The investigations have been led by the Bruun & Hjejle law firm, and their 'Report on the Non-Resident Portfolio at Danske Bank’s Estonian branch' is enclosed with this press release.
In this connection, the Chairman of the Board of Directors, Ole Andersen, says:
"The Bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general. We acknowledge that we have a task ahead of us in regaining their trust.
There is no doubt that the problems related to the Estonian branch were much bigger than anticipated when we initiated the investigations. The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at the Group level were inadequate in relation to Estonia.
It is important to us that we now have uncovered what took place. Moreover, we are committed to using the report as a basis for continued learning and improvement.
We want to stress that this case no way reflects the bank that we want to be. We take the task of combating financial crime and money laundering very seriously, and we do and will do everything it takes to ensure that we never find ourselves in the same situation again".
About the investigations
The investigations have been very thorough and extensive. The scope of the investigations covers approximately 15,000 customers and 9.5 million payments. Some 12,000 documents and more than 8 million emails have been searched, and more than 70 interviews have been conducted with current and former employees and managers, including members of the Executive Board and members of the Board of Directors. Overall, approximately 70 people have worked full time on the investigations.
The investigations have been anchored in the Board of Directors and led by the external law firm Bruun & Hjejle in order to ensure that the information collected, reviewed and assessed during the investigations provides a sufficient basis for finding the investigations objective and thorough. The investigators were given a full mandate to investigate anything and everyone they have found relevant.
We have kept relevant authorities updated, are sharing and will continue to share all relevant findings with them. After today, we will continue to send reports to the authorities as we complete the remaining parts of the investigations. Although parts of the investigation have not yet been completed, we now have enough insight to present the findings and take the necessary consequences.
We are not able to provide an accurate estimate of the amount of suspicious transactions. At this point we have gone through 6,200 customers starting with the customers hitting most risk indicators first. Almost all of these customers have been reported to the authorities.
Moreover, there will be certain information that we are not permitted to or cannot disclose.
Key findings - causes and accountability
Based on the conclusions from the investigations we are presenting today, as well as the root cause analysis conducted last year, it seems clear that there were several reasons why the case developed as it did. Those include
- a series of major deficiencies in the bank´s governance and control systems made it possible to use Danske Bank’s branch in Estonia for suspicious transactions
- for a long time, from when we acquired Sampo Bank in 2007 until we terminated the customer portfolio in 2015, we had a large number of non-resident customers in Estonia that we should have never had, and that they carried out large volumes of transactions that should have never happened
- only part of the suspicious customers and transactions were historically reported to the authorities as they should have been
- in general, the Estonian branch had insufficient focus on the risk of money laundering, and branch management was more concerned with procedures than with identifying actual risk
- the Estonian control functions did not have a satisfactory degree of independence from the Estonian organisation
- that the branch operated too independently from the rest of the Group with its own culture and systems without adequate control and management focus from the Group
- there is suspicion that there have been employees in Estonia who have assisted or colluded with customers
- there have been breaches at management level in several Group functions
- there were a number of more or less serious indications during the years, that were not identified or reacted on or escalated as could have been expected by the Group
- as a result, the Group was slow to realise the problems and rectify the shortcomings. Although a number of initiatives were taken at the time, it is now clear that it was too little and too late
- The investigation identified a total of around 10,000 customers as belonging to the non-resident portfolio. To ensure that all relevant aspects are covered the investigation covers a total of around 15,000 customers with non-resident characteristics (that is, a further 5,000 customers).
- The around 10,000 customers carried out a total of around 7.5 million payments.
- The around 15,000 customers carried out a total of around 9.5 million payments.
- For all of the customers covered by the investigation, that is, around 15,000 customers, the total flow of payments amounted to around EUR 200 billion.
- At the present time, the investigation has analysed a total of some 6,200 customers found to have hit the most risk indicators. Of these, the vast majority have been found to be suspicious. That a customer has been found to have suspicious characteristics does not mean that there is a basis for considering all payments in which the customer in question was involved to be suspicious. Overall, we expect a significant part of the payments to be suspicious.
When it comes to individual accountability, it has been established that a number of former and current employees, both at the Estonian branch and at Group level, have not fulfilled their legal obligations forming part of their employment with the bank.
