On January 6, 2026, Luxembourg’s financial regulator, the Commission de Surveillance du Secteur Financier (“CSSF”), announced that it imposed an administrative fine of EUR 185,000 ($215,000) on Rakuten Europe Bank, S.A. on October 9, 2025, for alleged violations of the Anti-Money Laundering and Counter-Terrorist Financing (“AML/CFT”) Law, the AML/CFT Grand-ducal Regulation, and CSSF Regulation No 12-02. The amount of the fine represents approximately one percent of the company’s total annual turnover as of December 2022. The CSSF reportedly discovered the breaches during an on-site inspection conducted between February 2023 and November 2023 while reviewing the Bank’s AML/CFT framework to determine if corrective actions had been taken years after another “European national competent authority” discovered AML-CFT breaches in 2020.
The CSSF reported that the fine was imposed after investigators identified “significant instances of non-compliance” with AML/CFT-related professional obligations in 2023, and found that compensatory controls in place at the Bank at that time were insufficient. According to the administrative decision, while Rakuten reportedly informed the CSSF that corrective measures had been implemented, CSSF investigators determined that the Bank’s monitoring system had not been kept up to date, which led to a number of AML/CFT breaches. The alleged breaches included significant delays in the processing of suspicious activity reports; significant “and recurring” delays in processing alerts related to customers who are potentially subject to restrictive measures; and a risk assessment program that failed to take into account the country of residence of beneficial owners and other persons purporting to act on behalf of bank customers.