2008 – 2010
In 2008, Sampo Pank in Estonia was converted into a branch of Danske Bank—as was originally planned at the time of the Sampo Bank acquisition—however, plans to integrate the newly acquired Baltic subsidiaries onto the Group IT platform were shelved after the Global Financial Crisis hit and it was deemed too expensive. Danske Bank’s management recognized that cancelling the IT migration required additional focus on compliance in the Baltic operations, and later in 2008, Group Internal Audit reviewed the AML procedures in the Estonian branch and gave a rating of “satisfactory” (the second best rating). It was observed that “[t]he non-resident customers department has improved considerably in applying KYC [Know Your Customer] principles” although Group Internal Audit also noted “a few shortcomings.” Group Compliance & AML continued to find no issues arising from AML in the Estonian branch throughout 2009.
In January 2008, EU Directive 2005/60 (“Third AML Directive”) was implemented into Estonian law in the form of the Money Laundering and Terrorist Financing Prevention Act (MLTFPA). Pursuant to this regulation, financial institutions had to perform customer due diligence, e.g. when establishing a business relationship with a customer or when there was a suspicion of money laundering (or terrorist financing), regardless of any derogation, exemption or threshold. The customer due diligence measures included an obligation to establish the customer’s identity (and, where applicable, the beneficial owner) and to obtain information on the purpose and intended nature of the business relationship. Financial institutions had an obligation to conduct enhanced customer due diligence in situations which by their nature presented a higher risk of money laundering (or terrorist financing).
Yet another important part of the regulation consisted in reporting obligations. If a financial institution knew of, suspected, or had reasonable grounds to suspect a customer of engaging in money laundering (or terrorist financing), this had to be reported to the Financial Intelligence Unit (FIU), in the form of a suspicious activity report (SAR).
These new guidelines were incorporated into the EFSA’s follow-up AML inspection from 2007.
In October 2009, the Estonian branch provided Group Compliance & AML with an English summary of the final inspection report. According to the summary, the EFSA found the attitude of branch employees concerning the objectives of and compliance with statutory requirements had “improved considerably.” The EFSA also found that the branch had “changed or updated its internal procedures in line with the legal amendments made in 2008” (albeit with “some deficiencies”). The EFSA worryingly noted that “[t]he documents and information about customers and their activities reviewed in the course of the on-site inspection did not comply with the requirements of legislation and/or the internal procedures of the Branch in all cases.” They stressed “the importance of obtaining the relevant information, especially about the beneficial owners, ownership and control structures and economic activities of customers in order to guarantee that the Branch and the entire financial system of Estonia function in a manner that is trustworthy and in compliance with international standards.” The Board of Directors never received information pertaining to the inspection report.
In 2010, news reports linked several Estonian branch customers to illegal activities. In January, Barron’s published an article linking a specific company, which was a customer of the branch, to a North Korean arms smuggling case in Thailand (the article did not mention Sampo Pank or Danske Bank). Action was taken within the Estonian branch to address the situation but the Group was not informed.
On January 25, 2010, Estonian media linked the Estonian branch to an alleged money-laundering scheme involving a currency exchange company and a specific customer. On January 28, 2010, this story was, in short form, reflected in Danish media when another Danish bank stated that the matter related to Sampo Pank. This gave rise to questions at Group level, and the matter came up again in March 2010 among members of the Executive Board following approach by one of Danske Bank’s correspondent banks.
These news reports prompted the Executive Board to take note of the Non-Resident Portfolio in the Estonian branch. Thomas Borgen, who joined the Executive Board in September 2009 and was responsible for Baltic banking activities until June 2012, told his colleagues in an email that expansion in Estonia should not come at the cost of AML violations.
At an Executive Board meeting in March 2010, there was a discussion around the number of suspicious activity reports (“SARs”) filed by the Estonian branch. The discussion is reflected in the minutes as follows (translation):
The AML report states at page 5 that Estonia accounts for a 30 % market share of the “Suspicious Activity Reports.” According to [name], the reason for this high share is that the standard of Danske Bank is high compared to other banks in Estonia.
Concerns were also expressed over the number of Russian transfers in the branch, to which Borgen noted that the Russian Central Bank had been contacted, and it had agreed to these transfers. Borgen indicated he had not come across anything that could give rise to concern.
Borgen brought up the Non-Resident Portfolio again at the Executive Board’s September 2010 meeting. According to the minutes, other employees told Borgen they were:
Comfortable with the situation in Estonia with substantial Russian deposits. This was also underlined by the approval received from the Russian Central Bank to establish a representative office in Moscow.