Danske Bank pays U.S., Danish authorities more than $2 billion for hefty AML failings, being epicenter of massive money laundering scandal that rocked EU, Baltic, Nordic regions

The Skinny:

• Denmark’s largest bank has paid U.S. and Danish authorities more than $2 billion in penalties and forfeitures for broad financial crime compliance failings tied to a money laundering scandal that saw an Estonian branch move hundreds of billions of dollars in suspicious funds – some tied to global pariah Russia.
• In the massive, multijurisdictional settlement, Danske Bank will plead guilty and pay the U.S. Department of Justice (DOJ), the Securities Exchange Commission (SEC) and the Danish Special Crime Unit (SCU) $2.06 billion for violations of anti-money laundering (AML) laws and duping U.S. correspondents – unwittingly making them part of the scheme.
• The penalty documents also noted a continued risk for U.S. and foreign banks with sprawling correspondent networks – linked banking groups that simply lie when asked about their countercrime systems, controls and their connections to risky customers and regions.

By Brian Monroe
bmonroe@acfcs.org
Dec. 13, 2022

Denmark’s largest bank has paid U.S. and Danish authorities more than $2 billion in penalties and forfeitures for broad financial crime compliance failings tied to a money laundering scandal that saw an Estonian branch move hundreds of billions of dollars in suspicious funds – some tied to global pariah Russia.

In the massive, multijurisdictional settlement, Danske Bank will plead guilty and pay the U.S. Department of Justice (DOJ), the Securities Exchange Commission (SEC) and the Danish Special Crime Unit (SCU) $2.06 billion for violations of anti-money laundering (AML) laws and duping U.S. correspondents – unwittingly making them part of the scheme.

Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.

“Whether you are a U.S. or foreign bank, if you use the U.S. financial system, you must comply with our laws,” said Deputy Attorney General Lisa Monaco.

“We expect companies to invest in robust compliance programs – including at newly acquired or far-flung subsidiaries – and to step up and own up to misconduct when it occurs. Failure to do so may well be a one-way ticket to a multi-billion-dollar guilty plea.”

So what went wrong exactly to be among the largest AML penalties ever handed down in the United States: BNP Paribas still holds the record at nearly $9 billion while HSBC was nearly $2 billion?

Between 2008 and 2016, Danske Bank offered banking services through its branch in Estonia, a lucrative business line serving non-resident customers known as the NRP, or non-resident portfolio.

One major draw for suspicious groups: the branch ensured NRP customers they could transfer large amounts of money “with little, if any, oversight,” in some cases with employees actively obfuscating the transaction trail for customers with shell companies.

Access to the U.S. financial system via the U.S. banks was “critical to Danske Bank and its NRP customers, who relied on access to U.S. banks to process U.S. dollar transactions,” according to DOJ.

In all, Danske Bank Estonia processed $160 billion through U.S. banks on behalf of the NRP.

By at least February 2014, as a result of internal audits, information from regulators, and an internal whistleblower, Danske Bank “knew that some NRP customers were engaged in highly suspicious and potentially criminal transactions, including transactions through U.S. banks,” fostered by a lax AML program.

But rather than detailing the extent of the AML programs to U.S. banking groups and correspondent connections, the Estonian branch lied about its AML, risk ranking and transaction screening gaps and downplayed the higher risk profile of clients.

Fincrime compliance takeaway for the banking sector: KYC – know your correspondent

The penalty documents also noted a continued risk for U.S. and foreign banks with sprawling correspondent networks – linked banking groups that simply lie when asked about their countercrime systems, controls and their connections to risky customers and regions.

“Danske Bank lied to U.S. banks about its deficient anti-money laundering systems, inadequate transaction monitoring capabilities, and its high-risk, offshore customer base in order to gain unlawful access to the U.S. financial system,” said Assistant Attorney General Kenneth Polite.

Reflecting cross-crediting arrangements between the three authorities as well as currency conversions, the final fine figures payable to the authorities are:

• DoJ: USD $1.209 billion
• SEC: USD $178.6 million
• SCU: DKK 4.749 billion

Danske Bank has not tried to hide the full scope of its failings tied to the money laundering scandal.

It has been consistently devoting high-profile sections on its website to the “Estonian Matter,” as it calls the debacle, complete with updates, potential set aside figures Q and A sections and apologies from the highest echelons of the organization.

In statements on the website and penalty documents, Danske Bank stated that it “fully accepts the findings and apologi[z]es unreservedly for the unacceptable historical failings and misconduct, which have no place at Danske Bank today.”

Danske Bank has “taken extensive remediation action to address those failings to prevent any repeat, including new leadership and significant investments in systems, controls and competencies to fight financial crime.”

