Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Tag: AML
`Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition:
- Will SCt kill SEC rule-making ability? (WSJ)
- Int’l ABC court gains traction in the UK. (The Guardian)
- Poor AML killed the bank merger. (WSJ)
- PNF is investigating Thales over sales into India. (Bloomberg)
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition of Daily Compliance News:
- The State of Tennessee seeks to restrict drag shows. (Reuters)
- After the assassination attempt, the Eskom chief fired. (FT)
- Mom is always there when you need her. (FT)
- Not a bribe, just an open-ended loan that was never repaid. (Ohio Capital Journal)
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition of Daily Compliance News:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition of Daily Compliance News:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories today include
Categories
Danske Bank: Part 5 – Final Thoughts
Over the past several blog posts, we have been exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. Danske Bank also settled with the Securities and Exchange Commission (SEC) for misleading US investors about the bank’s anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.
Banks Still Behaving Badly
According to Violation Tracker, the top 10 banks for fines and penalties for this century are as follows:
| TOP 10 CURRENT PARENT COMPANIES | TOTAL PENALTY $ | NUMBER OF RECORDS |
| Bank of America | $83,354,221,356 | 271 |
| JPMorgan Chase | $36,129,286,132 | 223 |
| Citigroup | $25,740,655,365 | 159 |
| Wells Fargo | $22,081,458,643 | 229 |
| Deutsche Bank | $18,541,562,802 | 79 |
| UBS | $17,082,743,334 | 106 |
| Goldman Sachs | $16,603,475,848 | 90 |
| NatWest Group PLC | $13,515,546,857 | 31 |
| Credit Suisse | $11,427,400,126 | 52 |
| Morgan Stanley | $10,167,765,234 | 190 |
In 2022, the top fines involving banks are:
- Danske Bank: $2.4 billion
- Bank of America: $225 million
- Citigroup: $200 million
- Goldman Sachs: $200 million
- Morgan Stanley: $200 million
- Credit Suisse: $200 million
- Barclays: $200 million
- Deutsche Bank: $200 million
- Nomura: $100 million
For whatever reason, banks cannot seem to get it anything near right. Willie Sutton is alleged to have said the reason he robbed banks was because “that’s where the money was.” Now it seems the banks are the bad guys, and the regulators continually have to lay out what seems massive fines and penalties to banks. Yet banks seem oblivious to playing within the bounds of the law. Perhaps, and to broaden out Consumer Financial Protection Bureau (CFPB) head Rohit Chopra’s statement announcing the latest fine against a bank, Wells Fargo at $3.7 billion “Wells Fargo’s rinse-repeat cycle of violating the law” needs to be updated to banks “rinse-repeat cycle of violating the law.”
M&A Double Trouble
Purchasing a corrupt entity is certainly one thing but allowing it to stay corrupt is quite another. As I often say, if an acquisition target engaged in bribery and corruption, or indeed money-laundering, before you acquired them and continue to do so after said purchase; it is not them but you who are now breaking the law. When Danske Bank purchased the branch that became Danske Estonia, it was aware that a substantial portion of the Estonian branch’s customers were “non-residents of Estonia, a group of accounts known as the Non-Resident Portfolio or “NRP” and that many of the NRP customers were from Russia and other former Soviet-bloc countries. These NRP customers’ practices included well-known red flags for potential money laundering: for example, frequent use of offshore LLPs and nominee directors to obscure or conceal beneficial ownership information, use of unregulated intermediaries to carry out transactions on behalf of unknown clients, and ties to jurisdictions with enhanced money laundering risks. Some of these practices were known to Danske in 2007.”
But here is where Danske Bank sealed its fate. As detailed by Matt Kelly in Radical Compliance, calling it the “fatal mistake by bank leadership”; and as laid out in the Plea Agreement, “Danske Bank canceled the migration to the central technology system because the executive board, consisting of Danske Bank senior executives, concluded it would “simply be too expensive” and could cause irregularities.” This allowed Danske Estonia to “maintain its own antiquated IT systems, with no automated customer due diligence or transaction monitoring — simply because bringing the Estonia branch up to acceptable compliance standards would be too expensive. Danske leaders didn’t have the requisite commitment to effective compliance, and from there its AML troubles flowed.”
Money, Money, Money
Perhaps the biggest problem for Danske Bank was the one in the mirror and its addiction to the filthy lucre generated by its Estonia Branch. Both Danske Bank itself and the regulatory authorities made clear the actual AML failures which were ongoing. According to the SEC Order, in “February 2014, Danske hired an external, independent third party to conduct a limited review of Danske Estonia’s AML practices” who concluded into only two months that there were “numerous AML deficiencies that left Danske Estonia highly susceptible to money laundering, including 17 identified as “critical or significant” control deficiencies. Danske’s legal department recommended and retained a third party to conduct a comprehensive internal investigation of Danske Estonia’s customers and transactions and to investigate allegations of employee misconduct. However, Danske senior management canceled the contract and decided to conduct the investigation internally. An internal Danske working group conducted only limited additional investigation of Danske Estonia at that time.”
