Tag: Danske Bank

Categories
Daily Compliance News

January 6, 2023 – The Banning Non-Competes Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Judge accepts Danske Bank’s guilty plea. (Reuters)

·       Coinbase agrees to $100MM. (WSJ)

·       FTC moves to ban non-competes. (WaPo)

·       Morocco caught up in the EU bribery scandal. (Euronews)

Categories
GalloCast

Gallocast – Episode 6

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight into compliance brought to you by the co-CEOs of ComplianceLine. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the dinner table. Hosted by Tom Fox, the Voice of Compliance.

Topics in this episode include:

  • ABB-how, the company’s leadership, made cooperation with the DOJ such a priority that even though it was a threepeat offender, it got a discount from the fine and no monitor.
  • Danske Bank-how the simple decision not to integrate the Estonia branch into the home company’s ERP and DD systems led to a catastrophic failure of over $260bn in money laundering.
  • Wells Fargo was fined $3.7bn this week. Since 2000, the bank has paid over $22bn in fines and penalties. Why can’t the bank fix its broken culture?
  • Elon Musk and Leadership. Why is stability or something like it so critical in the corporate arena?
  • The patriots lose on the final play in what has been called the ‘stupidest play of all time.’ Belichick said it was a lack of ‘situational awareness. Why does a leader need to be aware of the facts and circumstances for each decision?

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Categories
Blog

Danske Bank: Part 5 – Final Thoughts

Over the past several blog posts, we have been exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. Danske Bank also settled with the Securities and Exchange Commission (SEC) for misleading US investors about the bank’s anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

Banks Still Behaving Badly

According to Violation Tracker, the top 10 banks for fines and penalties for this century are as follows:

TOP 10 CURRENT PARENT COMPANIES TOTAL PENALTY $ NUMBER OF RECORDS
Bank of America $83,354,221,356 271
JPMorgan Chase $36,129,286,132 223
Citigroup $25,740,655,365 159
Wells Fargo $22,081,458,643 229
Deutsche Bank $18,541,562,802 79
UBS $17,082,743,334 106
Goldman Sachs $16,603,475,848 90
NatWest Group PLC $13,515,546,857 31
Credit Suisse $11,427,400,126 52
Morgan Stanley $10,167,765,234 190

In 2022, the top fines involving banks are:

  • Danske Bank: $2.4 billion
  • Bank of America: $225 million
  • Citigroup: $200 million
  • Goldman Sachs: $200 million
  • Morgan Stanley: $200 million
  • Credit Suisse: $200 million
  • Barclays: $200 million
  • Deutsche Bank: $200 million
  • Nomura: $100 million

For whatever reason, banks cannot seem to get it anything near right. Willie Sutton is alleged to have said the reason he robbed banks was because “that’s where the money was.” Now it seems the banks are the bad guys, and the regulators continually have to lay out what seems massive fines and penalties to banks. Yet banks seem oblivious to playing within the bounds of the law. Perhaps, and to broaden out Consumer Financial Protection Bureau (CFPB) head Rohit Chopra’s statement announcing the latest fine against a bank, Wells Fargo at $3.7 billion “Wells Fargo’s rinse-repeat cycle of violating the law” needs to be updated to banks “rinse-repeat cycle of violating the law.”

M&A Double Trouble

Purchasing a corrupt entity is certainly one thing but allowing it to stay corrupt is quite another. As I often say, if an acquisition target engaged in bribery and corruption, or indeed money-laundering, before you acquired them and continue to do so after said purchase; it is not them but you who are now breaking the law. When Danske Bank purchased the branch that became Danske Estonia, it was aware that a substantial portion of the Estonian branch’s customers were “non-residents of Estonia, a group of accounts known as the Non-Resident Portfolio or “NRP” and that many of the NRP customers were from Russia and other former Soviet-bloc countries. These NRP customers’ practices included well-known red flags for potential money laundering: for example, frequent use of offshore LLPs and nominee directors to obscure or conceal beneficial ownership information, use of unregulated intermediaries to carry out transactions on behalf of unknown clients, and ties to jurisdictions with enhanced money laundering risks. Some of these practices were known to Danske in 2007.”

