Investigations into Danske Bank's Estonian branch

The investigations into Danske Bank's branch in Estonia, launched in autumn 2017, have now reached the point at which the Board of Directors can present the conclusions.

There is no doubt that the problems related to the Estonian branch were much bigger than anticipated when we initiated the investigations. The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at the Group level were inadequate in relation to Estonia.

The Board of Directors ordered the investigations, which were led by the Bruun & Hjejle law firm. The investigations cover around 15,000 customers and 9,5 million payments. You can read the conclusions of the investigations in the report, which is available for download. You can also download Danske Bank’s press release about the investigations and the consequences taken by the Board of Directors.

On this site you can also read more about our initiatives to ensure that nothing similar ever happens again.

Read the report
Read the press release

Recording of the press conference about the findings of the investigations

The Bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general. We acknowledge that we have a task ahead of us in regaining their trust. We want to stress that this case no way reflects the bank that we want to be. We take the task of combating financial crime and money laundering very seriously, and we do and will do everything it takes to ensure that we never find ourselves in the same situation again.

Ole Andersen

Chairman of the Board of Directors, Danske Bank 

Investigation method

The investigations have been very thorough and extensive. The scope of the investigations covers approximately 15,000 customers and 9.5 million payments in the period 2007-2015. Some 12,000 documents and more than 8 million emails have been searched, and more than 70 interviews have been conducted with current and former employees and managers, including members of the Executive Board and members of the Board of Directors. Overall, approximately 70 people have worked full time on the investigations.

Led by the law firm Bruun & Hjejle
The investigations have been anchored in the Board of Directors and led by the external law firm Bruun & Hjejle in order to ensure that the information collected, reviewed and assessed during the investigations provides a sufficient basis for finding the investigations objective and thorough. The investigators were given a full mandate to investigate anything and everyone they have found relevant.

Generally, the investigations focus on two separate things:

  • A thorough examination of customers and transactions at the Estonian branch in the period from 2007 to 2015
  • An examination of who knew what and when, both in Estonia and at Group level, and to determine whether managers and employees lived up to their responsibilities to a sufficient degree

Investigation of customers and transactions
The investigation of customers and transactions in Estonia from 2007 to 2015 was conducted by Danske Bank’s Compliance Incident Management Team, headed by Jens Madsen, former head of Denmark’s intelligence agency and the Fraud Squad (PET and SØIK).

On an ongoing basis, the findings of the investigations have been passed on directly to Bruun & Hjejle, which has led the team and expanded the investigation when deemed relevant.

The investigation covered a total of 15,000 customers and 9.5 million payments during the nine-year period.

The investigation was conducted in cooperation Danish and international experts: the consultancy firms PwC and EY, the data analysis software company Palantir Technologies and the company CERTA Intelligence & Security.

Investigation of managers and employee responsibility
Bruun & Hjejle has examined around 12,000 documents and more than 8 million emails to establish a timeline, which details, as thoroughly as possible, which employees and managers knew what and when.

In addition, more than 70 interviews were conducted with current and former employees and managers, including members of the Executive Board and members of the Board of Directors.

The investigation was conducted in cooperation with the consultancy firm Promontory.

Danske Bank's effort to combat financial crime

Over the last years, Danske Bank has made substantial investments to improve our systems and competences to fight financial crime.

These efforts are highly prioritised – and will remain at the top of our agenda in the years to come as the methods of those who attempt to misuse the financial system continue to evolve and become more sophisticated.

Our efforts are based on the following key initiatives:

  • Reducing risks in Estonia

    Regarding the specific issues in relation to Estonia, we have taken the following initiatives:


    • The portfolio of the non-resident customers in Estonia was closed down in 2015 (a few accounts were closed at the beginning of 2016). As part of our strategy, we will serve only subsidiaries of our Nordic customers and international customers with a solid Nordic footprint.
    • Governance and oversight in relation to the Baltics have been strengthened with the introduction of a new pan-Baltic management. 
    • The independence of control functions in the Baltics has been strengthened, and processes and controls have been raised to Group level to ensure the same level of risk management and control as in other parts of the Group.
    • The Baltic units have been migrated to a single shared IT platform, which enables increased transparency and oversight.
  • A strong compliance culture and development of competencies
    • Implementation of an AML centre with 870 employees means more efficient workflows and better opportunities to develop specialist competencies. 
    • Expansion of the internal training in anti-money laundering. During the last year alone, approximately 20,000 employees have participated in AML e-learning.
    • Nurture a strong compliance culture where compliance is not just a matter of rules and policies but is about conducting business with high ethical standards and acknowledging the impact on and responsibilities to society.
    • Information to all employees about our whistleblower system on an ongoing basis and yearly mandatory training that explains the system and how the bank protects employees who use it.
    • Implemented risk management and compliance in performance agreements of all members of the Executive Board and relevant senior managers.
  • Investments into more employees and new IT systems
    • Increased number of employees working to combat financial crime and money laundering, with the number now totalling more than 1,200.
    • Investments in IT systems for automated monitoring of bank transfers in order to better detect suspicious transactions. 
    • In 2017, 184,805 warnings were registered regarding unusual customer behaviour, and over the past year alone, 9,887 reports have been sent to the authorities regarding suspicious matters at a Group level.
  • Strengthened organisation and updated procedures
    • New Head of Compliance will become part of the Executive Board and report directly to the CEO.
    • Transfer of the responsibility for processing all reports from whistleblowers to the Group’s compliance unit to strengthen the handling of the reports.
    • Better independent quality-control procedures when collecting required information from new customers, as well as stronger processes for reviewing the money-laundering risk associated with individual customers.
    • New initiatives and procedures to ensure that indications of potentially problematic issues are sufficiently investigated, escalated in a timely manner and effectively handled.
    • In the process of establishing a central Regulatory Supervisory Management Unit at Group level to ensure transparency and completeness in the bank’s interaction with the supervisory authorities and duly, timely and qualified reporting.

Facts - what is money laundering

“To launder money” is a term used to describe the practices employed to make illegally gained money seem as if it has been earned by legal means.

Criminal activities such as drug trafficking, fraud or tax evasion can generate substantial profits. Money laundering is a way for the perpetrators to control these funds without attracting attention to the underlying activities or the persons involved.

It is estimated that up to USD 2,000 billion is laundered globally every year (according to UN Office on Drug and Crime).

Various schemes, which often involve companies, straw men or complex transactions made through the financial systems, are designed to hide the source of the money.

What do banks do to prevent money laundering?
Banks play an important role in combating money laundering. In order to live up to this responsibility, banks and other financial institutions have to put in place a financial crime set-up that will enable them to identify and report on suspicious behaviour.

It is up to the authorities to determine if money laundering is taking place and to decide on the appropriate action.

The authorities receive thousands of reports of suspicious activities from banks each year. For example, in 2017, Danske Bank sent 8,830 reports to the Financial Investigation Units in its different market areas. 

Frequently asked questions 

  • What are the facts of the case and the investigations?
    Until the end of 2015, Danske Bank had a portfolio of foreign customers in Estonia. These were so-called non-residents – that is, customers not residing in or conducting business from Estonia. For a large number of these customers, it was possible during the period from 2007 to 2015 to use Danske Bank’s branch in Estonia for suspicious payments, and according to the investigations presented, many of them appear to have been suspicious customers. 

    In other words, we had large number of customers that should never have been customers with us and they made payments that should never have been made. 

    This took place because the Estonian branch had insufficient focus on compliance with anti-money laundering (AML) rules, that the branch operated too independently of the rest of the Group (it had its own IT platform, for example), and there were major deficiencies in the branch’s control systems and monitoring. At the same time, we also suspect that employees in Estonia actively participated in suspicious activities or colluded with customers. 

    The investigations have also shown that a number of the Group’s controls did not work properly in relation to Estonia. The Group did not take action at group level until problems were observed in 2014 in Estonia. Among other things, we responded to a report submitted by a whistleblower and following new investigations from Group Internal Audit. 

    However, it is clear today that our response was inadequate and too slow and that generally, there was not enough focus at group level on what was going on at the Estonian branch. Danske Bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general. 
  • What are your comments on the findings of the investigations?
    Danske Bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general.

