutor found that ING NL has structurally under-invested in meeting its legal obligations over a long period. One reason for this was that carrying out appropriate compliance procedures was often considered less important than the business. ING NL´s focus was mainly on the profitability of the organization and reaching its commercial objectives. The board of management failed to understand the importance of appropriate compliance measures.

Culpable money laundering!

Based on the criminal investigation, the Netherlands Public Prosecution Service found that from 1 January 2010 up to and including 31 December 2016, ING NL was guilty of violating several provisions of the AML/CTF Act and of culpable money laundering, which is made punishable by Article 420quater of the Dutch Criminal Code on several occasions during this period.

 Culpable money laundering  (two years of imprisonment) is intended for cases in which the money laundering is less objectionable, for instance, the partner of a criminal who should have wondered where all the money came from and did not do anything (dolus eventualis).

Settlement agreement announced as of September 4, 2018

According to the settlement agreement reached between ING NL (signed by Ralph Hamers and Steven van Rijswijk it was decided to not bring the case to the criminal court for the following reasons:

  •  Insufficient evidence to charge individuals with criminal offenses,
  •  Payment of a total fine of €675 million and a disgorgement payment of €100 million for any AML/CFT facts and shortcomings of the ING NL from 2010 up to the date of the settlement (beginning September 2018 (!). 
  • ING stated that it had taken remedial measures that serve (in part) to prevent the aforementioned criminal offenses and that the remedial measures to improve the compliance and governance policy will be done under the supervision of the Denederlandschen Bank (DNB).

As stipulated in section 1.4 of the agreement, the settlement’s validity hinged on the condition that no appeals would be filed against it. However, the situation became complicated when Pieter Lakeman, representing the shareholder organization SOBI (Stichting Onderzoek Bedrijfs Informatie), appealed. This, coupled with the continuing criminal investigation involving Ralph Hamers, suggests that the resolution of the settlement agreement remains unresolved.

ING announced the strategic investment in PAYVISION in January 2018!

Amidst the ongoing criminal investigation, ING’s legal team was fervently striving to persuade the Dutch prosecutor of the management board’s newfound recognition of its crucial role in protecting the financial system. Concurrently, Ralph Hamers engaged in negotiations with Rudolf Booker to acquire PAYVISION. This Amsterdam-headquartered, high-risk regulated payment institution was well-known in Amsterdam and across Europe for its extensive merchant portfolio, notably encompassing industries such as pornography, gambling, and various scams.

Ralph Hamers celebrated the acquisition of Payvision as bringing digitalization to ING at the end of January 2018: Payvision’s founding team has developed a great business with proven technology in an area where ING wants to grow. “We are confident our customers will strongly benefit from this investment.”

ING had already done business with PAYVISION before!

According to the publicly accessible court ruling, ref.: C/13/604101/KG ZA 16-261 PS/MB, of the Amsterdam Court of Justice dated March 15, 2016, ING NL already provided bank accounts to PAYVISION as early as 2015.  The dispute in question, underscored by the Amsterdam judgment, revolved around PAYVISION and its client, LOPOCA. PAYVISION had adopted a common practice among high-risk payment service providers of imposing substantial early termination fees. LOPOCA contested that the retention of €16,414,118.73 was unjustifiable. Amidst the legal contention, LOPOCA initiated a move to freeze PAYVISION’s bank accounts held at ING NL. Following a court order issued on March 8, 2016, ING NL was compelled to act. The seizure of PAYVISION’s accounts presumably prompted ING NL to scrutinize its client’s operations more closely, likely leading to insights about the problematic nature of the clientele PAYVISION was serving. Warnings and Criminal proceedings against LOPOCA for being a purely fraudulent MLM system have been pending for many years (already before PAYVISION onboarded them). 

ING had already done business with Barak´s companies before!

ING payment accounts have already appeared in Barak and Lenhoff`s criminal files in 2016. Back then, victims from the fraud website optionstars.com  were requested to transfer their money via the payment account of MoneynetINtel Ltd—an FCA-regulated e-money payment provider—held with ING Bank Slaski (Polish subsidiary of ING Bank NV).

transfer to ING Bank Slaski

MoneyNetInt Ltd was owned by Israelis and has been known since many years as being one of the main payment service companies serving big  binary options companies, including LBinary and NRGBinary. Back in 2016, MoneyNetInt Ltd marketed its services to binary options brokers at the industry’s conferences and trade shows.