But here is where Danske Bank sealed its fate. As detailed by Matt Kelly in Radical Compliance, calling it the “fatal mistake by bank leadership”; and as laid out in the Plea Agreement, “Danske Bank canceled the migration to the central technology system because the executive board, consisting of Danske Bank senior executives, concluded it would “simply be too expensive” and could cause irregularities.” This allowed Danske Estonia to “maintain its own antiquated IT systems, with no automated customer due diligence or transaction monitoring — simply because bringing the Estonia branch up to acceptable compliance standards would be too expensive. Danske leaders didn’t have the requisite commitment to effective compliance, and from there its AML troubles flowed.”

Money, Money, Money

Perhaps the biggest problem for Danske Bank was the one in the mirror and its addiction to the filthy lucre generated by its Estonia Branch. Both Danske Bank itself and the regulatory authorities made clear the actual AML failures which were ongoing. According to the SEC Order, in “February 2014, Danske hired an external, independent third party to conduct a limited review of Danske Estonia’s AML practices” who concluded into only two months that there were “numerous AML deficiencies that left Danske Estonia highly susceptible to money laundering, including 17 identified as “critical or significant” control deficiencies. Danske’s legal department recommended and retained a third party to conduct a comprehensive internal investigation of Danske Estonia’s customers and transactions and to investigate allegations of employee misconduct. However, Danske senior management canceled the contract and decided to conduct the investigation internally. An internal Danske working group conducted only limited additional investigation of Danske Estonia at that time.”

The regulators identified the illegal issues as well. The Estonia FSA conducted a series of examinations at Danske Estonia and provided a draft report to Danske Estonia which detailed extensive facts concerning willful violations of Estonian AML law by Danske Estonia employees. The report stated, “Danske systematically establishes business relationships with persons in whose activities it is possible to see the simplest and most common suspicious circumstances” and concluded that Danske Estonia systematically ignored Estonian AML law. Danske acknowledged the severity of the Estonian FSA’s findings in communications, including one in which a Danske manager stated, “It is a total and fundamental failure in doing what we should do and doing what we claim to do. This just even more underline[s] the need of full clean up now.” [Emphasis added.] Another manager stated, “The executive summary of the . . . letter is brutal to say the least and is as close to the worst I have ever read within the AML/CTF area. . . . [I]f just half of the executive summary is correct, then this is much more about shutting all non-domestic business down than it is about KYC procedures . . . .” Nonetheless, instead of terminating the NRP business, Danske management opted to continue it because of the profits it generated.” [emphasis in original]

So, we leave this sordid saga of the US DOJ and SEC bringing an AML enforcement action against a Danish bank. At least the US is willing to bring such an enforcement action.

Categories
Compliance Into the Weeds

The Danske Bank AML Enforcement Action

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the Danske Bank AML enforcement action, and the bank recently pled guilty to money-laundering violations through its Estonia subsidiaries.

Some of the highlights included:

  • The background facts.
  • What did the home bank know and when?
  • Did a tech failure set this all in motion?
  • The Bank’s attempts to hide the violations from US authorities.
  • Why is the US and not Denmark bringing an enforcement action against a Danish bank?
  • What about CCO certification?
  • The role of the Danish monitor.

 Resources

Tom in the FCPA Compliance and Ethics Blog

Matt Kelly in Radical Compliance

Categories
Blog

Danske Bank: Part 4 – The Bank’s Response

We are exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

Most probably at this point you are thinking it is a very good thing Danske Bank is the premier financial institution in Denmark, or they might not still exist. But as we have seen right up until today, banks continue to engage in the most egregious behavior and simply are hit with another set of fines and penalties. (Wells Fargo Bank NA fined yet another $3.7 billion, this time by the Consumer Financial Protection Bureau, seeConsent Order.) I suppose it is no surprise that Danske Bank was given “too large and too important to put out of business” designation by Danish regulators. That is also probably one of the key reasons the US government brought this enforcement action. First, because the US had the teeth to do and second, the Danish regulators could simply ‘blame the Americans’.

