Guru Pay Fined €85,000 In Lithuania For Compliance Failures

The Bank of Lithuania has fined Guru Pay €85,000 for failures to comply with a variety of payments and money laundering laws. 

The electronic money institution, licensed in 2020, was found to be deficient during a recent inspection, the regulator said in its latest bulletin. 

The central bank’s Financial Market Supervision Committee imposed sanctions after finding that the institution's monitoring of business relations and transactions was inadequate, failing to align with the scale of its activities and the nature of its customers. 

This resulted in lapses where customer-initiated operations were not promptly stopped, examined and evaluated. 

Additionally, the regulator found Guru Pay to be non-compliant with its own capital requirements, with deficient internal control procedures in place. It also noted significant violations in internal audit and ICT operations management. 

Inspectors identified deficiencies in Guru Pay’s internal control regarding money laundering and terrorist financing prevention, stemming from the distribution of functions and conflicts of interest management. 

Moreover, the institution's procedures failed to consistently determine the identity of customer representatives, the nature of customer activities and associated risks. 

Shortcomings in the institution's information security monitoring system led to a warning from the regulator.

Additionally, the Bank of Lithuania highlighted further violations and shortcomings, including inadequate management of ICT and security risks, the absence of a comprehensive register of ICT resources, incomplete recording of available resources, mismatched information security policy, lack of familiarity of third-party service providers with said policy, deficiencies in business continuity plan testing, and failure to inform the Bank of Lithuania about a significant contract for the transfer of operational functions.

When determining enforcement measures, the Bank of Lithuania considered mitigating factors such as the institution's efforts to address some violations and shortcomings, as well as its commitment to complying with relevant laws governing ICT and money laundering and terrorist financing.