Danske Bank was fined 1.82 million euros (U.S. $1.82 million) by the Central Bank of Ireland (CBI) on Tuesday for omitting customers from automated financial crime checks between 2010-19 and failing to notify the regulator.

The bank was found to have committed three breaches under Ireland’s Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA) for failures relating to transaction monitoring; enhanced customer due diligence; and anti-money laundering (AML)/countering the financing of terrorism policies, procedures, and controls.

Danske’s problems stemmed from its use of historic data filters that predated the CJA and had not been updated to account for new compliance requirements within the legislation, the CBI explained in a press release. This led to some categories of customers being mistakenly excluded from transaction checks, including customers rated by Danske as medium and high risk.

An internal audit report from May 2015 tipped off Danske its transition monitoring procedures and controls were inadequate because they excluded certain categories of customer. However, it did not notify the CBI until nearly four years later, according to the regulator.

Between August 2015 and March 2019, the CBI estimated 348,321 transactions—equaling nearly 2.5 percent of all transactions processed through Danske’s Irish branch—were not monitored for money laundering or terrorist financing risk.

Danske was originally set to be fined €2.6 million (U.S. $2.6 million) but received a 30 percent discount from the regulator for early cooperation.

“This case highlights the requirement for firms … to ensure that group systems, controls, policies, and procedures are compatible with Irish legal requirements and to ensure that their governance framework and risk management measures operate effectively,” stated Seana Cunningham, the CBI’s director of enforcement and AML. “… The Central Bank expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors.”

In a statement, Danske said by March 2019 it remedied the “very low” financial crimes risks it identified in its review, which led to just one suspicious transaction report. The bank, which accepted the CBI’s findings, added it has not identified any financial loss to customers because of its failings.

Danske is expected to face the potential of fines in the billions soon for poor AML controls relating to its former Estonia branch, as well as staggering compliance costs.

Between 2018 and the end of this year, Danske said it will have spent approximately 12 billion Danish kroner (U.S. $1.61 billion) on maintaining and improving its overall financial crime risk management framework, including AML controls.

The bank added it has 3,600 full-time employees dedicated to fighting financial crime.