In January, the Executive Board recommended to the Board of Directors that the Estonian branch exit the non-resident segment and focus “only on customers with a real Baltic presence.” The Board of Directors approved this recommendation and in Danske Bank’s annual report for 2014, goodwill for the Estonian branch was written down to zero due to “a worsening of the long-term economic outlook in Estonia and the planned repositioning of the personal banking business in 2015.”
The DFSA and EFSA ramped up their scrutiny of Danske Bank’s AML practices in 2015. The DFSA conducted an exam in February, during which the EFSA’s inspection report from the previous December was shared, as was the report from the external consultancy from April 2014. The DFSA released their draft inspection report in June, where it was noted that the Estonian branch’s “risk-mitigating measures . . . have been totally insufficient and in violation of the local AML-rules.”
In September, the DFSA followed up on their draft inspection report from June, noting that they found “cause to reprimand the bank’s board of directors for not having identified the Estonian branch’s risk in the AML area, including not having determined the nature and size of the risks that the branch may assume, and for not having taken sufficiently risk-mitigating measures in this relation in accordance with local legislation.” This reprimand was maintained in the final inspection report issued by the DFSA on March 15, 2016.
Group Internal Audit also followed up on issues identified in 2014, releasing their audit report on June 19, 2015. The report assigned an “Action needed” (the worst possible rating) to the Estonian branch, noting that the “On-boarding process for new non-resident customers’ needs strengthening.” Another observation, “Periodical reassessment for high-risk non-residents needs to be improved” (priority 1), was based on a review of memos from the customer review (“clean-up process of high-risk non-resident customers”). It was also noted that “[i]dentification of ultimate beneficial owners (and ‘controlling interests’) remains in some cases unclear.”
The CEO received the audit report and its findings were included in a long-form audit report submitted to the Executive Board, the Audit Committee, and the Board of Directors for meetings in July.
On May 6, 2015, Danske Bank was contacted at Group level by a correspondent bank that cleared USD transactions for the Estonian branch. The correspondent bank requested that “all payments on behalf [sic] any Shell Company does not get routed” via the correspondent bank. Then in July, another correspondent bank that cleared most of the Estonian branch’s USD transactions notified Danske Bank that “they had found some payments that they were not comfortable with.” The Board of Directors was never informed about either of these correspondences and the Estonian branch was not informed about these matters until August 2015.
In the middle of 2015, Danske Bank accelerated the run-off of the Non-Resident Portfolio in Estonia. In a September letter to the EFSA, the Estonian branch compared the number of customers at the beginning of 2014 (3,743) with the number of customers at the end of July 2015 (2,169). They noted that “[d]uring the year 2015, the Branch has issued to 2,261 such customers notices of terminating the business relationship with them” and that “[p]roviding that the business relationships are terminated by the deadlines specified in the notices, the serving of high-risk customers will be diminished to a significant extent by the end of 2015.”
On December 23rd, the International and Private Banking Division within the Estonian branch was closed and most of the customer relationships were ended. As was reported to the Board of Directors in May 2016, “[t]he non-resident customer business was fully closed at the end of 2015, addressing a significant compliance and reputational risk for the Group.”
 Danske Bank, 2014 Annual Report, at 88 (Feb. 2015),