    There is no doubt that the problems related to the Estonian branch were much bigger than anticipated when we initiated the investigations. The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at group level were inadequate in relation to Estonia.

    It is important to us that we have now uncovered what took place. Moreover, we are committed to using the report as a basis for continued learning and improvement in relation to our efforts to combat money laundering and financial crime.
  • How much money was laundered through your branch in Estonia?
    Our job is to identify suspicious customers and report their payments to the authorities. It is difficult for us to determine whether the money was obtained illegally. The authorities are in a position to collect more information, and it is up to them to assess the extent of money laundering.
  • Why can you not provide an estimate of the amount of suspicious transactions?

    The investigation covers some 15,000 customers with a total of 9.5 million transactions between them.

    At the present time, the investigation has analysed a total of 6,200 customers found to have hit the most risk indicators. Of these, the vast majority have been reported to the authorities.

    The investigation will establish the total number of suspicious customers but does not establish if all or just some transactions of said customers are suspicious. An investigation into that could not possibly be completed within any reasonable time frame.

    Therefore, as with similar investigations in other banks, it is difficult to provide an accurate estimate of the amount of suspicious transactions.

  • How could you not discover that such large amounts were changing hands?
    According to the investigators, this was because we did not have a proper overview of what took place at the Estonian branch. Large transaction volumes are not necessarily a problem in themselves if AML procedures are in place. And in that respect, Danske Bank’s management in Copenhagen had the wrong impression that allowance had been made for the large risks associated with the portfolio. Furthermore, the Estonian branch was using its own IT systems, which impeded the Group’s insight into and control of the transactions. The total number of transactions has taken us by surprise.
  • Who was in charge of the investigations - and do you think they are impartial?
    The investigations were overseen by Danske Bank’s Board of Directors. The law firm of Bruun & Hjejle managed and supervised the investigations and was also responsible for preparing the final report. In concert with the Group’s Compliance Incident Management team, a number of external consultancies contributed research and data analysis. All parties reported to Bruun & Hjejle.

    The Board of Directors has been very keen to ensure that the investigations were objective and thorough. The law firm of Bruun & Hjejle has led the investigations with a view to ensuring that the information collected, reviewed and assessed during the process provides a sufficient and appropriate basis for finding the investigations objective and thorough.
  • Which authorities are investigating the issue?

    We are in dialogue with American authorities and Danish and Estonian authorities have publicly announced that they are investigating the issue.

    It is only natural that authorities are investigating this issue, and we strive to engage in good and constructive dialogue with the relevant authorities.

  • What is the amount of potential fines?

    We do not want to speculate about that. We have kept relevant authorities updated and will share relevant findings with them. The authorities alone will decide on whether we will be fined and if so, how much.

    No proceedings have been instituted against the bank but should it happen, we will notify the market through the usual channels as on previous occasions. For example, we did so on a couple of occasions in connection with the investigation launched against the bank in 2017.

  • How much of your earnings in Estonia will you waive?

    The Board of Directors has decided to donate the gross income from the customers in the period from 2007 to 2015, which is estimated at DKK 1.5 billion as the bank is not able to provide an accurate estimate of the amount of suspicious transactions made by non-resident customers in Estonia during the period.

    To the extent it is not confiscated by the authorities, the gross earnings will be transferred to an independent foundation, which will be set up to support initiatives aimed at combating international financial crime, including money laundering, including in Denmark and Estonia. The foundation will be set up independently from Danske Bank with an independent board.

    Unlike confiscation, any potential fine will not affect the amount of the donation.

  • Who is accountable?

    The investigation concludes that errors and shortcomings at group level and at the Estonian branch made it possible to use Danske Bank’s branch in Estonia for suspicious transactions. 

    When it comes to individual accountability, it has been established that a number of former and current employees, both at the Estonian branch and at group level, have not complied with the legal obligations forming part of their employment with the bank.

    As part of the investigations, the Board of Directors, Executive Board members and a large number of senior managers have been assessed by the Bruun & Hjejle law firm. The assessments have given rise to varying degrees of serious criticism of a number of individuals in Estonia and Denmark.