Of course, Danske Bank itself demonstrated its colors when one of its executives said in an email, [Per the SEC Order] “[W]e should be mindful that we have a really bad case in Estonia, where I believe that all lines of defence failed. . . We should make sure that we don’t create a relationship where [Correspondent Bank 2] suddenly feels the need to share their concerns about Danske with US regulators.” The Order went on to note, “Between September 2015 and January 2016, the Danish FSA sent a draft AML inspection report to Danske which included a reprimand related to Danske’s Board of Directors’ failure to identify and address risks at Danske Estonia. In March 2016, the Danish FSA issued a final inspection report which was provided to Danske senior management in which it reprimanded Danske for its failure to identify critical risks at Danske Estonia and failure to limit these risks and concluded that Danske was not in compliance with the Danish AML Act and that “the conditions at the bank’s branch in Estonia posed a material reputation risk for the bank.””

Danske Bank did not receive credit for self-disclosure, but the bank did receive credit for its cooperation, which included full cooperation and admission of responsibility, providing documents and witnesses to be interviewed, all located outside the US and, perhaps most importantly, a “detailed analysis of cross border transactions.” As remedial steps the Bank closed its “non-residential portfolio”, terminated employees, including senior bank executives who were engaged in the conduct, improved its AML function, including a centralized money laundering financial compliance and financial crime program, hired competent and experienced AML compliance professionals and initiated direct reporting lines to the Board of Directors. The Bank agreed to a best-in-class compliance program and an independent expert appointed by the Danish FSA to oversee implementation of the remedial solution. Interestingly, if this independent expert quits for any reason the DOJ retains the right to appoint a monitor.

Danske Bank agreed to a three-year period of continuing cooperation and reporting to the DOJ. Although there is no Deferred Prosecution Agreement (DPA) since this was a criminal guilty plea it seems to act in the manner of ongoing obligations under a DPA. However, it will require Court approval and ongoing oversight because it is a plea deal and not a DPA. Danske Bank is to meet at least quarterly with the DOJ throughout the three-year term, and to submit annual progress reports to the prosecutors until the agreement expires at the end of 2025. According to Radical Compliance, the first report, due in December 2023, needs to focus on three topics:

  • Complete description of the bank’s remediation efforts to date;
  • Complete description of the testing conducted to evaluate the effectiveness of the compliance program, and the results of that testing; and
  • Proposals to assure that the compliance program is reasonably designed, implemented, and enforced.
  • The next reports, due at the end of 2024 and 2025, respectively, are supposed to cover all the same ground, and incorporate any feedback the Justice Department provides from the prior reports.

Of course, there is the Chief Compliance Officer (CCO) certification. Would you like to be the CCO who has to certify the Danske Bank AML compliance program is “reasonably and effectively designed to deter and prevent violations of money laundering, anti-money laundering, and bank fraud laws throughout the bank’s operations”?

Tomorrow, we conclude with final thoughts and lessons learned.

Categories
Blog

Danske Bank: Part 3 – Compliance Failures

We are exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

How did it start to go wrong?

Interestingly, and most significantly for compliance professionals, the trouble for Danske Bank started with an acquisition. According to the Plea Agreement, “Danske Bank acquired Finland-based Sampo Bank in 2007, including Sampo Bank’s large operation in Estonia. A significant part of Sampo Bank’s Estonia business was providing banking services to non-resident customers, that is, companies and individuals residing outside Estonia, including in Russia. DANSKE BANK knew this was a large part of Sampo Bank’s Estonian business model and continued this business after acquiring Sampo Bank. The non-resident portfolio (“NRP”) was, by far, Danske Bank Estonia’s most lucrative business line, generating, over the life of the branch, over 50% of Danske Bank Estonia’s profits. DANSKE BANK knew that many NRP customers conducted transactions in U.S. dollars, which required Danske Bank Estonia to use U.S. banks and bank accounts to process those transactions. By December 2013, DANSKE BANK knew that the NRP was high-risk because, among other reasons, its customers resided in high-risk jurisdictions, frequently used shell companies to shield the identity of their ultimate beneficial owner or the sender or recipient of transactions, and engaged in suspicious transactions through U.S. banks.”

