Deutsche Bank has become the fourth bank in the past month to get into regulatory trouble for having lax anti-money laundering controls in place, joining Danske Bank, ING, and Credit Suisse.

On Sept. 21, Germany’s market regulator ordered Deutsche Bank to step up its game concerning the prevention of money laundering and terrorist financing. BaFin under the German Money Laundering Act (Geldwäschegesetz) ordered Deutsche Bank to “take appropriate internal safeguards and comply with general due diligence obligations.” It further took the extraordinary measure of assigning a monitor to oversee the bank.

“To monitor the implementation of the ordered measures, BaFin has appointed a special representative,” the regulator stated. “The special representative is to report on and assess the progress of the implementation.”

In a response statement, Deutsche Bank said, “We are in agreement with the BaFin that we have to improve these processes in the corporate and investment bank further. The bank will work together with the BaFin and the special representative KPMG to fulfill the regulatory requirements as soon as possible and within the given time frame.”

Systemic issue

Deutsche Bank is just one of several European financial institutions under fire for having poor money-laundering controls in place, revealing a systemic problem in the industry. Consider these other recent examples:

Danske Bank. Several executive-level employees at Danske Bank—most recently its chief executive—have resigned, following widespread reports that highlight large-scale money laundering in the bank’s Estonian operations. The bank said it is not able to provide an accurate estimate of the number of suspicious transactions made by non-resident customers in Estonia during the nine-year period between 2007-2015. A “significant part” of around €200 billion (U.S. $234 billion) in payments may be questionable.

ING. ING on Sept. 4 reached a €775 million (U.S. $900 million) settlement with Dutch authorities to resolve its money laundering case. According to the Public Prosecution Service, ING Netherlands violated the Money Laundering and Terrorist Financing Act, which requires, among other things, that gatekeepers conduct customer due diligence and report unusual transactions to the Netherlands’ Financial Intelligence Unit (FIU).

Several criminal investigations by Dutch police into corruption and money laundering revealed that suspicious persons and legal entities held accounts with ING Netherlands. During one investigation in February 2016, authorities discovered that lax customer due diligence controls led ING Netherlands to accept clients without sufficiently investigating the risks. Furthermore, client relationships and bank accounts were insufficiently monitored, and its compliance staff lacking. Such compliance failures allowed ING Netherlands to engage in countless instances of money laundering and corrupt practices between 2010 and 2016. 

Credit Suisse. In a third example, on Sept. 17, Swiss Financial Market Supervisory Authority FINMA concluded two enforcement procedures against Credit Suisse, one of which identified deficiencies in the bank’s adherence to anti-money laundering due diligence obligations related to suspected corruption involving the International Federation of Association Football; Brazilian oil corporation Petrobras; and the Venezuelan oil corporation Petróleos de Venezuela, S.A. (PDVSA).

“Three huge financial institutions have fallen foul of anti-money laundering regulations, and there may be more to come,” says Andrew Bud, founder and CEO of iProov, a London-based start-up providing biometric authentication technology. “The entire premise of anti-money laundering regulation is to correctly identify whom to hold accountable for the receipt of criminal funds. In the end, it comes down to identifying individual people, as reliably and un-intrusively as possible.”

“Traditional paper-based identification processes are both cumbersome and, evidently, often ineffective,” Bud says. “New cyber-security technologies are coming to the rescue, and automated facial verification with strong anti-spoofing is the only true way of verifying that a genuinely present individual is who they claim to be and not a trick to conceal their true identity.”