MoneyNetInt Ltd has processed tens of millions via the Polish ING payment bank account and sent the money to the Bulgarian bank accounts of E & G Finances Ltd (beneficial owner: Gal Barak).

Due to a huge number of retail consumer complaints the Belgium Supervisory authority – FSMA –  banned the marketing of binary options to Belgium retails consumers already on 8 August 2016.

In late 2020, it became publicly known that ING Bank Slaski (a subsidiary of ING NL) was implicated in significant money laundering activities involving Russian entities. Dutch shell companies Tristane and Schildershoven, which were operating on behalf of Russian clients, began utilizing ING Slaski’s bank accounts in late 2013 for transactions involving Russian securities. As revealed by the FINCEN files, the Polish branch of ING was instrumental in processing payments totaling at least $675 million to firms that were part of the money laundering network. This figure was recorded for the years 2014 and 2015 alone. This information corroborates our investigative findings.

ING bank accounts used for the BARAK and Lenhoff scam due to the "strategic partnership"!

Part of the strategic partnership between PAYVISION and ING (we refer to Ralph Hamer’s announcements  was the provision of ING bank accounts for PAYVISION activities.

Under banking and money laundering regulations, ING NL/resp. ING Groep NV—as the holding company—was obligated to thoroughly comprehend the risks associated with conducting business with PAYVISION. Furthermore, ING  was also mandated to ascertain the adequacy and effectiveness of the compliance system implemented by PAYVISION when consolidating the entity and, above all, when providing payment accounts to PAYVISION.

But as the prosecutor already stated in its report, Business over Compliance seems to have determined the extent to which CDD ING Bank Nl actually applied to some of its business opportunities.

1) Payment accounts

ING NL provided the payment accounts, which were essential for Stichting Trusted Third Party Payvision to amass funds from the victims on behalf of Barak and Lenhoff’s criminal networks. The funds from the victims, processed by card companies, were deposited into these accounts. Subsequently, PAYVISION transferred these funds, deducting a substantial processing fee, to Bulgarian or offshore bank accounts belonging to the registered merchants, notably Gpay Ltd and Hithcliff Ltd.

All these merchants were essentially shell companies, characterized by a lack of online presence, no historical financial records, and, most importantly, no license required to market binary options to European retail consumers.

Remarkably, a substantial amount, amounting to several million euros, from the accumulated funds of the victims was directly transferred from the ING payment account to a Bulgarian bank account belonging to Winslet Enterprises EOOD. Notably, Winslet and the previously mentioned onboarded merchants had no documented or formal association. Uwe Lenhoff notably financed his luxury lifestyle using the funds transferred to Winslet Enterprises EOOD’s bank account. According to Lenhoff´s criminal court files the transfers were earmarked as “profit distribution”.

2) ING bank accounts for Barak and Lenhoff´s money mules

ING NL also provided a bank account at the Romanian branch for Celtic Pay Ltd, a merchant also onboarded by PAYVISION for the card transactions of the fraud websites option888, xmarkets, and tradeinvest90.
Celtic Pay Ltd. was founded in London on February 2, 2018. The parent company was Celestial Trading Ltd., based in the Seychelles. From April/May 2018, Celestial Trading Ltd. was the domain owner for the fraud platforms option888.com, tradeinvest90.com, tradovest.com, and xmarkets.com (Lenhoff´s brands)—the first warnings re. Celestial Trading Ltd. was issued immediately after the start of operations and just about at the time when ING NL onboarded Celtic Pay Ltd.

Celestial Trading Ltd

PAYVISION processed approximately €9 million in card payments from retail consumers who invested in binary options through platforms such as Option888 and Xmarkets. These funds were collected on behalf of Celtic Pay Ltd, utilizing the payment account facilitated by ING BANK. Subsequently, after deducting processing fees, the funds were transferred to Celtic Pay Ltd’s bank account with ING  NL, specifically at the Romanian branch.

A further portion of the money collected for Barak´s and Lenhoff´s brands was forwarded to another  not related company: 4Com Network SRL. 4Com Network SRL also had an account with the ING Bank NL (again, the Romanian branch) without any documented personal relationship with PAYVISION’s onboarded merchants. 