    The investigation into accountability has established that the Board of Directors, the Chairman and the CEO did not breach their legal obligations towards Danske Bank.

    Based on the conclusions of the investigations, we have taken a number of measures against current and former employees.

    On the basis of the investigations, we have taken a number of measures. For a number of employees in Estonia, we have had to report suspicious behaviour to the authorities, just as we have reported eight of these employees to the police. For a number of senior managers and members of the Executive Board subject to criticism and having participated in bonus schemes, this may also have consequences for their variable pay – also retroactively.

  • What consequences will the conclusions of the investigations have for the persons responsible?

    On the Board of Directors, we have been very clear in saying that we would take any consequences necessary as a result of the case and launch initiatives to the extent that this has not already been done. On the basis of the investigations, we have taken a number of measures. First and foremost, they concern the employees who have not lived up to their responsibility or have been grossly negligent in the performance of their duties. By far most of those employees are no longer employed with Danske Bank, and for a number of employees in Estonia, suspicious behaviour has been reported to the authorities, just as eight of these employees have been reported to the police. There may also be consequences – also retroactively – for the variable pay of a number of senior managers and members of the Executive Board subject to criticism, who have participated in bonus schemes.

  • Who are the money launderers?

    We are obliged not to publish information that can identify specific customers or employees but the investigation concludes that a large proportion of customers in the non-resident portfolio has been suspicious.

    These customers have been reported to the authorities, and it is now up to them to investigate if there have been acts of money laundering or any other form of financial crime, and - if so - who is behind it.

  • Can you guarantee that something like this will not happen again?
    First and foremost, it important to state that we will probably never completely eradicate money laundering. The banking community is doing a great deal, but the criminals and the networks that they are part of are becoming more and more sophisticated and are always trying to circumvent our systems and controls.

    Today, the situation is quite different when it comes to the combating of money laundering than it was when the case developed in Estonia. We have rectified the situation in Estonia and have ensured, among other things, that the portfolio in question was closed down. Also, we decided – and this applies in all three Baltic countries – to focus only on Nordic customers and global customers with a solid Nordic footprint. Governance and oversight in relation to the Baltic units have been strengthened, for example with the introduction of a new pan-Baltic management. In addition, the independence of local control functions has been strengthened to ensure the same level of control as in other parts of the Group.

    We have strengthened compliance significantly and have invested considerably in improving all three lines of defence (business, compliance and audit). Thus, more than 1,200 employees now work in this area.

    We have initiated a comprehensive AML programme, which has led to new organisational structures, new routines and procedures, as well as the implementation of new and joint IT systems in the Baltic countries.

    We continue to strengthen the compliance knowledge and culture across our organisation. Over the past twelve months alone, internal and external training providers gave almost 70 AML training courses across the Group.

    Last, but not least, we invest in automating business procedures and upgrading the IT systems that support those procedures. We are also improving the “know-your-customer” procedures used when welcoming new customers to Danske Bank. This will reduce the risk of human error and provide a far better overview and better monitoring of our customer’s activities.
  • Have you had similar issues elsewhere?

    As part of the investigation into the conditions in Estonia, we have, of course, also examined whether the problems and failing controls witnessed in Estonia could also be identified in the other two Baltic countries.

    This is an issue that primarily concerned our branch in Estonia, which had a special setup for non-resident customers at the point of acquisition in 2007. Also, the branch was operated too independently from the rest of the Group with its own culture and systems without adequate control and management focus from the Group.

  • How does this affect me as a customer?

    This will in no way affect your day-to-day business with us. This case will not affect our general ambition to operate a bank that is competitive for our customers.

  • Will you file charges against the whistleblower if the whistleblower speaks to the authorities?

    As we have stated earlier, we will not stand in the way if a whistleblower participates in the public debate, including taking part in any public enquiries. The whistleblower in the Estonia case has previously received a legal notification from us in which we gave our consent for the individual concerned to talk to the relevant supervisory authorities in Denmark and Estonia, and we have encouraged the individual concerned to do so. We have released this individual from all contractual obligations of confidentiality in relation to Danske Bank. It is not possible for us to do more than this. We cannot lift the statutory restrictions to which a whistleblower – like all others – is subject, e.g. duty of confidentiality in relation to customer information.

