The Luxembourg state-owned bank Spuerkeess has acknowledged “structural weaknesses” in its transaction monitoring systems. However, it insists that the fine imposed by the financial sector regulator, the CSSF, does not prove that these shortcomings contributed to the €61 million fraud at the Caritas foundation.
It’s a bold statement, but it may be part of a broader legal strategy. The question of responsibility will ultimately be for the courts to decide. In its official decision, the CSSF made clear that its investigation followed the fraud at the Caritas foundation, but also stated it is not within its remit to assess the bank’s legal responsibility. While the regulator pointed to shortcomings in Spuerkeess’s systems, it stopped short of saying whether the fraud could have been prevented had those weaknesses not existed.
This can be interpreted as the CSSF deliberately deferring the question of liability to the judiciary, particularly in light of the broader governance failures already exposed within Caritas itself.
One detail from the regulator’s findings stands out: the CSSF says it had already identified systemic and structural shortcomings during an inspection back in 2018. That earlier audit focused on Spuerkeess’s anti-money laundering (AML) and counter-terrorist financing (CTF) procedures.
Although the bank took certain steps at the time, including processes surrounding transaction monitoring, the CSSF says these were insufficient to detect suspicious transaction patterns.
This point is particularly relevant given what has since come to light in the Caritas case. A large number of high-value payments were processed via Spuerkeess, sometimes several on the same day. The regulator found that the bank’s systems were not designed to flag such rapid, repeated movements of funds, meaning no alerts were triggered in cases like Caritas.
According to the CSSF, Spuerkeess should also have ensured that the transactions aligned with the client’s profile, which clearly was not the case.
The regulator also highlighted inconsistencies in the bank’s handling of transactions involving so-called high-risk countries. In the Caritas affair, money was initially transferred to accounts at Spanish bank BBVA, supposedly for suppliers in Turkey. In reality, investigators believe the funds were later sent on to destinations such as China.
Another bank, BGL BNP Paribas, also processed payments on behalf of Caritas, but only domestically to Spuerkeess. This may partly explain why the CSSF did not issue a fine in that case.
However, BGL BNP Paribas may not be fully in the clear. The matter of the credit lines granted to Caritas, reportedly worth millions and approved over a short period, has not yet been resolved. Responsibility for investigating the credit lines lies with the European Central Bank (ECB), not the CSSF, and its findings have yet to be published.
At the time, Caritas had argued that delays in receiving state subsidies due to the elections justified its request for credit. The government has categorically denied this version of events, and it’s a claim the banks arguably should have verified more carefully.
For systemically important banks like BGL and Spuerkeess, the ECB is the competent authority when it comes to credit risk supervision. Its conclusions are still pending, as are those from the criminal investigation into the actual perpetrators of the €61 million fraud.
One thing, however, is now clear: the money is gone. As the public prosecutor confirmed recently, it is unlikely the stolen funds will ever be recovered.
