Danske Bank had a portfolio of foreign customers in Estonia. These were so-called non-residents – that is, customers not residing in or conducting business from Estonia. This non-resident portfolio has been terminated. For a large number of these customers, it was possible to use Danske Bank’s branch in Estonia for suspicious payments, and according to the investigations led by Bruun & Hjejle, many of them appear to have been suspicious customers. 

In other words, we had a large number of customers that should never have been customers with us and they made payments that should never have been made. 

This took place because the Estonian branch had insufficient focus on compliance with anti-money laundering (AML) rules, that the branch operated too independently of the rest of the Group (it had its own IT platform, for example), and there were major deficiencies in the branch’s control systems and monitoring. At the same time, we also suspect that employees in Estonia actively participated in suspicious activities or colluded with customers. 

The investigations have also shown that a number of the Group’s controls did not work properly in relation to Estonia. The Group did not take action at group level until problems were observed in 2014 in Estonia. Among other things, we responded to a report submitted by a whistleblower and following new investigations from Group Internal Audit. 

However, it is clear today that our response was inadequate and too slow. There was a lack of understanding of the extent of the risk associated with running the business we had in Estonia, and at Group level, there was generally not sufficient focus on what went on at the Estonian branch.

Danske Bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general.

Our job is to identify suspicious customers and report their payments to the authorities. It is difficult for us to determine whether the money was obtained illegally. The authorities are in a position to collect more information, and it is up to them to assess the extent of money laundering.

The investigation covers some 15,000 customers with a total of 9.5 million transactions between them. 

When we presented the investigations in September 2018, we had examined the 6,200 customers found to have hit the most risk indicators as part of the portfolio investigation. Of these, the vast majority have been reported to the authorities. 

The investigation will establish the total number of suspicious customers but does not establish if all or just some transactions of said customers are suspicious. An investigation into that could not possibly be completed within any reasonable time frame. 

Therefore, as with similar investigations in other banks, it is difficult to provide an accurate estimate of the amount of suspicious transactions.

We are continuing to examine the remaining part of the portfolio and report to relevant authorities on an ongoing basis.

There is no doubt that we should have detected the problems at a much earlier stage. According to the investigators, there was never a proper overview of what took place at the Estonian branch. We overlooked the suspicious activities because we did not focus enough on and knew too little about that part of the business and the risk associated with it.

Large transaction volumes are not necessarily a problem in themselves if AML procedures are in place. And in that respect, Danske Bank’s management in Copenhagen had the wrong impression that allowance had been made for the large risks associated with the portfolio. Furthermore, the Estonian branch was using its own IT systems, which impeded the Group’s insight into and control of the transactions. The total number of transactions has taken us by surprise.

There are also indications that one or more employees at the Estonian branch have tried to conceal what was going on or have in some way taken part in suspicious activities. On the basis of the investigation, we have found reason to report 42 employees to the Estonian authorities, of which eight have been reported directly to the police. A number of employees have subsequently been charged by the Estonian police.

 We have an ongoing dialogue about the case, or parts of it, with the authorities in the US, Denmark, Estonia and France. 

It is in Danske Bank’s interest to get to the bottom of this case, and we will of course cooperate with the authorities and make ourselves – and the knowledge we have – available to the investigations. In recent years, we have taken a number of initiatives, and the situation is today quite different from what it was at the time of the suspicious activities in Estonia. This work continues and is given high priority. 

We do not want to speculate about that. We have kept relevant authorities updated and will share relevant findings with them. The authorities alone will decide on whether we will be fined and if so, how much. 

Danske Bank is a very well-capitalised bank, and we thus have a very solid position to absorb any fines imposed on us as a result of the case.

The Board of Directors has decided to donate the gross income from the customers in the period from 2007 to 2015, which is estimated at DKK 1.5 billion as the bank is not able to provide an accurate estimate of the amount of suspicious transactions made by non-resident customers in Estonia during the period.

To the extent it is not confiscated by the authorities, the gross earnings will be transferred to an independent foundation, which will be set up to support initiatives aimed at combating international financial crime, including money laundering, including in Denmark and Estonia. The foundation will be set up independently from Danske Bank with an independent board.

Unlike confiscation, any potential fine will not affect the amount of the donation.