In addition to a failure of due diligence in the pre-acquisition phase, Danske Bank did nothing post acquisition to make sure the new Estonian branch complied with basic AML. Danske Bank Estonia had an inadequate and ineffective compliance program that applied to all customers. As noted in the Plea Agreement, “Danske Bank Estonia, through its International Banking Group (“IBG”), attracted NRP customers by ensuring that they could transfer large amounts of money through Danske Bank Estonia with very little, if any, oversight or scrutiny. IBG employees conspired with their customers to shield the true nature of their transactions, including by assisting customers to conceal beneficial owners by establishing accounts for known shell companies and sometimes creating shell companies for customers in exchange for a “consulting fee.””

Actual Knowledge of Compliance Failures

To read the settlement documents it is clear that Danske Bank was making so much money laundering its Russian clients that it did everything it could do so to avoid making any changes which would kill the golden goose. As early as 2007, Danske Bank was aware a substantial portion of Danske Estonian branch’s customers were non-residents of Estonia, the NRP accounts, and that many of the NRP customers were from Russia and other former Soviet-bloc countries. These NRP customers’ practices included well-known red flags for potential money laundering, for example, frequent use of offshore LLPs and nominee directors to obscure or conceal beneficial ownership information, use of unregulated intermediaries to carry out transactions on behalf of unknown clients, and ties to jurisdictions with enhanced money laundering risks. Yet both Danske Bank Estonia and the parent Danske Bank maintained that “all is well” (yes cue the Animal House riot scene about now).

It was not as if Danske Bank was unaware of its Estonia branch shortcomings and failures. According to the SEC Complaint, “in 2007, the Danish Financial Supervisory Authority (“Danish FSA”) contacted Danske with concerns it had received from the Bank of Russia about NRP customers allegedly engaged in illicit transactions through Danske Estonia, including money laundering which was discussed by Danske’s Board of Directors in August 2007.” In light of the Danish FSA’s warnings, Danske conducted an internal audit of Danske Estonia’s transactions in 2007. That audit did not assess whether Danske Estonia complied with AML and Know-Your-Customer (KYC) procedures required under applicable laws and regulations, but the audit report provided to Danske management noted that Danske Estonia’s procedures in this area were “thin.” The 2007 audit recommended to Danske management that Danske undertake further investigation of Danske Estonia’s practices to ensure compliance with applicable law. Further, in March and April of the same year, the Estonian FSA had carried out an inspection at Danske Estonia and issued an inspection report on August 16, 2007, which found that the Estonian branch was not compliant with its legal obligations.

These compliance shortcomings were in four general areas. Danske Bank Estonia used foreign consultants and intermediaries to recruit customers and outsourced its legal obligations to conduct due diligence and obtain KYC information to third parties. Second, Danske Bank management knew that Danske Estonia was offering certain high-risk services and products associated with suspicious activity which Danske did not permit other branches to offer. Third, Danske Bank knew that its IT platform was incompatible with Danske’s IT platform. Danske knew or was reckless in not knowing that Danske Estonia could not conduct automated AML or KYC controls, such as automated customer screening and automated transaction monitoring. Fourth, Danske Bank Estonia’s AML and compliance control framework did not adequately mitigate the risks of the NRP portfolio and Danske failed to provide effective supervisory oversight. Danske Estonia’s compliance and AML departments were structured differently than at other Danske branch and reported directly to Danske Estonia’s branch manager with dotted line reporting to Danske’s compliance and AML departments. As a result, Danske Estonia’s compliance and AML functions were not effectively monitored or effectively supervised by Danske.

Tomorrow, the Danske Bank response.