The regulators identified the illegal issues as well. The Estonia FSA conducted a series of examinations at Danske Estonia and provided a draft report to Danske Estonia which detailed extensive facts concerning willful violations of Estonian AML law by Danske Estonia employees. The report stated, “Danske systematically establishes business relationships with persons in whose activities it is possible to see the simplest and most common suspicious circumstances” and concluded that Danske Estonia systematically ignored Estonian AML law. Danske acknowledged the severity of the Estonian FSA’s findings in communications, including one in which a Danske manager stated, “It is a total and fundamental failure in doing what we should do and doing what we claim to do. This just even more underline[s] the need of full clean up now.” [Emphasis added.] Another manager stated, “The executive summary of the . . . letter is brutal to say the least and is as close to the worst I have ever read within the AML/CTF area. . . . [I]f just half of the executive summary is correct, then this is much more about shutting all non-domestic business down than it is about KYC procedures . . . .” Nonetheless, instead of terminating the NRP business, Danske management opted to continue it because of the profits it generated.” [emphasis in original]
So, we leave this sordid saga of the US DOJ and SEC bringing an AML enforcement action against a Danish bank. At least the US is willing to bring such an enforcement action.
The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the Danske Bank AML enforcement action, and the bank recently pled guilty to money-laundering violations through its Estonia subsidiaries.
Some of the highlights included:
- The background facts.
- What did the home bank know and when?
- Did a tech failure set this all in motion?
- The Bank’s attempts to hide the violations from US authorities.
- Why is the US and not Denmark bringing an enforcement action against a Danish bank?
- What about CCO certification?
- The role of the Danish monitor.
Resources
Tom in the FCPA Compliance and Ethics Blog
Matt Kelly in Radical Compliance
Categories
Danske Bank: Part 4 – The Bank’s Response
We are exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.
Most probably at this point you are thinking it is a very good thing Danske Bank is the premier financial institution in Denmark, or they might not still exist. But as we have seen right up until today, banks continue to engage in the most egregious behavior and simply are hit with another set of fines and penalties. (Wells Fargo Bank NA fined yet another $3.7 billion, this time by the Consumer Financial Protection Bureau, seeConsent Order.) I suppose it is no surprise that Danske Bank was given “too large and too important to put out of business” designation by Danish regulators. That is also probably one of the key reasons the US government brought this enforcement action. First, because the US had the teeth to do and second, the Danish regulators could simply ‘blame the Americans’.
Of course, Danske Bank itself demonstrated its colors when one of its executives said in an email, [Per the SEC Order] “[W]e should be mindful that we have a really bad case in Estonia, where I believe that all lines of defence failed. . . We should make sure that we don’t create a relationship where [Correspondent Bank 2] suddenly feels the need to share their concerns about Danske with US regulators.” The Order went on to note, “Between September 2015 and January 2016, the Danish FSA sent a draft AML inspection report to Danske which included a reprimand related to Danske’s Board of Directors’ failure to identify and address risks at Danske Estonia. In March 2016, the Danish FSA issued a final inspection report which was provided to Danske senior management in which it reprimanded Danske for its failure to identify critical risks at Danske Estonia and failure to limit these risks and concluded that Danske was not in compliance with the Danish AML Act and that “the conditions at the bank’s branch in Estonia posed a material reputation risk for the bank.””
Danske Bank did not receive credit for self-disclosure, but the bank did receive credit for its cooperation, which included full cooperation and admission of responsibility, providing documents and witnesses to be interviewed, all located outside the US and, perhaps most importantly, a “detailed analysis of cross border transactions.” As remedial steps the Bank closed its “non-residential portfolio”, terminated employees, including senior bank executives who were engaged in the conduct, improved its AML function, including a centralized money laundering financial compliance and financial crime program, hired competent and experienced AML compliance professionals and initiated direct reporting lines to the Board of Directors. The Bank agreed to a best-in-class compliance program and an independent expert appointed by the Danish FSA to oversee implementation of the remedial solution. Interestingly, if this independent expert quits for any reason the DOJ retains the right to appoint a monitor.
Danske Bank agreed to a three-year period of continuing cooperation and reporting to the DOJ. Although there is no Deferred Prosecution Agreement (DPA) since this was a criminal guilty plea it seems to act in the manner of ongoing obligations under a DPA. However, it will require Court approval and ongoing oversight because it is a plea deal and not a DPA. Danske Bank is to meet at least quarterly with the DOJ throughout the three-year term, and to submit annual progress reports to the prosecutors until the agreement expires at the end of 2025. According to Radical Compliance, the first report, due in December 2023, needs to focus on three topics:
- Complete description of the bank’s remediation efforts to date;
- Complete description of the testing conducted to evaluate the effectiveness of the compliance program, and the results of that testing; and
- Proposals to assure that the compliance program is reasonably designed, implemented, and enforced.
- The next reports, due at the end of 2024 and 2025, respectively, are supposed to cover all the same ground, and incorporate any feedback the Justice Department provides from the prior reports.
Of course, there is the Chief Compliance Officer (CCO) certification. Would you like to be the CCO who has to certify the Danske Bank AML compliance program is “reasonably and effectively designed to deter and prevent violations of money laundering, anti-money laundering, and bank fraud laws throughout the bank’s operations”?
Tomorrow, we conclude with final thoughts and lessons learned.
