News & Press: ACFCS News

Daily Briefing: EU reviews Deutsche, SocGen on past AML gaps, healthcare cyber breach, and more

Sunday, June 9, 2019   (0 Comments)
Posted by: Brian Monroe
Share |

By Brian Monroe
June 9, 2019

Quote of the Day: “The more that you read, the more things you will know. The more that you learn, the more places you'll go.” – Dr. Seuss

In today’s ACFCS Fincrime Briefing, EU authorities review past AML failings at Deutsche Bank, SocGen, in wake of massive laundering scandals, healthcare diagnostics firms breached, bleed 20 million records, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

Money laundering  

EU reviews Deutsche Bank, SocGen in screening of past money-laundering cases after Baltic, Nordic scandals rock bloc

The European Commission is reviewing past money-laundering cases at EU banks to assess what went wrong and decide possible tweaks to rules, an EU official said, citing Deutsche Bank and Societe General as among the screened lenders.

The review is part of a broader plan to improve the European Union’s approach to combating money laundering after a string of the bloc’s banks across Denmark, Estonia, Latvia, Luxembourg, Malta, the Netherlands and Cyprus were embroiled in scandals.

Under the plan, the European Commission is assessing cases between 2012 and 2018 with the aim of producing a report this summer that identifies the factors that contributed to the banks’ failure in preventing financial crime.

While it is normal for the EU to examine industrial practices before deciding possible rule changes, the assessment of money-laundering cases shows the scale of the problem and the questions facing regulators, given many of the cases erupted after a series of legislative reforms.

Missions to EU states are under way, the official said, without clarifying whether reviews are conducted at the banks themselves or only with their national supervisors. The Commission declined to comment on this point.

The review is meant “to better inform possible additional actions” by the EU in strengthening its anti-money laundering tools, according to the plan published last year.

An EU official told Reuters that the review includes cases of lenders that have collapsed after money-laundering allegations, like Latvia’s ABLV and Malta’s Pilatus.

The official said it also includes banks that have been at the center of large scandals such as Danske Bank, Denmark’s biggest bank, which has admitted to having handled through its Estonian branch 200 billion euros ($225 billion) of suspicious transactions between 2007 and 2015, (via Reuters).

Monroe’s Musings:

Similar to the story below, the EU is not just going after countries tied to historic banking scandals – they are aggressively investigating the banks involved to see what the institutions did wrong, follow tendrils to other banks that could have similar failings and further grill member state regulators to see what they missed.

If authorities find that these institutions had truly lax AML compliance programs or, worse, actively helped the laundering scandals with a cabal of corrupt insiders, look for enforcement actions and penalties the likes the bloc has never seen – and a related culling of regulatory bodies and examiners that missed the mark.


EU chastises six countries for lax financial crime compliance, regulatory oversight, complex investigations

The European Commission Wednesday harshly criticized the financial crime compliance practices, regulatory oversight and enforcement ethos of six member states, publicly exhorting them to strengthen initiatives across the board to address massive banking scandals rocking the bloc and better secure virtual vaults against crypto criminals.

The requests focus on the anti-money laundering (AML) failings and needed improvements in Bulgaria, Denmark, Estonia, Latvia, Malta and Sweden as part of the commission’s Country Specific Recommendations – missives typically focused on economic guidance, but more recently has morphed to include AML and related financial crime challenges.

“Failure to address shortcomings in AML enforcement can seriously undermine confidence in the European banking sector,” EU Commission Vice-President Valdis Dombrovskis said in a statement. “This is why it is a European problem and we much work on it as such.”

The proposals occur as Europe wrestles with its largest-ever money laundering scandal.

Danish authorities last month charged a former top official at scandal-plagued Danske Bank, who also held a high position at Denmark’s financial regulator, related to the institution’s sprawling money laundering debacle.

Economic prosecutors have charged Henrik Ramlau-Hansen, a former Danske Bank finance director, who chaired Denmark’s Financial Supervisory Authority between 2016 and 2018, with crimes tied to the bank’s estimated $230 billion money laundering scandal.

