Luxembourg’s CSSF financial regulator on 20 February announced that in late 2023, it had imposed a nearly half-million euro administrative fine on Mizuho Trust & Banking (Luxembourg) S.A.
The 17 November 2023 fine of 444,400 euros was imposed for non-compliance with professional obligations under Luxembourg’s financial sector law relating to governance and IT organisation.
Mizuho Trust & Banking is a wholly-owned subsidiary with a corporate parent in Mizuho Financial Group Inc., headquartered in Tokyo, Japan. the name “mizuho” literally means “abundant rice” in Japanese, and “harvest” in the figurative sense, according to Wikipedia.
Specific types of families
The company is the trust banking arm of Mizuho Financial Group. “The company is known for developing trust products for specific types of families, including those in the LGBT community,” Wikipedia reports. Its main activities include asset management for individuals, securitisation, private banking and custody. It also offers administration services for a variety of trusts.
In Mizuho’s latest corporate filing – its 2022 Management Report – the firm reported a final profit of 2.9 million US dollars for the 2022 year-end, down nearly 70% from over 9 million in 2021.
The CSSF noted that the assessment of the fine took into account “in particular the number, the gravity and the duration of the breaches”.
Taking into account
The breaches involved infringement of European guidelines requiring financial institutions to have in place an adequate internal governance and internal control framework.
The fine followed a CSSF on-site inspection at Mizuho in Luxembourg between October 2022 and June 2023.
The CSSF noted it took into account “the financial situation of the legal person held responsible for the breach and the measures taken by the person responsible for the infringement to prevent its repetition.”
Naming “not disproportionate”
The CSSF said it had “duly taken into consideration” Mizuho’s actions in acknowledging and recognising the CSSF’s findings and observations. It also noted Mizuho’s provision of a detailed action plan and its immediate initiation of remedial actions.
The CSSF explained in its release that “publication on a named basis was not disproportionate and did not jeopardise either financial market stability or an ongoing investigation.”
In its section on operational risk management, Mizuho classified operational risks as “operational losses amount coming from Bank’s mistake”. The bank stated that it “understands the existence of operational risk as a major risk source it is exposed to.”
Regular reviews
It explained that it “performs regular compliance reviews and continuous or period reviews.” It stated that it has implemented a semi-annual risk assessment through the CSA (Control Self-assessment) process.
“The CSA is a methodology used to identify and assess the risks inherent in all of the bank’s business lines (including non-operational departments and control functions) in a uniform, comprehensive and objective manner,” explained Mizuho in its report.
In the second half of 2022, Mizuho’s risk management department reported that it had started an ICT security risk assessment by integrating 30% of the ICT processes.” The report stated that a full assessment would be ready by July 2023.