Region

Jurisdiction

Regulator

2026-06-08

Report on Anti-Money Laundering Inspection of Connecting IT

The Danish Financial Supervisory Authority issued an inspection report on Connecting IT S.M.B.A. following a December 2025 anti-money laundering review, mandating immediate corrective actions across seven critical compliance failures. The regulator ordered the company to develop a comprehensive money laundering and terrorist financing risk assessment, establish a formal AML policy, and implement enhanced customer due diligence procedures that accurately reflect high-risk client profiles and business relationships. Additionally, the authority compelled the firm to register in the GoAML reporting system, strictly monitor and investigate suspicious transactions, and promptly notify the Money Laundering Secretariat to rectify systemic deficiencies in its compliance framework.

Denmark

Finanstilsynet Denmark

Inspection Report 08-06-2026

The Danish Financial Supervisory Authority (Finanstilsynet) conducted an inspection of Connecting IT S.M.B.A. in December 2025. The inspection was an examination of the anti-money laundering area. The inspection covered the following areas:

The company's risk assessment regarding whether geographical and cash-related risks are correctly identified.
The company's knowledge of and monitoring of customers making large cash payments.
The company's knowledge of and monitoring of customers conducting transactions to and from high-risk third countries.
The company's investigations of suspicious cash transactions, given the company's failure to notify the Money Laundering Secretariat.
The company's compliance with sanctions, particularly as the company is exposed to sanctioned countries.

Summary and Risk Assessment

Connecting IT is an IT company that also operates a money transfer business as a secondary activity.

Based on the inspection, several areas have prompted supervisory responses.

The company has not prepared a risk assessment regarding its exposure to money laundering or terrorist financing.

This creates a risk that the company cannot map the relevant risks. Risk mapping is essential as it forms the basis for designing the company's risk-mitigating measures.

The company has therefore been ordered to prepare a risk assessment for money laundering and terrorist financing [1].

The company has not prepared an anti-money laundering policy.

This creates a risk that the company's strategic risk management of money laundering and terrorist financing risks is not sufficiently effective. This is significant as a risk management policy forms the overarching foundation for strategic and operational risk management.

The company has therefore been ordered to prepare a risk assessment for money laundering and terrorist financing [2].

The company's customer due diligence was limited to obtaining identity information, identification documents, and details about the customer's occupation.

Without obtaining information on the purpose and intended nature of the business relationship, there is a risk that the company lacks a sufficiently sound basis to assess whether a transaction is unusual for the customer, or to risk-classify its customers. This is significant as the company is obligated to detect and report unusual transactions conducted on behalf of its customers.

The company has therefore been ordered to obtain information on the purpose and intended nature of the business relationship where relevant [3].

A number of the company's customers were classified as low- or medium-risk, even though their circumstances indicated high-risk characteristics.

When there is an insufficient risk assessment of customers, there is a risk that the company loses oversight of which customers pose an increased risk of money laundering or terrorist financing. This is significant as risk classification forms the basis for determining whether simplified, standard, or enhanced customer due diligence procedures should be applied.

The company has therefore been ordered to risk-classify its customers based on information regarding the purpose, scope, frequency, and duration of the business relationship, as well as the risk factors described in Annexes 2 and 3 of the Money Laundering Act [4].

The company does not conduct enhanced customer due diligence for high-risk customers.

This creates a risk that the company fails to implement additional measures where required. This is significant as such measures are necessary to manage elevated risks.

The company has therefore been ordered to implement enhanced customer due diligence procedures where required [5].

The company did not comply with its investigation and recording obligations.

This creates a risk that the company fails to investigate and record matters it is obligated to report to the Money Laundering Secretariat. This is significant as the company is required to immediately report matters that could assist the Secretariat in its work.

The company has therefore been ordered to monitor its customers, and if suspicious or unusual transactions are identified, the company must investigate them further and record the results of the investigations [6].

The company was not registered in GoAML at the time of the inspection.

This creates a risk that the company fails to notify the Money Laundering Secretariat in a timely manner. This is significant as the company is obligated to immediately notify the Secretariat of suspicious transactions, etc.

The company has therefore been ordered to register with GoAML [7].

[1] Section 7(1) of the Money Laundering Act. [2] Section 8(1) of the Money Laundering Act. [3] Section 11(1), item 4, of the Money Laundering Act. [4] Section 11(3) of the Money Laundering Act. [5] Section 17(1) of the Money Laundering Act. [6] Section 11(1), item 5, Section 25, and Section 30 of the Money Laundering Act. [7] Section 26 of the Money Laundering Act.

You control your data

This website uses third-party cookies for visit statistics. If you select "Accept all", you consent to third-party services storing information about your visit.