On the Board of Directors, we have been very clear in saying that we would take any consequences necessary as a result of the case and launch initiatives to the extent that this has not already been done. On the basis of the investigations, we have taken a number of measures. First and foremost, they concern the employees who have not lived up to their responsibility or have been grossly negligent in the performance of their duties. By far most of those employees are no longer employed with Danske Bank, and for a number of employees in Estonia, suspicious behaviour has been reported to the authorities, just as eight of these employees have been reported to the police. There may also be consequences – also retroactively – for the variable pay of a number of senior managers and members of the Executive Leadership Team subject to criticism, who have participated in bonus schemes.

Several persons in management and among the employees have left Danske Bank because of their involvement in the case, including former CEO Thomas F. Borgen. In December 2018, the chairman of the Board of Directors and the chairman of the Audit Committee of the Board of Directors both stepped down.

We are obliged not to publish information that can identify specific customers or employees but the investigation concludes that a large proportion of customers in the non-resident portfolio has been suspicious.

These customers have been reported to the authorities, and it is now up to them to investigate if there have been acts of money laundering or any other form of financial crime, and - if so - who is behind it.

We will never be able to guarantee that suspicious transactions cannot take place. Financial crime, including money laundering, is a major global challenge, as criminals seek to exploit weaknesses in the financial system every single day. The banking community is doing a great deal, but the criminals and the networks that they are part of are becoming more and more sophisticated and are always trying to circumvent our systems and controls.

Today, the situation is quite different when it comes to the combating of money laundering than it was when the case developed in Estonia. We have rectified the situation in Estonia and have ensured, among other things, that the portfolio in question was closed down. In recent years, we have scaled down our activities in Estonia and the other Baltic countries as part of our strategy to focus on our Nordic core markets.  

On 19 February 2019, the Estonian supervisory authorities ordered us to close down our banking activities in Estonia. We have of course agreed to do so, and will begin the close-down as soon as possible. We have in fact decided to close down all of our banking activities also in Latvia, Lithuania and Russia.

Across the Group, we have strengthened our efforts to combat financial crime, including money laundering, significantly and have invested considerably in improving all three lines of defence (business, compliance and audit). Thus, more than 1,200 employees today work in this area.

We have initiated a comprehensive AML programme, which has led to new organisational structures and new routines and procedures, and all employees take yearly mandatory training on anti-money laundering measures and compliance.

We also invest in automating business procedures and upgrading the IT systems that support those procedures and improve anti-money laundering controls – among other things through better monitoring of bank transfers and suspicious customers. We are also improving the “know-your-customer” procedures used when welcoming new customers to Danske Bank. This gives us a far better overview and better monitoring of our customer’s activities.

Most recently, in connection with the publication of our annual report in February, we have announced setting aside another DKK 2 billion in coming years to invest in improving both the quality and the effectiveness of our controls in the area, including by integrating control routines as part of the way in which we service our customers and create a good customer experience.

It is a key priority for us to strengthen and improve our efforts on an ongoing basis – and cooperate closely with authorities and others to achieve as strong a defence as possible against the criminal networks.

As a natural consequence of this case, we are also looking into other parts of our business, including Latvia and Lithuania. We did not have the same business setup for non-resident customers in the other Baltic countries, but we are of course looking into whether issues similar to the issues arising out of the non-resident portfolio in the Estonian branch have been present historically in the bank’s other Baltic branches.

This will in no way affect your day-to-day business with us. This case will not affect our general ambition to operate a bank that is competitive for our customers.

If you have questions regarding the case, you are of course always welcome to contact your adviser or your local branch.

No employees of Danske Bank are contractually prevented from going to the police or other relevant authority if they have information about illegal circumstances. In the matter in question, we have said that we encourage anyone who has anything to contribute to pass their knowledge on to the authorities.

As we have stated earlier, we will not stand in the way if a whistleblower participates in the public debate, including, for example, taking part in any public enquiries to the extent applicable legislation permits so. The whistleblower in the Estonia case has previously received a legal notification from us in which we gave our consent for the individual concerned to talk to the relevant supervisory authorities in Denmark and Estonia, among other countries, and in this connection, we have encouraged the individual concerned to do so. We have released the individual from all contractual stipulations regarding the duty of confidentiality . 

It is not possible for us to do more than this. We cannot lift the statutory restrictions to which a whistleblower – like all others – is subject, e.g. duty of confidentiality in relation to customer information.

