The chief executive of Denmark’s biggest financial institution has resigned following the publication of a report that highlights large-scale money laundering in the bank’s Estonian operations.
“It is clear that Danske Bank has failed to live up to its responsibility in the case of possible money laundering in Estonia. I deeply regret this,” said Danske Bank CEO Thomas Borgen in a written statement released Wednesday.
Danske has been under fire for failing to prevent dirty money from countries including Russia, Azerbaijan, and Moldova flowing through its Estonian branch, especially since the bank has had to revise initial estimates that less than €4 billion (U.S. $4.65 billion) was laundered, rather than the €100 billion (U.S. $116.8 billion) and counting that now seems more likely.
Even now, the bank is not able to provide an accurate estimate of the number of suspicious transactions made by non-resident customers in Estonia during the nine-year period between 2007-2015. A “significant part” of around €200 billion (U.S. $234 billion) in payments may be questionable. Of some 6,200 customers that have been identified as high risk, “almost all” have been reported to authorities.
“It is clear that Danske Bank has failed to live up to its responsibility in the case of possible money laundering in Estonia. I deeply regret this.”
Thomas Borgen, CEO, Danske Bank
Borgen is the second executive to stand down over the scandal. On 5 April, Lars Mørch, Danske Bank’s executive responsible for its business and international banking units, resigned as a member of the executive board over his failure to take warnings about possible money laundering offences in Estonia more seriously.
Anders Jorgensen, head of group compliance, resigned in July.
Prior to Mørch taking the role, Borgen had been in charge of international banking for four years before becoming CEO. The first allegations of money laundering began on his watch. He had called the lack of controls in Estonia “deeply regrettable and completely unacceptable.”
Danske commissioned law firm Bruun & Hjejle in autumn 2017 to investigate the allegations. Around 70 full-time investigators have examined close to 15,000 customers and 9.5 million payments as part of the investigation. Some 12,000 documents and more than 8 million emails have been searched. Investigators have also conducted more than 70 interviews with current and former bank employees and managers, including members of the executive board and members of the board of directors.
The firm’s resulting Report on the Non-Resident Portfolio at Danske Bank’s Estonian branch makes for uncomfortable reading for the bank’s board.
It found that a series of major deficiencies in the bank’s governance and control systems made it possible for criminals to use its Estonian branch for suspicious transactions from 2007, when it acquired Sampo Bank, right up until it terminated the customer portfolio in 2015. Danske had a large number of non-resident customers in Estonia (around 10,000, plus a further 5,000 with “non-resident characteristics”) that it admits it should have never had and that these customers “carried out large volumes of transactions that should have never happened”—around €200 billion (U.S. $234 billion), in fact.
The investigation also found that only part of the suspicious customers and transactions were reported to the authorities as they should have been, and that in general, the Estonian branch had “insufficient focus” on the risk of money laundering. The report found that branch management was more concerned with procedures than with identifying actual risk and that the Estonian control functions did not have a satisfactory degree of independence from the Estonian organisation. Furthermore, the branch operated too independently from the rest of the group without adequate control or management focus and that it operated with its own culture and systems.
Europe’s struggles with money laundering
Despite the fact that AML is a priority of the European Union, Europe’s banking sector cannot seem to get to grips with the rules and hundreds of pages of best practice that Brussels has produced in the past couple of years in the Fourth and Fifth Anti-Money Laundering Directives.
In May 2015, Sweden’s financial services regulator fined Nordea, the region’s largest lender, the maximum penalty allowed for lax anti-money laundering controls (SEK 50 million, or €4.8 million), while Handlesbanken, the country’s second-biggest bank, was handed a SEK 35m (€3.3 million) fine for similar failings.
Danske Bank was fined DKr 12.5m (U.S. $2 million) last December by Danish authorities for violating anti-money laundering rules following an inspection in March 2015 (these were unrelated to the specific allegations in Estonia).
Meanwhile, in the Baltic States, Latvia’s third-largest bank, ABLV, is in the process of liquidating itself after being accused by the United States of “institutionalised money laundering,” and in March the European Central Bank pulled the plug on a small Estonian lender, Versobank, for money laundering offences.
Earlier this month Dutch banking group ING admitted criminals had been able to launder money through its accounts for years and agreed to pay €775 million (U.S. $900 million) to settle the case.
Last week, the European Commission announced proposals to strengthen supervision over banks and other financial institutions to toughen up its fight against money laundering and terrorist financing after admitting that present measures have “failed all too often.”
The Commission wants to give the European Banking Authority, the bloc’s supervisory body for financial services, a powerful new mandate to monitor what firms are doing to tackle money laundering.
Worse still, investigators found evidence to suggest that employees in Estonia may have assisted or colluded with customers in circumventing money laundering controls. They also uncovered breaches at management level in several group functions. None of these incidences were identified or escalated for management or the board to act upon, and when action was eventually taken, it was too little, too late.
Several former and current employees (including managers), both at the Estonian branch and at group level, “did not fulfil their legal obligations,” according to the report, and have been disciplined through warnings, dismissals, and loss of bonus payments. Some have also been reported to the relevant authorities.
The board, the chairman, and the CEO, however, did not breach their own legal duties, the investigation found, and so escape censure—though not criticism.
In a statement, chairman Ole Andersen said: “The bank has clearly failed to live up to its responsibility in this matter.”
“There is no doubt that the problems related to the Estonian branch were much bigger than anticipated when we initiated the investigations,” said Andersen. “The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at the group level were inadequate in relation to Estonia.”
Andersen added that the bank is “committed to using the report as a basis for continued learning and improvement” and said that “we will do everything it takes to ensure that we never find ourselves in the same situation again.”
Danske closed down the portfolio of non-resident customers in Estonia in 2015 and has set up a pan-Baltic management team to strengthen governance and oversight in the Baltic States. Control functions in the region have been strengthened and processes and controls have been raised to group level to ensure the same level of risk management and control as in other parts of the organisation’s network.
The bank has also reviewed how it combats financial crime and has quadrupled the number of full-time employees working in this area to 1,200. Its AML programme has been overhauled, and the bank has placed an emphasis on improving compliance knowledge and culture across the organisation, partly through a strong management focus and extensive mandatory training.
Other measures to improve governance include making senior managers and executive board members more directly accountable by including risk management and compliance in their performance agreements, and by strengthening its “three lines of defence” model and whistleblowing procedures.
Danske received its first whistleblowing report on possible money-laundering violations in its Estonian branch in December 2013, but despite follow ups by internal audit and compliance, management failed to take quick and decisive action.
The bank has also made a key appointment: Philippe Vollot, most recently head of anti-financial crime and group anti-money laundering officer at Deutsche Bank, will start as the bank’s new group chief compliance officer on 1 December and will join the board.
As part of an effort to restore credibility, Danske says it will donate the gross income from its Estonian operations during the nine-year period—estimated to be about DKr1.5bn or U.S. $234 million—to an independent foundation that will be set up to combat international financial crime.