The Justice Department stated that as part of the final settlement figure, it is crediting nearly $850 million in payments that Danske Bank is making to “resolve related parallel investigations by other domestic and foreign authorities.”

As part of Danske Bank’s plea agreement with the DOJ, Danske Bank will be placed on probation for three years.

After learning of the investigations, Danske Bank stated it has cooperated with the DoJ, SEC, and SCU.

Furthermore, the bank stated that it was able to negotiate away a DOJ corporate monitor as it was already ordered by the Danish FSA to have an independent expert monitoring the implementation of its financial crime plan.

Document deluge: methinks these are all the important government, bank links

DOJ release:

• https://www.justice.gov/opa/pr/danske-bank-pleads-guilty-fraud-us-banks-multi-billion-dollar-scheme-access-us-financial

Main SEC release:

• https://www.sec.gov/news/press-release/2022-220

SEC complaint:

• https://www.sec.gov/litigation/complaints/2022/comp-pr2022-220.pdf

Main Danske Bank announcement, details, division of penalties between DOJ, SEC, Danish authorities:

• https://danskebank.com/news-and-insights/news-archive/company-announcements/2022/ca13122022b

The actual DOJ plea agreement, 129 pages:

• https://danskebank.com/-/media/danske-bank-com/file-cloud/2022/12/doj-plea-agreement-and-information.pdf?rev=cc919805d8024615a679066a4a545fdc&hash=69F4745401322D941C9B455705684C98

Notice and fine details from the Denmark Special Crimes Unit:

• https://danskebank.com/-/media/danske-bank-com/file-cloud/2022/12/scu-fine-notice-eng.pdf?rev=ac483b3e532e4f59a60dfbd5c900ebf1&hash=564237306197ABC613905A70F20D0E25

Detailed Danske Bank QandA on the “Estonia Matter” as they call it:

• https://danskebank.com/about-us/corporate-governance/resolution-in-terms-of-the-estonia-matter

Updates and changes to the banks AML systems, training and a look at broader partnerships to better improve regional results, working with law enforcement:

• https://danskebank.com/about-us/corporate-governance/compliance/fighting-financial-crime

Announcement of SEC complaint by Danske Bank:

• https://danskebank.com/news-and-insights/news-archive/company-announcements/2022/ca13122022a

Great roundup of Danske Bank news from @Dev Odedra at The Laundry News:

• https://thelaundrynews.com/round-up-danske-bank-settles-aml-failings-with-doj-sec-and-the-danish-special-crime-unit-scu/

Danske Bank couldn’t move all that money by itself – it reportedly had help

While not mentioned extensively in the penalty documents, Danske Bank funds reportedly touched several large U.S. and European financial institutions.

Some household name banks tied to the scandal include J.P. Morgan, Bank of America and Deutsche Bank AG, which allegedly “all made dollar transfers on behalf of the Estonian branch’s non-resident customers,” according to a 2018 article in Forbes.

Citigroup’s Moscow branch may have been involved in some financial transfers in and out of Danske Bank Estonia, according to the Wall Street Journal.

Also on Thursday, the same day as the Danske settlement, Russian financial services group Uralsib Bank announced it had wrapped up the acquisition of the retail loan portfolio from Citigroup, for an undisclosed amount, according to published reports.

After months of trying to find a buyer for its Russian operations, Citi announced in August it was winding down its retail and commercial operations in the region, following dozens of financial services firms, corporates and businesses across the board jettisoning Russia after its invasion of Ukraine.

The acquired assets include “consumer loans with collateral. From the date of acquisition, Uralsib Bank will be servicing the portfolio,” the bank said in a statement, according to Retail Banker International.  

Other banks linked to Danske and the Russian funds flows, including Swedbank, SEB and others have paid nearly half a billion dollars in AML penalties.

In a rarity for the fincrime compliance field, these institutions have also seen top executives and board members sacrificed at the altar of progress – the dreaded specter of individual liability – in a show of force and fealty to please regulators and pledge obeisance to investigators.

In November, the former CEO of Danske Bank, Thomas Borgen, was acquitted in a civil suit relating to the money laundering at the bank's now-defunct Estonian branch, according to published reports.

In the suit, a court in Denmark ruled that Borgen, who was CEO 2013-2018, was unaware of the money laundering activities, reported to have some €230 billion in potentially illicit cash-flows, Bloomberg reported.

Danske shareholders were seeking more than $325 million, claiming Borgen bore responsibility for the management of the Tallinn branch, which closed in late 2019, a claim which the court overruled.

The civil case closure followed a criminal case last year, in which Borgen was also cleared, according to Bloomberg.

