On September 19, 2018, Danske Bank issued an 87-page report of an internal investigation started in autumn 2017 about problems in its Estonian branch in the period from 2007 to 2015 and an investigation on the events, including whether managers and employees, members of the Executive Board or the Board of Directors have adequately fulfilled their obligations.[1] Before the release of the report, Danske Bank had concluded it was not adequately effective in preventing the branch in Estonia from its role in money laundering by its non-resident customers during 2007 to 2015.[2]
The problems concerning the Estonian branch were much larger than anticipated when the bank started the investigations. The press release states that a number of controls at the Group level were not sufficient in relation to Estonia.
According to the report, the investigations were very comprehensive. The scope of the investigations covers approximately 15,000 customers and 9.5 million payments. The investigation reviewed some 12,000 documents and more than 8 million emails. It conducted more than 70 interviews with current and former employees and managers, including members of the Executive Board and members of the Board of Directors. Approximately 70 people worked full time on the investigations.
The Board of Directors directed the investigations led by the law firm Bruun & Hjejile. The bank is not able to give an accurate estimate of the amount of suspicious transactions. It has reviewed 6,200 customers starting with the ones most at risk and reported almost all to the authorities.
The problems uncovered by the investigations are: a series of major deficiencies in the bank’s governance and control systems facilitated the use of the bank’s branch in Estonia for suspicious transactions; from the bank’s acquisition of Sampo Bank in 2007 until it terminated the customer portfolio in 2015 it continued to serve many non-resident customers in Estonia it should not have had and they conducted large volumes of transactions that should not have occurred; only part of the suspicious customers and transactions were reported to the authorities as they should have been; the Estonian branch had inadequate focus on the risk of money laundering, and branch management was more concerned with procedures than with identifying actual risk; the Estonian control functions did not have an adequate degree of independence from the Estonian organization; the branch operated too independently from the rest of the Group with its own culture and systems without adequate control and management focus from the Group; a suspicion exists that there have been employees in Estonia who have assisted or colluded with customers; braches at management level has occurred in several Group functions; a number of more or less serious indications occurred during the years that were not identified or reacted on or escalated as could have been expected by the Group. Hence, the Group was slow to realize the problems and rectify the deficits. The bank acted too little and too late.
The report shows that a number of former and current employees, both at the Estonian branch and at the Group level, have not met their legal obligations in their employment with the bank. The Board of Directors, the Chairman and the CEO did not breach their legal obligations. The bank has acted against current and former employees. The bank has issued warnings, dismissals, loss of bonus payments and reporting to the authorities. The majority of these employees and managers are no longer with Danske Bank.
Danske Bank will transfer gross income from the customers during 2007 to 2015, which is estimated at DKK 1.5 billion ($230 m), from the transactions to an independent foundation.
The bank has taken several initiatives to remedy the situation. It closed the portfolio of the non-resident customers in Estonia in 2015 and the start of 2016 and will now serve only subsidiaries of its Nordic customers and international customers with a solid Nordic footprint; it has strengthened governance and oversight in the Baltics by introducing a new pan-Baltic management; it has strengthened the independence of control functions in the Baltics and raised to Group level to ensure the same level of risk management and control as in other parts of the Group; it has migrated the Baltic units to a single shared IT platform, which enables increased transparency and oversight; the bank has made comprehensive efforts and substantial investments to improve its general and Group-wide efforts to combat financial crime, including money laundering. In total, it has quadrupled the number of employees dedicated to this area and now totals 1, 200 full-time employees. In addition, the bank has started a comprehensive AML program, which has brought major changes in the form of new organizational structures, new routines and procedures, as well as the implementation of new IT systems. It has strengthened and will continue to strengthen the compliance knowledge and culture across the organization, among other things through a strong management focus and extensive mandatory training. It has implemented risk management and compliance in performance agreements of all members of the Executive Board and senior managers. The bank strengthened the whistleblower setup by transferring the responsibility for investigating reports to Group Compliance and implementing a stronger governance setup to handle reports. The bank has disseminated more information about the whistleblower system to all employees and introduced mandatory training.