Timeline

 

2007-2012

In February 2007, Danske Bank acquires Finnish-based Sampo Bank, including the Estonian subsidiary Sampo Pank.

The later-to-be Danske Bank’s branch in Estonia had a portfolio of foreign customers known as non-residents. These are customers not residing in or conducting business from Estonia.

 

2013

In April-May, Danske Bank submits incorrect information to the Danish Financial Supervisory Authority (the Danish FSA) about control functions and AML procedures at the Estonian branch.

During the summer, international banks express concerns in relation to the portfolio because they have misgivings about AML.

This results in a review of the non-resident business, and certain customer relationships are terminated.

In December 2013, a whistleblower submits the first report on problems at the Estonian branch and in relation to the non-resident portfolio. Later, the whistleblower points to several others problems.

 

2014

At the beginning of 2014, Danske Bank conducts an internal investigation into conditions at the Estonian branch. A work group is appointed, and Group Internal Audit prepares several reports.

At the same time, an external consultancy firm reviews the AML procedures at the Estonian branch. Their report points out a number of material and critical inadequacies of the AML procedures.

It is during this process that the Group becomes aware that the AML setup in relation to the non-resident portfolio at the Estonian branch is clearly inadequate and insufficient.

In September 2014, the Estonian FSA sends its draft of a highly critical inspection report to Danske Bank. The final – and still highly critical – report is completed in December 2014.

 

2015-2016

In January 2015, the Board of Directors decides to terminate the non-resident portfolio completely and to revise the strategy for the Estonian branch. This is on a recommendation issued by the Executive Board in October 2014.

The Danish FSA conducts an inspection visit in February 2015. In March 2016, Danske Bank receives, among other things, a reprimand for not having identified material money laundering risks or taken risk-mitigating measures at the branch in Estonia.

In July, the Estonian FSA issues an order to the Estonian branch on the basis of the report from December 2014.

The cooperation with international banks in Estonia is terminated during the summer.

The termination of relationships with customers in the non-resident portfolio is accelerated in the second half of 2015 and is completed in January 2016.

 

March 2017

Several media run articles about Russian money laundering, and Danske Bank decides to conduct a root cause analysis of the suspicious transactions in the now closed-down non-resident portfolio. The analysis concludes that the lack of control is due to inadequate focus on the combating of money laundering in Estonia, a lack of focus on governance in relation to compliance and risk, and management follow-up being highly dependent on local country management. The analysis is conducted by the Promontory Financial Group consultancy firm.

 

Sep-Nov 2017

The investigations are expanded to include two separate things: A thorough investigation into customers and transactions in Estonia in the period from 2007 to 2015, including whether employees have, actively or otherwise, contributed to suspicious transactions; and an investigation into who knew what and when, both in Estonia and at Group level. Both investigations are overseen by the Board of Directors and led and supervised by external law firms in cooperation with international experts.

 

April-May 2018

Lars Mørch, Member of the Executive Board, resigns from his position. The investigation into matters relating to the Estonian non-resident portfolio has not been completed, but it is clear that Danske Bank should have launched more thorough investigations at an earlier time than we did, as this would have provided an understanding of the extent of the problems, in turn leading to swifter action.

The Danish Financial Supervisory Authority announces its decision in the case.

 

July 2018

Danske Bank announces that it does not want to benefit financially from suspicious transactions that took place in Estonia and intends to make the income from such transactions available for the benefit of society, for example to combat financial crime.

 

July-Aug 2018

Estonia’s general prosecutor begins investigating Danske Bank’s Estonian branch for possible breach of law.

The Danish Public Prosecutor for Serious Economic and International Crime (SØIK) announces that it has launched an investigation of Danske Bank regarding possible violation of anti-money laundering legislation.

 

2018

The findings and conclusions of Danske Bank’s own, externally led, investigations are presented.

2007-2012
2013
2014
2015-2016
March 2017
Sep-Nov 2017
April-May 2018
July 2018
July-Aug 2018
2018