Barak and Lenhoff´s court files include the relevant bank statements of the Bulgarian entities used.

payment accounts provided by ING NL

PAYVISION continued its business activities until May 2021!

Since the summer of 2018, the media reported on PAYVISION´s massive involvement in Barak and Lenhoff´s criminal organization. These media reports forced PAYVISION to terminate the business relationship with Barak and Lenhoff at the end of 2018. By now we know that PAYVISION has worked for the cybercriminal organization around Barak and Lenhoff since 2013 and has processed over 170 Mio stolen funds.

By now, we also know that PAYVISION  worked with Allied Wallet, a vast criminal case in the United States, and served porn companies; some of them are criminally prosecuted now. We also know that PAYVISION appears in the Dierlamm files (Wirecard trial) and the 24option criminal court files in Germany.


In 2019, numerous US high-risk merchants started court cases against T1 Payments Ltd (a payment facilitator) and its business partner PAYVISION for wire fraud and transaction laundering.

But PAYVISION continued its shabby business up to at least May 2021.

In October 2022 Dutch media reported that an on-site audit report established by DNB  in summer 2020 showed that 
-PAYVISION has seriously violated the Sanctions Act, the Financial Supervision Act and the Dutch Money Laundering and Terrorist Financing Act (Wwft) since 2015 at the latest;
– that fraud signals were deliberately ignored by PAYVISION deliberately failed to subject some of its customers to the legally required checks
– that customer checks and compliance with anti-money laundering regulations were systematically neglected.

Only at this juncture did ING make an impromptu announcement to the public, revealing their decision to shut down PAYVISION. The report highlighted that PAYVISION’s compliance and risk management systems had remained separate and were never integrated into ING’s broader infrastructure. ING affirmed its efforts to rectify the prevailing issues within PAYVISION, but regrettably, these attempts were unsuccessful.

By then tens of thousands of trustful European consumers lost their life savings to scammers through transactions involving PAYVISION and ING bank accounts.

Several open questions

Summarizing the result of the findings above, some material questions remain still open:

Why did ING not act properly when learning about the issues?

Who made the decision to buy this evident cybercrime enabler? and why is no one held accountable for buying this fraud enabler for a purchase price of €360 mio?

Despite negative media coverage and PAYVISION’s CEO, Rudolf Booker, facing inquiries during BARAK’s criminal proceedings in the summer of 2019, ING proceeded with the disbursement of the agreed-upon success fee and the remaining portion of the acquisition payment for PAYVISION, amounting to approximately 80 million euros, extending up to April 2020. Concurrently, in the same quarter of 2020, ING reported a significant write-down on its investment in PAYVISION. This sequence of events raises questions about the decision-making and financial management involved.

Why did ING not start an internal investigation in PAYVISION already in summer 2018 when the first adverse media reports showed evidence of PAYVISION´s involvement in scams?

Why has ING not yet reclaimed the money paid to Booker for the sale of a cybercrime enabler to ING?

As a publicly traded entity, Payvision is required to disclose any ongoing criminal investigations to shareholders. This prompts the question of why the ongoing criminal probe into Payvision, along with any adverse discoveries, was not publicly disclosed at the beginning of 2021.

Why did DNB (the supervisor in charge of ING and Payvision) not act properly and in time?

According to the settlement agreement signed on 4 September 2018, ING Bank NV`s compliance improvement process had to be supervised by the DUTCH financial supervisory authority DNB. 

How is it possible that ING Bank NV bought PAYVISION – a payment institution known for its involvement in high-risk customers (like Porn, and gambling) when ING Bank NV anyway had material money laundering issues?

Why did it take until summer 2020 to actually start an on-site audit of PAYVISION?

Why was the information about the on-site audit report never published although the information for sure was of public interest?

What conclusions can be drawn regarding ING’s efforts to overhaul its compliance systems (under DNB´s supervision (!)) upon uncovering PAYVISION’s extensive engagement in fraudulent activities?


The apparent recklessness demonstrated by ING NL in its acquisition of PAYVISION, a recognized facilitator of cybercrime amidst an ongoing money laundering investigation, suggests a significant deviation from ING´s board-professed commitments to the Dutch prosecutor.

The situation illustrates that monetary penalties for money laundering offenses have no impact. The board appears indifferent, treating such fines as mere expenses paid out of shareholders’ funds.