Initial Signs of Problems in Estonia


In the spring 2007, the Estonian FSA (EFSA) carried out an inspection at Sampo Pank in Estonia, focusing on the bank’s non-resident customers. The division of responsibilities between the Danish FSA (DFSA) and the EFSA with regard to Danske Bank’s branch in Estonia follows from EU legislation. As the host country supervisor, the EFSA is responsible for the AML supervision of the Estonian branch. Suspicious transactions and activities must be reported to the Estonian Financial Intelligence Unit[29] (“FIU”) who then forwards them to the police and other authorities for further investigation and prosecution. As the home country supervisor of Danske Bank, the DFSA is responsible for monitoring that the Group has sufficient capital and liquidity, and for supervising the Group’s overall governance of its activities. The DFSA is also responsible for the AML supervision of Danske Bank’s Danish activities.


The EFSA’s final inspection report, written in Estonian, was issued on August 16, 2007. On September 20, 2007, the branch sent an English translation of the report’s summary to Danske Bank’s Group Compliance & AML in Copenhagen, which shared it with Group Legal.


The EFSA found deficiencies with respect to KYC (Know Your Customer) information, writing that: “the Bank’s routine practice has not been fully in compliance with the requirements stipulated in valid legal acts and international standards.” The EFSA concluded that “the Bank has underestimated potential risks, associated with providing services to legal entities registered in a low-tax area and undue compliance with relevant procedure rules.” As for non-resident customers in particular, the EFSA stressed the “additional risks” involved, and found that “the actual activity of the Non-Resident Customers Department aimed at examining the activities of clients is not in compliance with international practice and is not sufficient, regarding the specifics of the activities of this particular client group and associated risks.” The EFSA informed the DFSA about their exam findings but, it is unclear if, or how, the DFSA acted on this information.[30] In December, the Estonian branch informed the EFSA of actions taken to comply with the exam findings and orders. Danske Bank’s Board of Directors did not receive any information related to the EFSA exam.


In June 2007, the DFSA received a letter from the Central Bank of Russia expressing concern over the non-resident customers of Sampo Pank in Estonia. The letter noted that “clients of Sampo Bank permanently participate in financial transactions of doubtful origin” estimated at “billions of rubles monthly.” After a description of a type of transaction, the Russian Central Bank further stated that “the mentioned transactions can be aimed at tax and custom payments evasion while importing the goods, or giving the legal form to the outflow of the capital, or they can be connected with the criminal activity in its pure form, including money laundering.” On June 18, 2007, the DFSA forwarded this letter to the Executive Board of Danske Bank and asked Danske Bank for a report that addressed its contents.


The DFSA discussed the matter with Danske Bank’s Head of the Legal department (who was also the person responsible for AML) and the Bank’s Chief Audit Executive. The feedback received from both was that there were no problems in relation to AML risks in the Estonian branch. Group Legal and Group Compliance & AML then replied to the DFSA on behalf of the Bank, by letter, on August 27, 2007. The letter made reference to the recent inspection report from the EFSA, noting that the EFSA’s “conclusion of the inspection was that the bank complies with the existing laws and regulations” and that the EFSA had had no “material observations.” The Board of Directors never received the letter.


The DFSA convened a meeting with Danske Bank on September 3, 2007, at which Group Legal provided equally comforting information. The DFSA also talked with Group Internal Audit, which informed the DFSA that local internal auditors with Sampo Pank in Estonia had looked more closely into the issues raised by the Russian Central Bank and found nothing of note. The DFSA informed the EFSA of this feedback.


The letter from the Russian Central Bank was on the August agenda for the Executive Board and Board of Directors meetings. At these meetings, information was given that the matter would be investigated internally, and the Board of Directors left it with the Executive Board and Group Internal Audit to come back if there were any negative findings. The Board of Directors never received any additional updates on the matter.

[29] Estonian Financial Intelligence Unit (FIU) is an independent structural unit of the Estonian Police and Border Guard Board. The Financial Intelligence Unit analyses and verifies information about suspicions of money laundering or terrorist financing, takes measures for preservation of property where necessary and immediately forwards materials to the competent authorities upon detection of elements of a criminal offence.


[30] The DFSA did prepare an annex in their 2019 report on the Danish FSA’s supervision of Danske Bank dedicated to AML supervision in the Estonian branch but this annex was not publicly released. See Danish Financial Supervisory Authority, Report on the Danish FSA’s supervision of Danske Bank as regards the Estonia case, (Jan. 28, 2019),