Compliance professionals are aware that substandard anti-money laundering (AML) processes and procedures and insufficient know-your-customer screening can open the floodgates for financial crime. Even with this knowledge, the high-profile scandal engulfing Denmark’s largest financial institution, Danske Bank, is a vivid reminder of the monumental scale of legal and reputational risks that arise from inattention to internal controls.
In 2013, a mid-level Danske Bank executive discovered, and reported, gaps in internal AML controls at the bank’s small Estonian branch. His tipoff — alongside growing media, regulatory, and law enforcement pressure — eventually led to headline-stealing revelations in 2017 and 2018 about Danske Bank’s role at the center of a far-reaching investigation that the press dubbed “the largest money laundering scandal” in history.
“Manifestly Insufficient and Inadequate” Procedures
A law firm investigation report — commissioned by Danske Bank’s board and published last September — chronicled nearly USD $230 billion in suspicious money flows through the bank’s Estonian branch. A majority of these funds moved from clients in Russia, Ukraine, Moldova, Azerbaijan, and other post-Soviet states between 2007 and 2015. Among the key findings of the report were failures in AML compliance processes.
“. . . AML procedures at the Estonian branch involving the Non-Resident Portfolio had been manifestly insufficient and inadequate. It was also realized that all control functions (or lines of defense) had failed, both within the branch and at Group level.”
The report noted that the bank had poor knowledge of its customers, beneficial owners, and sources of funds/wealth. Media reports, meanwhile, alleged that illicit money flows from the Estonian branch were channeled from shell companies used by Russia’s intelligence services, relatives of the Russian president, Ukraine’s former president, and scores of oligarchs.
The scandal took on geopolitical dimensions that shook investor confidence, plunged the bank’s stock value by 40 percent in one year, triggered global criminal investigations, and forced out the bank’s CEO and chairman. Estonian regulators in February ordered Danske Bank to leave the country within eight months; earlier this month, the bank outlined its plans to cease all of its Russia operations by January 2020.
The legal and media postmortems present a sobering lesson about the value of shoring up AML and other compliance defenses, gathering knowledge about customers, researching beneficial ownership, and identifying sources of wealth.
We Can Help to Bolster Your Defenses
Anemic compliance is costly, but IntegrityRisk will enable strong compliance that demonstrates defensible standards of care. We’re here to help on fronts ranging from high-volume third-party screening and full-spectrum due diligence to source-of-wealth checks and more.