The Federal Reserve Board fined Deutsche Bank $186 million regarding violations of previous consent orders addressing alleged sanctions and anti-money laundering (AML) weaknesses and control failures relating to the bank’s relationship with Danske Bank’s Estonia branch.

The penalty, levied against Deutsche Bank, its New York branch, and other of its U.S. affiliates, is comprised of two parts. Deutsche Bank was fined more than $140 million regarding its alleged violations of the sanctions and AML orders and $46.2 million regarding its relationship with Danske Estonia, the Fed detailed in a consent order published Wednesday.

The Fed also announced a separate written agreement with Deutsche Bank, in which the bank consented to submit plans to enhance its governance, risk management, and controls.

The details: The Fed reached a consent order with Deutsche Bank in 2015 regarding insufficient policies and procedures the bank had in place to ensure compliance with U.S. sanctions imposed by the Treasury Department’s Office of Foreign Assets Control (OFAC) against countries including Iran, Libya, Syria, Burma, and Sudan. The Fed fined the bank $58 million at the time, in conjunction with a $200 million penalty levied by the New York State Department of Financial Services.

In 2017, the Fed fined Deutsche Bank $41 million and issued another consent order for the bank’s failing to maintain an effective AML program to comply with the Bank Secrecy Act (BSA).

Subsequent Fed investigations found the bank “made insufficient progress in its remediation efforts pursuant to the OFAC and AML orders, including with respect to compliance oversight, customer due diligence, transaction data, transaction monitoring and filtering, suspicious activity reporting, and facilitating independent third-party reviews,” according to the agency. The Fed said it found Deutsche Bank’s U.S. operations “have remained exposed to heightened levels of compliance risk without sufficient internal controls, including the risk of failing to detect money laundering activity or U.S. sanctions violations.”

Regarding Danske Estonia, the Fed faulted Deutsche Bank for lacking adequate BSA/AML internal controls in clearing more than $267 billion in transactions for the money laundering-plagued branch from 2007-15. Danske Bank last year agreed to pay more than $2 billion for its Estonia failures.

Compliance considerations: The Fed acknowledged Deutsche Bank has made progress on the requirements of its previous orders and prioritized achieving complete remediation.

“[A]dditional financial and managerial support from Deutsche Bank is needed to remediate the weaknesses described … and ensure effective risk management and internal controls for its U.S. operations, and Deutsche Bank has stated its commitment to provide this support,” said the agency in its written agreement.

Areas where the bank must improve include regarding oversight of U.S. operations, escalation procedures, enterprise data management, assessment of emerging risks, and liquidity risk management.

Bank response: “We appreciate that the Federal Reserve recognizes the progress we have made in recent years in remediating and resolving control weaknesses,” said Deutsche Bank in a statement. “We also recognize that these actions reinforce the need to ensure we stand by our commitments and close our remediation obligations in the near future.”

The bank added it has invested significantly in client due diligence; transaction monitoring; and its anti-financial crime team, including through the hiring of more than 2,000 employees.

“Given the momentum we have built in the last two years, we believe we are well positioned to meet our regulators’ expectations,” said the bank.