Categories
Blog

Danske Bank: Part 2 – Jurisdiction

We finally have the big one in money laundering. That, of course, is Danske Bank A/S (Danske Bank), a global financial institution headquartered in Denmark, which pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

One might reasonably ask why the US government is bringing this action. I think there are two key reasons. First, only the US has the cache to bring such a massive enforcement action against any bank, wherever they are domiciled, which threatens the world’s financial integrity through multiple years of facilitating money laundering. The second is that as the world’s principal financial leader, the US government sees itself as the protector and enforcer of that system. While many outside the US may decry these realities, it is clear that only the US can lead such an action. There certainly were other countries which participated, as both the DOJ and SEC Press Releases noted the cooperation of Denmark and Estonia in this enforcement action but at the end of the day, it had to be led by the US.

Jurisdiction

Even if the US feels that it should lead an enforcement effort in this affront to international law, there still must be jurisdiction to bring these enforcement actions. According to the SEC Complaint, “Danske is a Danish multinational banking and financial services corporation headquartered in Copenhagen, Denmark. At all relevant times, Danske was the largest bank in Denmark and a major retail bank in Northern Europe, with offices in countries outside Denmark.” However, I was somewhat surprised to learn that “Danske’s shares traded in Denmark on the OMX Copenhagen and in the United States over-the- counter (“OTC”) as American Depositary Receipts (“ADRs”) listed in U.S. dollars, and U.S. investors constituted a significant portion of Danske’s shareholders. Between 2009 and 2018, U.S. shareholders held as much as 18% of Danske’s stock.”

This stock sold in the US warranted regulatory protection of US investors. The SEC Complaint went on to note that Danske Bank “engaged in deceptive acts, including misleading Danish regulators and U.S. correspondent banks, to conceal its AML and KYC deficiencies. Danske stopped providing services to its high risk customers by April 2016 but failed to timely disclose to investors known misconduct and widespread AML failures.” These failures to inform investors took the form of “a variety of reports, including annual, interim, corporate governance, and risk management reports, in English on its corporate website for the benefit of and made available to, inter alia, actual and prospective U.S. investors. Certain of these reports contained representations to investors about Danske’s risk management processes and disciplines related to the banks systems and controls. Such systems and controls would include Danske’s policies and procedures to detect, prevent and mitigate risks to the bank from financial crime, including money laundering.” Finally, the harm from the illegal conduct hit US investors as “between September 2017 and November 1, 2018, Danske’s share price dropped by approximately 49% as the full extent of Danske’s misconduct became apparent.”

The only reference to US jurisdiction from the DOJ came in the Plea Agreement which obliquely noted Danske Bank “engaged in suspicious transactions through U.S. banks.”

We rarely take a deep dive into the jurisdiction which allows a Foreign Corrupt Practices Act (FCPA) or other similar action to be brought in the US. However, the Danske Bank AML enforcement action makes clear that simply because a company is domiciled outside the US, if it does business internationally, there may be multiple US jurisdiction points which could allow US authorities to bring an enforcement action.

Tomorrow, where did it all start and what were the AML compliance program failures?

Categories
Blog

Danske Bank: Part 1 – Introduction

We finally have the big one in money laundering. That, of course, is Danske Bank A/S (Danske Bank), a global financial institution headquartered in Denmark, which pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

On the criminal side of things, Danske Bank pled guilty to one count of conspiracy to commit bank fraud. Under the terms of the plea agreement, the company has agreed to criminal forfeiture of $2.059 billion. Danske Bank will also enter into separate criminal or civil resolutions with domestic and foreign authorities. As a part of the overall fine and penalty, the DOJ will credit nearly $850 million in payments that Danske Bank makes to resolve related parallel investigations. Danske Bank agreed to pay $413 million to settle the SEC’s charges related to other domestic and foreign authorities.

What The Said

Deputy Attorney General Lisa Monaco said, “Today’s guilty plea by Danske Bank and two-billion-dollar penalty demonstrate that the Department of Justice will fiercely guard the integrity of the U.S. financial system from tainted foreign money – Russian or otherwise. Whether you are a U.S. or foreign bank, if you use the U.S. financial system, you must comply with our laws. We expect companies to invest in robust compliance programs – including at newly acquired or far-flung subsidiaries – and to step up and own up to misconduct when it occurs. Failure to do so may well be a one-way ticket to a multi-billion-dollar guilty plea.”