He resigned in 2018 at the same time a scathing Danske report from the regulator was issued. He has recused himself from the investigation. He’s been working as an assistant professor at Copenhagen Business School, reported The Financial Times.

People familiar with the investigation told The Financial Times the former regulator was charged for not preventing transactions at Danske Bank when he was finance director from 2011 to 2015. 

Danske’s former chief executive Thomas Borgen had his home raided as well. People familiar with the investigation told The Financial Times that other executives at Danske have been charged due to money laundering scandals.

The scandal has also led to legislative proposals that has caused member state regulators to vociferously disagree with stronger oversight from a central EU AML body, even as some member states call for such an oversight vehicle.

Here are some of the snapshots of the AML issues cited from the country-specific reports, including:


Bulgaria has adopted legislative amendments in 2018 and is working towards a fully conform transposition of the Directive 2015/849 (Fourth Anti-Money Laundering Directive).

Attention should be paid to the effective implementation of these measures. The authorities have still not finalised and notified the National Risk Assessment, which is a cornerstone to devising adequate national policies to combat money laundering and terrorist financing.

Moreover, recent developments in the banking sector suggest that there is need to enhance the national supervision of international financial transactions and to ensure the effective enforcement of the anti-money laundering framework.

The risk of corruption needs to be better addressed, as it is a predicate offence to money laundering. The Bulgarian authorities will need to show concrete results and build a track record evidenced by final decisions in high level corruption cases. The use of financial investigation and financial profiling is limited.

Recommendation: Ensure the stability of the banking sector by reinforcing supervision, promoting adequate valuation of assets, including bank collateral and promoting a functioning secondary market for non-performing loans. Ensure effective supervision and the enforcement of the Anti-Money Laundering framework.


Preventing money laundering and terrorism financing has become a priority for Denmark against the background of a large money-laundering scandal involving the largest financial institution in Denmark.

The Danish Parliament has reached political agreements to strengthen the supervision and on a new anti-money laundering package, encompassing a strategy to combat money laundering and terror financing.

The strategy rests on eight pillars, which include strengthening cooperation between supervisors, the financial intelligence unit and other relevant stakeholders.

However, challenges remain and the financial supervisor still needs to adopt additional measures and guidelines on how to strengthen supervision in these areas. Attention should be paid to the effective implementation of these measures, once adopted.

Recommendation: Ensure effective supervision and the enforcement of the anti-money laundering framework.


Preventing money laundering has become a priority for Estonia against the background of large money-laundering scandals.

Estonia has strengthened its anti-money laundering framework and the proportion of non-resident deposits in the Estonian banking sector has significantly decreased. However, challenges remain.

While the Estonian government introduced additional measures and guidelines on how to further strengthen the prevention in this area, a legislative initiative aiming at increasing the capacities of the anti-money laundering supervision has not yet been adopted by the Estonian Parliament. Attention should be paid to the effective implementation of these measures, once adopted.

Recommendation: Ensure effective supervision and the enforcement of the anti-money laundering framework.


Following the closure of its third largest bank due to allegations of money laundering, Latvia tightened the regulation concerning non-resident clients.

As a result, nonresident deposits, which are the main source of money laundering risk in Latvia, have significantly decreased since May 2018, but challenges regarding fighting money laundering remain.

Moreover, Latvia has come up with a detailed action plan for improving its anti-money laundering/counter terrorist financing strategy.

The main priorities listed in the action plan include enhancing risk-based supervision, ensuring the required human resources for the supervisory authorities, and ensuring effective information exchange and collaboration among the investigative authorities and with the private sector.

Attention should be paid to the effective implementation of these measures, once adopted. Finally, law enforcement and judicial authorities’ capacity also need to be increased.

Recommendation: Ensure effective supervision and the enforcement of the anti-money laundering framework.