It is in our interest that the case is fully investigated, and we will, of course, cooperate with SØIK and make ourselves and the knowledge we have available in relation to the ongoing investigation. In recent years, we have taken a number of initiatives, and the situation is now quite different from what it was at the time of the suspicious transactions in Estonia. We will continue to give high priority to this area. In the short term the charges will not have any major impact. It is a natural next step in the police investigation, and we never imagined that our own investigation from September would stand alone.

On 21 October 2020 the charges were expanded to include control- and management related failures in relation to the Estonian branch. We have taken note of the expanded charges and continues to cooperate with the authorities.

It is still too early to say whether we will eventually be charged and what a possible penalty could be.

The Estonian police have announced that on 18 and 19 December 2018, they have detained a total of 10 former employees of Danske Bank’s branch in Estonia. As we have previously stated, we have reported eight former employees in Estonia to the police in connection with our investigations into the case. We are not at liberty to comment on individuals and therefore cannot confirm whether these eight employees are among the ones detained by the police. It is up to the police to investigate the case.

Our interest in the case is that it is thoroughly investigated, and we therefore continue to cooperate with all relevant authorities and to be at the disposal of the investigators.

We are aware that a lawsuit has been filed against Danske Bank by a US pension fund. It is public knowledge that several US law firms have indicated that similar lawsuits are on the way, so it does not come as a surprise to us. We are also aware that the Foreningen af Aktionærer i Danske Bank (association of shareholders in Danske Bank) has lodged a claim. 

We will consider the lawsuits and the further process in consultation with our legal counsel. At the present time, we have no further comments.

We acknowledge that the serious case of possible money laundering in Estonia has had a negative impact on Estonian society, and we acknowledge that the Estonian FSA, against this background, finds it best that Danske Bank discontinues its Estonian banking activities. We are sorry to be leaving Estonia against this background, but we understand the severity with which the Estonian FSA looks at this case, and we will close down our remaining activities as requested. We will continue our cooperation with the Estonian and other relevant authorities.

We have also decided to close down our banking activities in Latvia, Lithuania and Russia. Danske Bank Group IT Lithuania and Danske Bank Global Services Lithuania, which carry out a number of service functions, will continue its operations, and the employees there will not be affected by the decision.

In recent years, we have pursued a strategy of focusing on our Nordic core markets and have also reduced our Baltic activities in connection with this. The decision to close down our activities in the Baltics and in Russia completely is fully in keeping with this strategy. In close cooperation with relevant authorities, we will make sure that the process takes customer and employee interests into account in the best possible way.

As reported in the media, a number of former senior employees of Danske Bank have been charged by the Danish State Prosecutor for Serious Economic and International Crime (SØIK), also known as the fraud squad, with possible violation of money-laundering legislation related to the closed down non-resident portfolio at Danske Bank’s branch in Estonia.

Any charges are a matter solely between the authorities and the former employee of Danske Bank.

Danske Bank cooperates with SØIK and all other authorities investigating the case, both in relation to the questioning of employees and the submission of documentation. Just like the authorities, we want to get to the bottom of the case. 

The investigations have been anchored in the Board of Directors and led by the external law firm Bruun & Hjejle in order to ensure that the information collected, reviewed and assessed during the investigations provides a sufficient basis for finding the investigations objective and thorough. The investigators were given a full mandate to investigate anything and everyone they have found relevant.

Generally, the investigations focus on two separate things:

• A thorough examination of customers and transactions at the Estonian branch in the period from 2007 to 2015
• An examination of who knew what and when, both in Estonia and at Group level, and to determine whether managers and employees lived up to their responsibilities to a sufficient degree

The investigation of customers and transactions in Estonia from 2007 to 2015 was conducted by Danske Bank’s Compliance Incident Management Team, headed by Jens Madsen, former head of Denmark’s intelligence agency and the Fraud Squad (PET and SØIK).

On an ongoing basis, the findings of the investigations have been passed on directly to Bruun & Hjejle, which has led the team and expanded the investigation when deemed relevant.

The investigation covered a total of 15,000 customers and 9.5 million payments during the nine-year period.

The investigation was conducted in cooperation Danish and international experts: the consultancy firms PwC and EY, the data analysis software company Palantir Technologies and the company CERTA Intelligence & Security.

Bruun & Hjejle has examined around 12,000 documents and more than 8 million emails to establish a timeline, which details, as thoroughly as possible, which employees and managers knew what and when.

In addition, more than 70 interviews were conducted with current and former employees and managers, including members of the Executive Board and members of the Board of Directors.

The investigation was conducted in cooperation with the consultancy firm Promontory.