CCO Philippe Vollot has a plan for Danske Bank’s compliance reboot

Danske’s troubles are still far from over. The bank is subject to ongoing criminal and regulatory investigations in Denmark, Estonia, France, and the United States and faces nearly 300 separate legal actions brought by individuals and groups of investors seeking over $1 billion in damages. The bank intends to defend itself against all claims.

The man in charge of turning Danske’s culture around is Philippe Vollot, chief compliance officer and member of the executive leadership team, who joined the bank in November 2018—just a couple of months after CEO Thomas Borgen resigned as the firm finally grasped the scale of the problems it needed to deal with.

Vollot previously worked at Deutsche Bank, an organization he first joined in 1997 to head its compliance department in Paris before rising to global head of anti-financial crime in 2017 after stints in other senior level compliance-related roles. He says there are two reasons why he moved to Danske Bank at such a tumultuous time.

“Firstly, with my experience and background, I thought I could help,” Vollot said in an interview with Compliance Week. “Secondly, the board of directors was extremely convincing in its commitment to make compliance a priority and put it at the top of the bank’s agenda. The bank was very open about what had happened and wanted to change the compliance culture.”

As soon as he joined, Vollot did some due diligence about the bank’s anti-money laundering (AML) failures and what its compliance situation was in terms of mitigating financial crime. His review included examining the robustness and effectiveness of the controls and procedures then in place; the people involved in AML work; the budget and quality of resources at their disposal; and the awareness of AML risks of the rest of the employees across the bank’s operations. After a few months he gave the board his assessment of the bank’s compliance culture and how he wanted to change it.

“I told them that in the case of any significant corporate governance issues, there is always a failure of the three lines of defense, and if they are not sufficiently coordinated then a bank isn’t going to be in compliance,” Vollot said.

His case for a full compliance overhaul was confirmed just weeks into the job when the bank became embroiled in a mis-selling scandal involving its Flexinvest Fri investment product. Around 87,000 customers were adversely impacted as Danske Bank had raised fees even though interest rates at the time were very low, as were the expected returns. Danske has since taken steps to remedy the harm caused and has paid substantial compensation, but it still faces a criminal complaint filed by the country’s financial services regulator. (In fact, the Danish State Prosecutor for Serious Economic and International Crime fined Danske DKK 9 million, or just over $1 million U.S., the day after this article published.)  

“The Flexinvest Fri scandal coming so closely after I joined showed that there was a compliance issue in the bank that was not just related to the Estonian branch or to money laundering,” Vollot said. “It also showed that the board and management needed to take compliance much more seriously and show leadership over it.”

Following his own initial review, Vollot identified four key priorities to turn the situation around:

• Establish a clear tone from the top;
• Ensure full management accountability;
• Enhance the whistleblower reporting framework; and
• Promote a “speak-up” culture.

Vollot said two key challenges from the start were to ensure the bank’s group compliance function had the necessary expertise to make the changes happen, and that the board would provide the appropriate funds to boost its numbers. The executives backed him immediately, and Vollot has massively restructured the function.

“My first priority was to hire more specialized people. When I joined the bank … there were 200 people working in group compliance. By the end of this year that number will be above 500,” Vollot said.

“I can have the best compliance team possible and the full support of the executive leadership team and board of directors, but if people in the rest of the organization are not aware of what they should do then we won’t be able to get to a sufficient compliance maturity.”

Philippe Vollot, Chief Compliance Officer, Danske Bank

“I now also have a team of around 36 senior managers and subject matter experts, including those who report directly to me. Each of them has at least 10 years’ experience in their fields, are committed to best practice, and they know what ‘good’ looks like,” he added.

Vollot has ensured compliance works more closely with other control functions, such as risk management and internal audit. However, he believes that “cultural change is one of the programs that takes the longest to achieve,” adding that “you don’t just solve the problem by throwing resources at it.”

“The execution of key controls is vital,” he said. “I can have the best compliance team possible and the full support of the executive leadership team and board of directors, but if people in the rest of the organization are not aware of what they should do then we won’t be able to get to a sufficient compliance maturity.”

To overhaul the bank’s compliance and internal control, Danske has set up a financial crime transformation program and has committed to a major change program called “Better Bank,” due to be completed by 2023.

“We have left the station, but we have not arrived at our destination yet,” Vollot said. “We have already made clear changes and tangible progress, and by the end of 2021, I think we will have implemented significant major improvements.”

“Our goal is to make the entire workforce think differently about compliance and how we treat our customers,” Vollot said. “Employees need to have a healthy skepticism and be more questioning about the thinking processes they are following and the decisions they need to make if something looks suspicious or may end up producing a poor outcome for our customers.”

He adds: “If something does not look right, employees across all divisions of the bank need to ask themselves whether these customers might not be legitimate, whether the transactions are the right ones for the bank and/or customer, and so on. We are developing an internal culture where employees can feel free to question what is happening if something doesn’t look right and escalate their concerns to the highest level of the organization. That was lacking before.”

Vollot believes there can be no shortcut in pushing toward the bank’s compliance goals. But he adds the ultimate benefits to the business will be worthwhile in the long run.

“There is no question good compliance is a business enabler that creates value,” Vollot said. “If a bank has a record of good compliance and corporate governance, it is good for business.”