Deutsche Bank said it is about “two-thirds” of the way toward meeting Germany’s financial regulator’s demands for tighter controls to combat money laundering and terrorist financing.

Last month, BaFin said in a press release it told Deutsche Bank on Sept. 28 to take “specific measures” to prevent money laundering and terrorist financing, giving it a deadline of mid-2023 to comply. The bank said it is confident it will meet the deadline to complete the rest of the requirements.

Failure to do so would risk unspecified financial penalties under the German Money Laundering Act.

“We acknowledge BaFin’s order for Deutsche Bank to complete our ongoing remediation of previously identified deficiencies by mutually agreed deadlines. There are no new findings in this order,” a bank spokesperson said. “We are fully aligned with BaFin on the necessary measures and have already completed a large proportion of them. We have, and will continue, to invest the resources and management attention necessary to improve our control environment and to meet regulatory expectations.”

BaFin first ordered Deutsche Bank to improve its anti-money laundering (AML) controls and procedures in September 2018, which included the landmark appointment of a “special representative” to serve as a monitor. That mandate was expanded in April 2021 because of a lack of progress.

In 2017, Deutsche Bank was fined $630 million by U.S. and U.K. regulators for failing to prevent money laundering linked to $10 billion worth of Russian-owned assets. In 2019 and 2020, German prosecutors penalized the bank for failing to properly report suspicious transactions, including payments linked to Danske Bank’s money laundering scandal at its Estonia branch.

On Dec. 13, Danske Bank agreed to pay $2.2 billion as part of settlements with U.S. and Danish regulators for AML failings linked to its now-defunct Estonia branch, where some $200 billion in illicit funds were funneled undetected for years.

ABN AMRO, ING, and HSBC are other European banks fined in recent years for breaching AML rules, while Latvia’s ABLV failed as a result.

There is a sinking feeling among observers the European Union’s efforts to keep its AML regulations up to date are not working. Of note, the fourth, fifth, and sixth versions of its AML directive came into force within about four years of each other.

“Until banks get on top of their AML checks and start taking them more seriously, they are going to remain on the wrong side of the regulator’s stick.”

Richard McCall, CEO, Armalytix

“These banks have had plenty of warnings, with global regulators constantly punishing those who fall foul of the rules,” said Richard McCall, chief executive officer at data intelligence IT firm Armalytix. “It’s not just a problem that Deutsche is facing; every one of Europe’s top 10 banks have been fined for money laundering offenses in the last decade. Still, it hasn’t sunk in yet as AML rules are not being followed and dirty money is still rife throughout society.”

McCall said progress “won’t improve until banks re-evaluate their priorities and their relationship with paper record keeping.” He added financial services firms view AML and countering the financing of terrorism checks as “a back-office compliance issue” which they “haven’t historically allocated enough time and resources to.”

“Until banks get on top of their AML checks and start taking them more seriously, they are going to remain on the wrong side of the regulator’s stick,” he said.

Bion Behdin, co-founder and chief revenue officer at software vendor First AML, said the biggest issue facing large financial institutions looking to improve their AML controls is around creating a culture of compliance.

“Change in large institutions is hard, and you need to change the culture first before piling more processes on top of the problem,” he said.

“AML processes and procedures are never going to make a real impact if there is a systemic belief compliance is a tick-box exercise,” said Behdin. “The culture of compliance needs to start from the top and permeate throughout the entire organization. There has to be enough conviction to act ethically at all times, even if it marginally affects the bottom line.”

Behdin added legislation is only as good as its implementation and enforcement.

“The cost of noncompliance has to be large enough to affect shareholder return in a meaningful way to see real change,” he said. “If shareholder return is affected dramatically by noncompliance, I think we would see a radical shift very quickly toward significantly better standards of compliance across all European banks.”