It was major deficiencies in controls and governance that made it possible to use Danske Bank’s branch in Estonia for criminal activities such as money laundering. This is the conclusion of a root cause analysis of the situation at the Estonian branch in the period in question performed by Promontory Financial Group, a regulatory consulting firm. The analysis was performed at Danske Bank’s request.
The analysis points to three major deficiencies, which in combination meant that Danske Bank was not sufficiently effective in preventing the Estonian branch from potentially being used for money laundering:
The lack of a proper culture for and focus on anti-money laundering at the Estonian branch
- In general, the Estonian branch had insufficient focus on the risk that it could be used for activities such as money laundering. In addition, there was insufficient attention to ensuring that the branch had the necessary controls and ongoing monitoring. As a result, earlier opportunities to investigate the activities at the branch were missed. Both the culture at the branch and management were inadequate during the relevant period.
Inadequate governance in relation to compliance and risk
- The Group Executive Board and the Board of Directors based their risk assessments on reporting from the Estonian control functions, Compliance and Internal Audit.
- The Estonian control functions did not have a satisfactory degree of independence from the local organisation.
- Danske Bank’s cross-organisational risk assessment methods were not strong enough.
Management follow-up and control were highly dependent on local country management
- The branch in Estonia, acquired as part of the purchase of Sampo Bank in 2007, operated very much as an independent unit, with its own systems, procedures and culture regarding anti-money laundering measures. This meant that follow-up by Group control functions and reporting to the Executive Board and the Board of Directors was highly dependent on reporting from local management in Estonia.
“Today, the management in place in Estonia maintains a much stronger focus on this area, and independent control functions have been established along with much better procedures and controls,” says Group CEO Thomas F. Borgen. “So today, things are completely different. Although we leave it to the authorities to conclude whether money laundering did in fact take place, there is no doubt that we were not sufficiently effective in preventing our branch in Estonia from potentially being used for such activities. This of course is deeply regrettable and completely unacceptable.”
“So it is of decisive importance that we now use insights about the situation at the Estonian branch to conduct a thorough investigation of transactions and customers at the branch in the period in question. It is essential for us that we get full insight into this matter and use that insight to prevent something similar from happening again. We will also report any other matters that our investigation may uncover to the relevant authorities.”
The expanded investigation has already begun and is conducted by the newly established Compliance Incident Team. On 1 January 2018, the new team will be further strengthened when Jens Madsen joins as head of the team. Jens Madsen was previously head of Denmark’s intelligence agency and the fraud squad (PET and SØIK).
As the investigation is comprehensive, Danske Bank expects to complete it in the course of 9 to 12 months.
Anti-money laundering measures already implemented
In recent years, Danske Bank has invested considerable resources in strengthening its anti-money laundering measures. It is an ongoing process, with new procedures, controls and staff being added on an ongoing basis to combat money laundering and other criminal transactions. It has never been as difficult to use Danske Bank for money laundering or other illegal activities as it is now, and it will become increasingly difficult.
The measures taken by Danske Bank in recent years include improving IT systems to enhance monitoring, introducing tighter control, adding more resources to anti-money laundering activities and training staff.
At the Group level, among other things, this means the following:
- More than 550 employees are dedicated to the combating of financial crime.
- Every month, we screen 3.7 million customer transactions.
- Every week, we screen about 15 million customer numbers against international sanction lists.
- Every year, we record about 150,000 warnings of unusual customer behaviour in relation to money laundering and the financing of terrorism.
- In the past year, Danske Bank submitted more than 7,600 reports to the authorities.