The court found that only the bank itself can file civil claims, not its individual shareholders, in the case of charges of irresponsible management.

Will more executives tied to Nordic, Baltic banking scandals face judgement day?

Tributary banks linked to Danske and the regional Nordic and Baltic banking scandals have already been subjected to record penalties and executive bloodletting – potentially even prison.

Swedbank’s former CEO went on trial in Stockholm in October in a “high-profile white-collar crime case involving massive money laundering in its Baltic branches,” according to the Organized Crime and Corruption Reporting Project (OCCRP).

Birgitte Bonnesen allegedly knew about the problem but tried to downplay it and hide it, causing the bank’s share to plunge when media reports later revealed the true extent of the operation’s fincrime compliance failings and exposure to Danske Bank.

“Birgitte Bonnesen, in her capacity as CEO of Swedbank, intentionally or out of gross neglect misled the public and the bank’s stakeholders about its work to prevent money-laundering in its operations in Estonia,” chief prosecutor Thomas Langrot told the Stockholm District Court in his opening remarks.

After a report from a law firm in 2018 showed that competitor Danske Bank had failed massively to prevent money-laundering in the Baltic states, Bonnesen was frequently asked if Swedbank had had the same problems in the region, where it was the market leader, according to the OCCRP.

Bonnesen repeatedly ensured reporters and analysts in late 2018 and early 2019 that it did not, thereby being dishonest to shareholders and the public about the bank’s AML compliance and suspected money laundering reporting shortcomings, Langrot explained.

When Swedish Television (SVT) later in February 2019 presented a leak exposing suspicious money-laundering in the billions through the bank’s customer’s accounts – blatantly contradicting the CEO’s version – the Swedbank share plummeted on the stock exchange.

Some clients were Russian oligarchs, and some money flowing through the bank could be traced to companies allegedly tied to the so-called Magnitsky fraud in Russia.

The bank’s so-called high-risk clients funneled more than $40 billion through its Baltic operations between 2014 and 2019, an investigation from law firm Clifford Chance, commissioned by the new Swedbank board, concluded in 2020.

In 2020, Swedbank then received a record US$400-million administrative fine from Finansinspektionen, Sweden’s financial supervisory authority, due to ”major deficiencies in its work to combat money laundering in its Baltic operations,” noted reporters.

The main criminal charge in the trial against Bonnesen is aggravated fraud, carrying a maximum penalty of six years in prison.

In June 2020, authorities fined SEB 1 billion Swedish crowns, or nearly $100 million, for failures in AML compliance and governance in the Baltics.

At the supranational level, the Danske scandal has caused European Union financial oversight bodies and regulators, at the country and bloc level, to engage in a game of naming, blaming and shaming.

Through the political, enforcement and regulatory communities, accusations and recriminations swirled at all levels on how and why the Danske Bank scandal could occur in the first place and fester for so long under the noses of examiners.

In 2019 and into 2020, the EU pushed more forcefully to create a dedicated pan-bloc AML oversight and enforcement body that would put regional regulators in the hot seat and better attempt to see fincrime vulnerabilities happening across multiple member states.

Such a stratagem would address the tactics of large, sophisticated organized criminal groups, corrupt oligarchs and terror networks.

These illicit cabals purposefully spread transaction trails through the real and virtual worlds and across multiple banks, jurisdictions and payment types, like prepaid cards and money remitters, to make seeing their full financial mosaic as difficult as possible.

Monroe’s Musings: Some key AML takeaways from the Danske Bank action

The Danske Bank laundering couldn't have swirled around the world without regional and U.S. correspondents. If you want to be part of the conversation and add in some of your own insights and takeaways, please click here.

Now, I get it. A U.S. bank is not responsible for knowing the customers of its customer. The classic KYC to KYCC conundrum.

Similarly, it is not always easy to see when a foreign correspondent has nested accounts tied to a Danske Bank.

But what the U.S. correspondent is responsible for is asking questions like: where is all of this money coming from and does it make sense for a correspondent in this region of the world.

They are responsible for asking things like:

• Hey, correspondent, what is your AML program like?
• What is your risk assessment methodology?
• Who are your correspondents?
• What regions of the world do you serve?

And if that correspondent responds, “all of this money isn’t coming from me, go further down the line,” then the U.S. bank needs to go down the rabbit hole and find out the origin point of the funds and if they are tied to a risky region of the world, in this case Russia.

Now if the U.S. bank did not do those things, or finds out that the funds are from well-known high risk regions of the world – such as those tied to corruption, drug trafficking, money laundering or terrorist financing – and didn’t up their risk controls or engage in some correspondent pruning, or de-risking, that is when regulators and investigators are going to get involved and won't be happy.