The news comes after reports in March that a customer’s account had been hacked and emptied of €80,000 (nearly $89,144 USD). As a result, the online bank was criticized for not being diligent about security and compliance controls as it rushed to grow. The victim of the hack also reported that they had tried to call N26’s service hotline, but no one picked up, and they couldn’t connect with anyone online either.
On Wednesday (May 22), BaFin said N26 needs to take measures, including reidentifying some existing customers, catching up on a backlog of IT monitoring and documenting workflows.
“Furthermore, [N26 must] ensure the existence of … adequate personnel and technical organizational equipment in order to comply with its obligations under money laundering law,” BaFin said in a statement, according to Reuters.
N26 said it was working with BaFin to implement the measures.
“We have also massively expanded our [AML] and financial crime team, and this team will continue to grow in the future,” the bank said.
Launched in 2013, N26 has secured more than $500 million in backing from investors, including Tencent Holdings and Allianz, and currently has more than 2.5 million customers. Last month, it was reported that the bank has plans to expand beyond Europe, while keeping product offerings simple.
“Regional expansion will take precedence over product expansion,” said Markus Gunter, chief executive officer of N26’s banking arm, at the time. “Some people claim you can’t make money from 20-year-olds, but you can if your costs are low.”
N26 raised new funds earlier this year, and plans to use the money to expand into the U.S., and pry business away from more traditional financial institutions like JPMorgan Chase and Bank of America.