BaFin Lowers the Boom on Varengold Bank After Years of AML Failures

Key Takeaways

• BaFin Enforcement: Germany’s financial watchdog ordered Varengold Bank AG to remediate major AML shortcomings after repeated failures.
• Fines Imposed: The bank faces €3.8 million ($4.1 million) in penalties, including €3.3 million ($3.6 million) for failing to file suspicious transaction reports and €500,000 ($545,000) for violating restrictions on Iran-related transactions.
• Compliance Failures: Inspections dating back to 2022 revealed weak risk analysis, ineffective IT monitoring, poor customer due diligence, and inadequate internal safeguards.
• Remediation Plan: Varengold has submitted a written plan to BaFin and must provide ongoing updates on progress.

Deep Dive

For Varengold Bank AG, the reckoning has finally arrived. After years of audits, inspections, and missed opportunities to get its house in order, Germany’s financial regulator BaFin has handed the Hamburg-based bank a bill it can’t ignore, with €3.8 million ($4.1 million) in fines and an order to fix its broken anti-money laundering defenses.

This wasn’t a one-off misstep. BaFin’s frustration has been building since at least 2022, when a special inspection uncovered troubling gaps in the bank’s controls, gaps that stayed wide open through 2023. By the regulator’s account, Varengold was failing on the fundamentals, such as risk analysis, customer due diligence, IT monitoring, even the basic internal safeguards that are supposed to keep the financial system from being used to wash dirty money.

The shortcomings weren’t just theoretical. Some of the riskiest transactions involved business tied to Iran, where weak controls can have particularly serious implications.

Patience Wears Thin

By the summer of 2025, BaFin’s patience had run out. On July 25, the watchdog ordered Varengold to come up with a credible plan to fix its compliance program and start reporting on progress. A month later, it turned up the heat with a €3.3 million ($3.6 million) fine for systematically dragging its feet on suspicious transaction reports between June 2023 and March 2025.

And BaFin had already made its point earlier in February, when it hit Varengold with a €500,000 ($545,000) coercive fine for ignoring a ban on processing Iran-related payments through third parties. Each penalty was final and binding, underscoring that this was no longer a negotiation, it was enforcement.

German law is clear in the fact that banks are the first line of defense against money laundering and terrorist financing. If suspicious activity slips past them, it doesn’t just threaten one institution’s reputation. It undermines trust in the entire financial system.

That’s why BaFin isn’t letting Varengold off the hook. Suspicious transaction reports, risk assessments, internal safeguards—these aren’t boxes to be ticked. They’re the core obligations that keep illicit finance out.

Varengold has submitted its remediation plan, but the hard part is proving it can deliver. Every step will be monitored by BaFin, and every delay will be costly. For the bank, this is less about fines already paid and more about the credibility it now has to rebuild.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.