I’m not surprised! Why?
In my lectures at university but also in November 2025 for Zanders at there international meeting I emphasized the importance for financial institutions on risk assessment. But more important I pointed out that credit risk and fraud related risks are not to be seen as separate risks.
Risk assessment (or like now formulated) “risk weighting” requires a high degree of skepticism.
AML risk assessment started at the FATF with a “static” system based on regulations and static “follow the (proven calculation) rules”.
But it showed a effective AML system required more!
So, I’m not surprised of this action of the ECB as a signal of a *more aggressive stance, *the importance of the quality of the data. They demand more *future precision and knowledge and a (in my view better word than “high”) *“professional” degree of skepticism.
What can we do?
A risk based approach where *correct data and *professional analyses based on *proven statistic and calculation rules can help us to assess the individual risks. In the perfect world this would be enough.
But Money is the Root of (all) Evil.
Financial crime and misconduct are often based on normal and everyday conduct. Transactions and activities that do not rise suspicion.
You will only find out how these normal transactions are used for “misconduct” it you combine
1) a normal percentage of professional skepticism and
2) knowledge of how systems can be (mis)used.
The next step
- Capital reporting and transaction monitoring but also the upfront and ongoing customer due diligence for both should go hand in hand and
- Capital risk assessments can learn from the lessons from the fight against Money laundering and Terrorism financing.
More information
For those interested read the ECB report and to the Fincrime website for more information.
To make it easy also some important parts of the summary at the Fincrime website
“IMPLICATIONS FOR FUTURE SUPERVISORY ENGAGEMENTS
This enforcement action signals a more aggressive stance by the European Central Bank regarding the integrity of supervisory data. As the financial industry moves toward more complex digital transactions, the quality of the data provided to regulators becomes the bedrock of financial stability. The 12.18 million Euro fine is not merely a punishment for a past mistake but a demand for future precision. Other institutions are now on notice that the ECB will scrutinize the underlying methodologies used for risk weighting with a high degree of skepticism. This focus on data quality is also closely linked to anti-money laundering efforts, as the same systems used for capital reporting often overlap with those used for transaction monitoring and customer risk assessment. The ability of a bank to challenge these decisions before the Court of Justice of the European Union remains a legal right, yet the factual findings regarding the duration and scope of the misreporting are difficult to contest. The long term impact of this case will likely be seen in increased regulatory reporting requirements and more frequent on-site inspections by supervisory teams.
Banks must now demonstrate not just that they have capital, but that their methods for calculating that capital are beyond reproach. ………..This case also highlights the importance of the Single Supervisory Mechanism’s role in harmonizing the supervision of banks across different European jurisdictions. ………… As the ECB continues to refine its supervisory tools, banks can expect a higher degree of automation in how their data is analyzed and flagged for inconsistencies. The era of being able to hide reporting errors within massive data sets is coming to an end, as regulatory technology catches up with the complexity of modern finance. J.P. Morgan SE will now have to work diligently to restore its standing with the ECB, ensuring that every future report is a reflection of its true financial position. This journey toward improved compliance will serve as a case study for the entire industry on the perils of systemic negligence in the digital age.”
