Executive Summary

Dutch authorities concluded that ING Netherlands systematically failed to comply with AML obligations over a multi-year period. Customers were onboarded and maintained without adequate KYC, transactions were processed without proper monitoring, and obvious red flags were missed or not investigated. In 2018, ING accepted a settlement of €775 million (fine + disgorgement) with the Dutch Public Prosecution Service (OM), without contesting the core findings.

Background: ING’s Retail & Corporate Client Base

ING is a large Dutch bank with millions of retail and corporate clients. In the period under review (roughly 2010–2016), ING relied heavily on automated onboarding and monitoring systems, but did not allocate sufficient resources to data quality, alert handling, or customer risk reviews. As a result, many clients were onboarded with incomplete or incorrect information, and suspicious patterns in their account activity went undetected or unanalyzed.

Timeline of Key Events

• 2010–2013: ING expands digital onboarding, but KYC files are often incomplete or outdated.
• 2014: Internal and external reviews highlight deficiencies in client due diligence and monitoring.
• 2015–2016: Dutch authorities investigate ING’s role in facilitating suspicious activities, including flows linked to possible corruption and money laundering.
• 2017–2018: ING cooperates with authorities, remediates some issues and prepares for settlement.
• September 2018: Public announcement of a €775 million settlement with Dutch prosecutors.

Key AML & KYC Failures at ING Netherlands

Red Flags That Should Have Triggered Stronger Action

• Customers with unclear or inconsistent stated business activities.
• Large, unexplained transaction volumes compared to customer profile.
• Accounts used primarily as pass-through conduits for incoming and outgoing payments.
• Inadequate documentation on source of funds or wealth for higher-risk clients.
• Repeated system alerts on the same customers without timely investigation.
• Signals from law enforcement or other banks that were not fully explored.

Settlement & Consequences

In 2018, ING agreed to a settlement with the Dutch Public Prosecution Service that included:

• Total payment of €775 million (fine plus disgorgement of illegally obtained benefits).
• No criminal prosecution of the bank, but formal acknowledgement of serious shortcomings.
• Commitments to significantly strengthen AML controls, including KYC remediation and system upgrades.
• Increased supervision and scrutiny from Dutch and European regulators.
• Reputational damage and greater scrutiny of AML practices across the Dutch banking sector.

Lessons for KYC, EDD & Transaction Monitoring Teams

• Basic KYC quality is the foundation — poor onboarding data destroys risk assessments and monitoring.
• Automated monitoring must be supported by tuned scenarios, good data and competent human review.
• STR obligations are time-sensitive and must be supported by clear internal escalation workflows.
• Periodic KYC reviews are critical to keep customer risk ratings aligned with actual behaviour.
• Compliance functions need sufficient staffing and budget to be effective, not symbolic.
• Regulators increasingly view “systemic negligence” as a basis for very large penalties.

GO-AKS Insight

“The ING Netherlands case is a powerful reminder that AML failures are not only about spectacular scandals — they often come from everyday gaps in KYC, weak monitoring rules and under-resourced compliance teams. For modern AML professionals, mastering data quality, risk scoring and escalation governance is just as important as detecting complex typologies.”