2011 – 2012
The Estonian branch remained largely out of sight for the Board of Directors throughout 2011, aside from a board meeting in May in which the branch’s high profitability was discussed (it was noted that the return on equity (“ROE”) before loan losses for the Estonian branch had increased from 45 % in 2007 to 58 % in 2010). According to minutes of the meeting, the board agreed that “it was important to focus on the right customers” and that “[t]he short-term target was not to be number one or two, but the Bank had to have ambitious goals for the long term.”
2012 brought a renewed focus on AML throughout Danske Bank and at the Estonian branch in particular.
In February 2012, the DFSA received another letter from the EFSA regarding “a number of serious AML/CFT issues in the Estonian branch.” The EFSA noted “[t]he relatively big concentration of the business relationships from risk countries in Branch is not accidental” and that “the same risk patterns” had been identified by the EFSA during its inspections in 2007 and 2009. The DFSA presented this letter to Group Compliance & AML at Danske Bank and requested an explanation for the lack of action taken by the branch.
When replying to the DFSA several weeks later, Group Legal and Group Compliance & AML relied upon information supplied by the Estonian branch. It was stated that “[i]n order to mitigate the risk of being used for money laundering or terror financing Sampo Pank Estonia operates a determined control environment regarding customer relation establishment and transaction monitoring.” The letter also stated that the shortcomings identified by the EFSA in their 2009 inspection report had been corrected and that the Bank is “fully aware that the customer database of Sampo Pank Estonia includes a number of high risk customers. However, we are confident that the control setup corresponds to the actual risk.”
Group Compliance & AML visited the Estonian branch in May, and the findings from this visit were reflected in an appendix to the report from Group Compliance & AML for the first half of 2012. As for the Estonian branch, focus had been on “the ongoing process of controls to ensure that rules are complied with” and “screening of outgoing payments against EU/UN and OFAC list [US Office of Foreign Assets Control’s sanction list].” It was added that “[a]s of today incoming payments are not screened and this might be one of the focus areas going forward.”
In June 2012, Danske Bank’s Baltic banking activities were placed under the Group business unit “Business Banking.” This marked the third time in five years that the line of business reporting structure for the Estonian branch had changed.
Estonian branch line of business reporting structure
A few months after its establishment, the credit and risk function within Business Banking became aware that use of foreign exchange lines (FX lines) in the Estonian branch fell outside Group credit policy because they were used by non-resident customers, some of whom lacked financial statements. It was pointed out that these were high-risk customers, and concerns were raised regarding AML. Ultimately, the use of FX lines was made subject to a memorandum that was approved by two members of the Executive Board as well as other employees at Group level, and which noted:
The paramount risk in these arrangements relate to the banks reputation. Today risk mitigation is achieved by screening customers using the KYC process. The process was presented to the local and DFSA and is more comprehensive than what is currently being used in other business areas.
In June 2012, the DFSA issued nine orders and four pieces of risk information related to an exam of AML risks in Danske Bank’s Danish activities that was conducted in 2011. The orders covered a broad field and included KYC procedures, correspondent banking, transaction monitoring and training programs. Danske Bank’s Board of Directors reviewed the orders and expressed an ambition to become “Best in Class” within AML. At a follow-up inspection in November 2012, the DFSA found that Danske Bank had satisfactorily addressed all orders.
Around this same time, Danske Bank was attempting to open a New York Branch which required approval by the New York Federal Reserve. As part of their New York branch application, the Bank produced an AML action plan which was presented to the Board of Directors at their September meeting. The board rejected the plan because “the AML issues had been known for a long time, actually several years” and they were not comfortable with issuing a declaration to the Federal Reserve about the AML issues “at the present stage.”
On November 30, 2012, Group Internal Audit issued a report on AML in the Estonian branch with an overall rating of “extensive” (the best possible rating). The report included no recommendations for improvement.
At the end of 2012, Danske Bank’s AML responsible person retired. From the end of 2012 to November 2013, Danske Bank did not have a person responsible for AML activities as required by the Danish Anti-Money Laundering Act. The DFSA was not notified of this until February 2018. The Board of Directors and the Executive Board have stated that in practice, the head of Group Compliance & AML, who reported to the Bank’s CFO, was the person responsible for AML activities.