The German Federal Financial Supervisory Authority (BaFin) has imposed three fines totaling €140,000 on DLT Securities GmbH for breaches of the Money Laundering Act (GwG). The sanctions were issued after BaFin identified deficiencies in the securities firm's internal safeguards designed to prevent money laundering and terrorist financing.
According to the information provided, DLT Securities GmbH failed to implement internal safeguards that were adequately tailored to its business model and client base. In addition, the firm did not monitor the effectiveness of these safeguards or update them regularly and as needed, as required by the applicable legal framework.
BaFin’s findings and legal basis
Under Section 6, Paragraph 1 of the Money Laundering Act, securities firms must establish internal safeguards through principles, procedures, and controls to manage and mitigate risks of money laundering and terrorist financing. These measures are intended to prevent the misuse of financial services to channel proceeds of crime into the legitimate financial system.
The law also requires institutions to continuously monitor the effectiveness of their internal safeguards and to update them regularly and whenever necessary. These obligations cover areas such as due diligence processes and risk management systems related to money laundering and terrorist financing risks.
Deficiencies at DLT Securities GmbH
BaFin found that DLT Securities GmbH did not adequately design and update its internal principles, procedures, and controls concerning its due diligence obligations and risk management. These shortcomings persisted for a prolonged period, at least between 1 May 2022 and 18 February 2025, despite the identified need for updates.
During this period, the firm’s internal framework for addressing money laundering and terrorist financing risks did not meet the standards set out in the Money Laundering Act. The lack of appropriate adaptations meant that the company’s systems were not sufficiently aligned with its risk profile, business activities, and customer structure.
Furthermore, the securities institution did not subject its digitized customer risk assessment process to any review. This absence of review meant that the effectiveness and adequacy of the digital risk assessment tools were not evaluated, contrary to the requirement to monitor internal safeguards.
Implications of the enforcement action
The three fines, totaling €140,000, reflect BaFin’s assessment of the gravity and duration of the identified violations of the Money Laundering Act. The case underscores the regulatory expectation that securities firms maintain robust, regularly updated internal safeguards and conduct ongoing reviews of both traditional and digitized processes used to assess and manage customer and transaction risks related to money laundering and terrorist financing.