Assistant Attorney General Kenneth A. Polite added “Danske Bank lied to U.S. banks about its deficient anti-money laundering systems, inadequate transaction monitoring capabilities, and its high-risk, offshore customer base in order to gain unlawful access to the U.S. financial system. Danske Bank accepted responsibility for defrauding U.S. financial institutions and funneling billions of dollars in suspicious and criminal transactions through the United States. As part of its guilty plea, Danske Bank will forfeit over $2 billion and implement significant changes to its compliance program and AML controls. This coordinated resolution with the Securities and Exchange Commission (SEC) and Danish authorities sends a clear message that the Department of Justice stands ready to work with our partners around the world to investigate corporate wrongdoing and hold bad actors accountable for their criminal conduct.”

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in the SEC Press Release, “Corporations that raise money from the public must disclose information that is material to investors, who then get to decide what risks they want to take. That’s the basic bargain of our securities laws and it extends to foreign issuers like Danske Bank, which sought to access our capital markets, even though its securities were not registered with the Commission. But as alleged in our complaint, Danske Bank repeatedly broke that bargain by misrepresenting to its shareholders, including U.S. investors, that it had strong anti-money laundering controls while hiding its significant control deficiencies and compliance failures.”

The Illegal Conduct

According to the DOJ, between “2008 and 2016, Danske Bank offered banking services through its branch in Estonia, Danske Bank Estonia. Danske Bank Estonia had a lucrative business line serving non-resident customers known as the NRP. Danske Bank Estonia attracted NRP customers by ensuring that they could transfer large amounts of money through Danske Bank Estonia with little, if any, oversight. Danske Bank Estonia employees conspired with NRP customers to shield the true nature of their transactions, including by using shell companies that obscured actual ownership of the funds. Access to the U.S. financial system via the U.S. banks was critical to Danske Bank and its NRP customers, who relied on access to U.S. banks to process U.S. dollar transactions. Danske Bank Estonia processed $160 billion through U.S. banks on behalf of the NRP.”

According to the SEC, “when Danske Bank acquired its Estonian branch in 2007, it knew or should have known that a substantial portion of the branch’s customers were engaging in transactions that had a high risk of involving money laundering; that its internal risk management procedures were inadequate to prevent such activity; and that its AML and Know-Your-Customer procedures were not being followed and did not comply with applicable laws and rules. The SEC alleges that, from 2009 to 2016, these high-risk customers, none of whom were residents of Estonia, utilized Danske Bank’s services to transact billions of dollars in suspicious transactions through the U.S. and other countries, generating as much as 99 percent of the Estonian branch’s profits. The complaint further alleges that, although Danske Bank knew of these high-risk transactions, it made materially misleading statements and omissions in its publicly available reports stating that it complied with its AML obligations and that it had effectively managed its AML risks. As the full extent of Danske Bank’s AML failures became apparent, its share price dropped precipitously.”

What Does it Mean for Compliance

The Danske Bank enforcement action presents multiple lessons learned for the compliance professional, both in AML compliance and anti-corruption compliance. Over the next several blog posts, we will be looking at the illegal schemes and internal control failures in some detail. I hope you will join me for the exploration.

Tomorrow, where did it all start to go wrong?

Categories
Daily Compliance News

June 17, 2022 the We Did Nothing Wrong Edition


In today’s edition of Daily Compliance News:

  • More comments on CCO certification. (WSJ)
  • Guilty plea in Danske Bank money-laundering. (US News and World Reports)
  • Swiss Prosecutor finds $60MM in Credit Suisse AML payment. (BNN Bloomberg)
  • Activision investigates itself and finds senior management did nothing wrong. (WSJ)
Categories
Daily Compliance News

January 4, 2022 the Why Upgrade Edition


In today’s edition of Daily Compliance News:
·       Airbnb settles Cuba trade sanction case. (WSJ)
·       Danske Bank builds out its compliance function. (WSJ)
·       How much does outdated data protection cost a business? (Reuters)
·       Why perform DD pre-acquisition. (Reuters)