A long-running money laundering scandal at Denmark’s biggest lender has resulted in one of the bank’s executives stepping down.

On 5 April, Lars Mørch, Danske Bank’s executive responsible for its business and international banking units, resigned as a member of the executive board over his failure to take warnings about possible money laundering offences at the bank’s Estonian operations more seriously. He is the only one to step down—so far.

“Although the ongoing investigations into the issues related to the Estonian non-resident portfolio have not been completed, it is now clear that the bank should have undertaken more thorough investigations at an earlier point. Such investigations would have led us to understand the full extent of the issues sooner and prompted swifter actions,” said Danske’s chairman, Ole Andersen, in a written statement.

Mørch has been at Danske Bank since 1999 and has been responsible for business banking since 2012. He will remain on the bank’s payroll until October 2019, though he “will be released from his ordinary work duties as soon as possible.” Thomas Borgen, who has been Danske’s chief executive since 2013, will temporarily assume Mørch’s responsibilities on the board.

Danske is being investigated by Estonian and Danish regulators over potential money laundering in the Baltic country, and the Danish Financial Supervisory Authority has already issued a reprimand. The bank has faced a long series of allegations that lax controls in its Estonian operations in 2007 and 2015 led to money laundering from Azerbaijan, Moldova, and Russia. Danish national newspaper Berlingske reported in February that a whistleblower told senior management in 2013 of allegations that a relative of Russian president Vladimir Putin and Russia’s intelligence services were behind money laundering in the Estonian branch.

“Although the ongoing investigations into the issues related to the Estonian non-resident portfolio have not been completed, it is now clear that the bank should have undertaken more thorough investigations at an earlier point. Such investigations would have led us to understand the full extent of the issues sooner and prompted swifter actions.”
Ole Andersen, Chairman, Danske

Mørch’s resignation comes just three weeks after the bank was forced to issue a statement in response to media reports providing yet more details of the bank’s failings and the reluctance of management to tackle the problem appropriately when notified. On 13 March, the bank’s chairman, Andersen, warned in a statement that “should the investigations uncover misconduct on the part of employees or managers, we will of course ensure that the necessary steps are taken.” Mørch’s departure suggests that the bank is prepared to act decisively.

Senior executives have come under pressure about what they knew and when, as well as why they did not act sooner to address the problems. The bank has hired law firm Bruun & Hjejle to conduct its own investigation, due out later this year, possibly September. Big Four firms PwC and EY are carrying out forensic investigations, and analysis software company Palantir Technologies is helping the bank analyse the original transaction and customer data. The bank has also said it is examining whether its Lithuanian and Latvian branches have been involved in money laundering too.

The probe could raise questions for Borgen, who had also been in charge of international banking for four years immediately prior to becoming CEO. The first allegations of money laundering began on his watch. He has called the lack of controls in Estonia “deeply regrettable and completely unacceptable.”

The bank has already uncovered some troubling problems as part of its own investigations into what happened and what went wrong. On 21 Sept. 2017,  Danske Bank announced it was expanding its investigation into the failings at its Estonian branch. The expanded investigation covers customers and transactions at the Estonian branch in that period and is being led by Jens Madsen, head of the bank’s newly established Compliance Incident Team. Madsen was previously head of Denmark’s intelligence agency (PET) and the country’s fraud squad (SØIK).

Nordic and Baltic banks’ recent struggles with money laundering

The investigation into Danske is only the latest in a series of money laundering problems to hit both Nordic and Baltic banks in recent years. Danske itself was fined DKr 12.5m (U.S. $2M) last December by Danish authorities for violating anti-money laundering rules following an inspection in March 2015 (these were unrelated to the specific allegations in Estonia).
In a statement, the bank’s CEO, Thomas Borgen, said: “We have a special responsibility with regard to the combating of money laundering, and regrettably, we have not lived up to that responsibility in terms of the monitoring of transactions to and from correspondent banks. That is the reason why we have been fined, and we have accepted and will pay the fine.”
In May 2015, Sweden’s financial services regulator fined Nordea, the region’s largest lender, the maximum penalty allowed for lax anti-money laundering controls (SEK 50 million, or €4.8 million), while Handlesbanken, the country’s second biggest bank, was handed a SEK 35m (€3.3 million) fine for similar failings.
Meanwhile, in the Baltic States, Latvia’s third-largest bank, ABLV, is in the process of liquidating itself after being accused by the United States of “institutionalised money laundering”; and, in March, the European Central Bank pulled the plug on a small Estonian lender, Versobank, for money laundering offences.
Estonia’s banking regulator, the Finantsinspektsioon, said the action against Versobank was “an isolated case” and did not affect other banks in the eurozone country.
— Neil Hodge

At the same time, Danske revealed that a root cause analysis performed by regulatory consulting firm Promontory Financial Group had found that three major deficiencies led to the branch not being sufficiently effective in preventing it from potentially being used for money laundering over a nine-year period from 2007-2015.

The first failing was that there was no proper focus on the risks of anti-money laundering at the Estonian branch, nor was there a proper culture at the bank to raise awareness. Promontory found that “there was insufficient attention to ensuring that the branch had the necessary controls and ongoing monitoring.” As a result, earlier opportunities to investigate the activities at the branch were missed. Both the culture at the branch and management were “inadequate” during the relevant period.

Secondly, there was inadequate governance in relation to compliance and risk. Promontory found that the group executive board and the board of directors based their risk assessments on reporting from the compliance and internal audit functions based in Estonia. These control functions, however, did not have a satisfactory degree of independence from the local organisation, and Danske’s cross-organisational risk assessment methods were neither strong enough to identify, and mitigate, potential money laundering risks, nor the potential lack of independence or conflicts of interest.

Thirdly, Promontory found that management follow-up and control were highly dependent on local country management. The branch in Estonia, acquired as part of the purchase of Sampo Bank in 2007, operated very much as an independent unit, with its own systems, procedures, and culture regarding anti-money laundering measures. This meant that follow-up by group control functions and reporting to the bank’s executive board and the board of directors was highly dependent on reporting from local management in Estonia.

In the wake of the report’s findings, Danske says that it has revamped its control functions so that they are properly independent; it has put in place much better procedures and controls; and the management team now in place in Estonia maintains a much stronger focus on money laundering risks. Other measures that the bank has taken to ensure tighter controls include improving IT systems to enhance monitoring and adding more resources to anti-money laundering activities and staff training.

“It has never been as difficult to use Danske Bank for money laundering or other illegal activities as it is now, and it will become increasingly difficult,” says the bank.