Having paid a routine visit to Basisbank, the Internet bank that services private customers and others, the Danish regulator Finanstilsynet says that the bank is not well prepared to tackle money laundering and has ordered it to draft a money laundering policy.

The inspection included the Bank's risk assessment, policies, procedures and internal controls as well as its procedures for recognising customers, including the monitoring of private customers.

The bank offers consumer loans to private customers through the bank's website and through various partners such as retailers and loan portals. In addition, the bank offers simple banking services such as salary accounts, pension accounts, childcare savings, simple savings products, payment solutions, debit cards and deposit accounts. In relation to the latter, the bank states that it does not provide advice and that customers can only buy Danish shares. Established in 2000, it operates as a subsidiary of Bokredit ApS on the Internet and has no physical branches, although it has a head office in Copenhagen.

Finanstilsynet estimates that the bank's inherent risk of being abused by money launderers or terrorists is "normal to high in comparison to the average of financial companies in Denmark."

The regulator has ordered the bank to draw up a money laundering policy, as it has not done so so far and therefore has neglected to set the limits for its risk tolerance or its broad strategic goals for the prevention of money laundering and terrorist financing.

The bank must also review its procedures and update them in relation to and in accordance with the current money laundering law, suiting them to its business and actual operations.

The bank is ordered to screen customers who take up consumer credit over the internet properly. At the moment it only uses NemID (a common log-in piece of software for Danish Internet banks, government websites and some other private companies, set up in 2010) to look for information about customers' identies. The Danish Money Laundering Act requires "extra due diligence" or EDD for non-face-to-face relationships.

Finally, the regulator has censured the bank for not having stored copies of credential documents that it received before the beginning of September in cases where it was lending money to customers through dealers.