The bank’s findings are in line with the criticism and conclusions the Danish FSA announced in its decision of May 2018. The bank agrees with the FSA’s conclusions and is working on implementing the orders through the following initiatives; it recruited a new Chief Compliance Officer with broad international experience and he will be a member of the Executive Board when he joins no later than December 1, 2018; it has implemented the extra Pillar II capital requirement of DKK 5 billion and has increased the target for the total capital ratio to “above 19%”; the Group has conducted an assessment of management and governance in the Estonian branch; it has integrated compliance as a fundamental part of its culture at all levels; and it will establish a central unit at Group level to ensure transparency and completeness in Danske Bank’s interaction with the FSA and due, timely and qualified reporting.[3]
The report reveals that about 177 customers could be a part of the “Russian Laundromat,” an alleged money-laundering scheme. The investigation is also reviewing allegations of $230 million in tax fraud involving “high- ranking officials in the Russian Government.”[4]
Bill Browder, an international financier and former head of Russia’s most successful hedge fund, Hermitage Capital Management, from 1995 to 2005, has been instrumental in sparking the investigation. He has alleged that the bank played a role in Russian tax fraud. In July 2017, he testified to the U.S. Senate Judiciary Committee on the allegations that Russia interfered with the 2016 U.S. Presidential elections.[5]
Immediately after the release of the report Thomas Borgen resigned as Danske bank chief executive. Shares in Danske fell 7% following Borgen’s resignation and a lowering of its outlook for the full year.[6]
Estonia’s FSA said it was now examining the internal investigation report.
Meanwhile, the Danish FSA will now consider taking action.[7]
The U.S. authorities are also investigating the bank over transactions made from foreign countries, mainly Russia.[8]
The fact that the bank’s $234 billion estimate of total flows through its Estonia unit is an almost nine times the country’s gross domestic product. It raises major questions about how serious management was about preventing money laundering.[9]
According to the S&P Global Ratings, the case might impact Denmark’s AAA credit rating. [10]
Clearly, the bank’s internal investigation came only after other money laundering episodes became known. The investigation and the closing of accounts should have occurred earlier. [11] For instance, the bank said it initially had warnings of potential misconduct in 2007, when Russia’s central bank warned the bank of possible “tax and custom payments evasion” in its nonresident portfolio in Estonia. However, the report says the bank missed this opportunity.[12]
In 2013, after JP Morgan, the Estonian branch’s correspondent bank for clearing dollar transactions, terminated its relationship due to its concerns, the bank started but did not finish a review of its clients.[13]
Even after a whistleblower raised concerns with executives in December 2013, it took two years for the bank to close the accounts of suspicious clients and even then it did not start a full internal investigation until 2017.[14]
The bank will likely incur substantial fines and investigations in other countries, including Denmark, the U.S., and Estonia.[15] In particular, the U.S. Treasury has authority to fine the bank or order U.S. regulated financial institutions to cut the bank’s access to U.S. dollars.[16]
The lessons are that the bank’s group did not properly manage the branch. The IT systems were separate and many documents concerning its customers were in Estonian or Russian. The AML procedures were antiquated. The branch screened customers and payments manually and did not respond to suspicious customers and transactions.
The bank ignored red flags. Its internal reporting about the Estonian branch had little detail about business from nonresident clients, even though their transactions constituted 40% of all payments by value during this period. One positive aspect is that apparently the bank did not violate Russian sanctions.[17]
[1] Bruun & Hjejile, Report on the Non-Resident Portfolio at Danske Bank’s Estonian branch, Sept. 19, 2018 https://danskebank.com/-/media/danske-bank-com/file-cloud/2018/9/report-on-the-non-resident-portfolio-at-danske-banks-estonian-branch-.-la=en.pdf.
[2] Danske Bank, Findings of the investigations relating to Danske Bank’s branch in Estonia, Press Release, Sept. 19, 2018.
[3] Id.
[4] Renae Merle, CEO of Danish bank quits amid investigation, Wash. Post, Sept. 20, 2018, at A16, col. 5.
[5] Danske Bank boss quits over € 200bn money-laundering scandal, BBC, Sept. 19, 2018.
[6] Id.
[7] Id.
[8] Danske Bank CEO resigns over internal probe, Market Watch, Sept. 19, 2018.
[9] Frances Schwartzkopff and Peter Levring, Danske Chairman Says ‘Large’ Part of $234 Billion Is Suspicious, Bloomberg, Sept. 19, 2018.
[10] Id.
[11] Danske Bank CEO resigns over internal probe, supra.
[12] Martin Selsoe Sorensen, Branch of Danish Bank Laundered Billions, N.Y. Times, Sept. 20, 2018, at B3, col. 1.
[13] Id.
[14] Id.
[15] Merle, supra.
[16] Patricia Kowsmann and Drew Hinshaw, Bank Scandal Linked to Russians Expands, Wall St. J., Sept. 20, 2018, at A1, col. 1.
[17] Paul J. Davies, Danske Didn’t Keep Its Guard Up, Wall St. J., Sept. 20, 2018, at B13, col. 1.
Leave a Reply