As part of the investigations, the Board of Directors, Executive Board members and a large number of senior managers have been assessed by the Bruun & Hjejle law firm. The assessments have given rise to varying degrees of serious criticism of a number of individuals in Estonia and Denmark.
The investigation into accountability has established that the Board of Directors, the Chairman and the CEO did not breach their legal obligations towards Danske Bank.
Based on the conclusions of the investigations, we have taken a number of measures against current and former employees. Management has taken all the steps necessary vis-à-vis the employees and managers involved in Estonia and Denmark in the form, among other things, of warnings, dismissals, loss of bonus payments and reporting to the authorities, but we do not comment on individuals The majority of these employees and managers are no longer employed with Danske Bank.
Gross earnings to be transferred to an independent foundation
As the bank is not able to provide an accurate estimate of the amount of suspicious transactions made by non-resident customers in Estonia during the period, the Board of Directors has decided to donate the gross income from the customers in the period from 2007 to 2015, which is estimated at DKK 1.5 billion.
To the extent not confiscated by the authorities, the gross earnings will be transferred to an independent foundation, which will be set up to support initiatives aimed at combating international financial crime, including money laundering, including in Denmark and Estonia. The foundation will be set up independently from Danske Bank with an independent board.
Improvements in the AML and compliance area at Danske Bank
"While there will always be things that need to and can be improved, when it comes to the fight against financial crime and money laundering, we are in a completely different place today than when the events investigated took place in Estonia. The events that took place in Estonia were in no way representative of the general state of affairs in the bank at the time. There were some very specific issues that allowed the problems to exist and develop, as outlined in the root cause analysis and the investigations that are presented today. We have addressed these specific issues", says Ole Andersen.
Regarding the specific issues in relation to Estonia, we have taken the following initiatives:
- The portfolio of the non-resident customers in Estonia was closed down in 2015 (a few accounts were closed at the beginning of 2016). As part of our strategy, we will serve only subsidiaries of our Nordic customers and international customers with a solid Nordic footprint.
- Governance and oversight in relation to the Baltics have been strengthened with the introduction of a new pan-Baltic management.
- The independence of control functions in the Baltics has been strengthened and processes and controls have been raised to Group level to ensure the same level of risk management and control as in other parts of the Group.
- The Baltic units have been migrated to a single shared IT platform, which enables increased transparency and oversight.
In addition, we have
- initiated a comprehensive AML programme, which has led to major changes in the form of new organisational structures, new routines and procedures, as well as the implementation of new IT systems.
- strengthened and will continue to strengthen the compliance knowledge and culture across the organisation, among other things through a strong management focus and extensive mandatory training. Over the past twelve months alone, internal and external training service providers provided almost 70 different AML training courses across the organisation. Approximately 20,000 employees have been given training.
- implemented risk management and compliance in performance agreements of all members of the Executive Board and senior managers.
- strengthened the whistleblower setup by transferring the responsibility for investigating reports to Group Compliance and implementing a stronger governance setup to handle reports. Furthermore, we have increased information about the whistleblower system to all employees and introduced mandatory training.
- generally strengthened the three lines of defence, which also includes ensuring increased independence of control functions and making sure that whistleblower reports and correspondence with supervisory authorities form part of reporting to the Board of Directors.
An important element of this work is the investment in the further development and implementation of new and robust IT systems and increased automation of work routines, generally as well as specifically in relation to AML controls. Both elements will ensure even better surveillance of transactions and a better overview of customers, and they will also reduce dependency on manual processes.
The findings of the investigations that we are presenting today are in line with the criticism and conclusions announced by the Danish FSA in its decision of May 2018. We agree with the conclusions of the FSA. We are working on implementing all of the orders through the following initiatives:
- We have recruited a new Chief Compliance Officer with broad international experience. He will become a member of the Executive Board when he joins us no later than 1 December 2018.
- We have implemented the extra Pillar II capital requirement of DKK 5 billion and have increased the target for the total capital ratio to "above 19%".
- The Group has carried out an assessment of management and governance in the Estonian branch.
- Integration of compliance as a fundamental part of our culture at all levels.
- New initiatives and procedures to ensure that indications of potentially problematic issues are sufficiently investigated escalated in a timely manner and handled effectively.
- We will establish a central unit at Group level to ensure transparency and completeness in Danske Bank’s interaction with the FSA and due, timely and qualified reporting.
Read the report