At the same time, the increasing reliance on sectors that are considered vulnerable to financial integrity risks creates challenges to the governance framework, putting pressure on the supervisory and enforcement capacity.

In particular, the size of the financial and the gaming sector, the efforts to attract crypto-currency operators require an effective anti-money laundering enforcement. The recent increase in the human and budgetary resources of the Financial Intelligence Analysis Unit as well as the enhancement of its procedures and processes are positive steps.

Governance shortcomings, particularly in the fight against corruption, may also adversely affect the business environment and weigh negatively on investment.

In particular, there is a risk of conflict of interest at various levels of government. Furthermore, the police’s Economic Crimes Unit is currently understaffed. In this context, it is important to couple a strengthened legislative framework with timely and thorough implementation.

Improving the governance framework and ensuring an effective implementation is a key element to preserve Malta’s attractiveness and protect the economy from reputational risks.

Recommendation: Address features of the tax system that may facilitate aggressive tax planning by individuals and multinationals, in particular by means of outbound payments. Strengthen the overall governance framework, including by continuing efforts to detect and prosecute corruption.

Continue the ongoing progress made on strengthening the anti-money laundering framework, notably regarding enforcements. Strengthen the independence of the judiciary, in particular the safeguards for judicial appointments and dismissals, and establish a separate prosecution service.


Preventing money laundering has become a priority for Sweden against the background of an evolving money laundering scandal related to one of the largest financial institutions in the country.

The Swedish and Estonian financial supervisors have started a joint investigation, together with their Latvian and Lithuanian counterparts.

While Sweden’s anti-money laundering framework has been strengthened in 2017, when the money laundering act entered into force, continued work to identify and correct any remaining deficiencies of the framework remain important.

Challenges remain and the supervisor still needs to adopt additional measures and guidelines on how to strengthen supervision in this area. Attention should be paid to the effective implementation of these measures, once adopted.

Recommendations: Ensure effective supervision and the enforcement of the anti-money laundering framework, (via the EU Commission).

Monroe’s Musings:

The EU has been making strides in strengthen AML compliance and oversight at the bloc level, even before formal changes in regulations have taken place. This latest move further reinforces that critical to a country regaining its economic footing is tackling and bolstering its financial crime failings.

This is not totally new, but is a relatively recent twist. In several country bailouts in the EU, authorities grafted requirements to improve rules and regulations around countering money laundering, corruption and other crimes. As pressure mounts on the EU, look for this public shaming of recalcitrant member states to continue.


Nearly 20 million patient records stolen in breach from Quest Diagnostics and LabCorp

A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them.

The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Just days later, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach.

The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British AirwaysTicketmaster and Newegg late last year.

According to Quest Diagnostics' SEC filing, AMCA's payment system was compromised on August 1, 2018 and remained vulnerable through March 30.

Exposed information includes patient names, dates of birth, addresses, phone numbers, dates of service, providers and balance information. LabCorp disclosed that about 200,000 people also had their credit card or bank account information stolen. Medical data and laboratory test results were not exposed, (via Engadget).

Monroe’s Musings:

With so many data breaches, it’s vital that banks weave these details into their customer risk assessments and transaction monitoring systems.

Anyone whose names appear as clients and as part of the data breach could be at a higher risk to be defrauded, either through credit card scams, stolen debit details and even synthetic identities with scammers attempting to take out loans in the names of data breach victims.

Terror lawsuits

BNP Paribas to face revived lawsuit over Sudanese genocide: U.S. appeals court

A U.S. appeals court on Wednesday revived a lawsuit against BNP Paribas SA by alleged victims of a genocidal regime in Sudan, who sought to hold the French bank liable for aiding in the government’s atrocities.

The 3-0 decision by the 2nd U.S. Circuit Court of Appeals in Manhattan came nearly five years after BNP Paribas agreed to plead guilty and pay an $8.97 billion penalty to settle U.S. charges it transferred billions of dollars for Sudanese, Iranian and Cuban entities subject to economic sanctions.

Circuit Judge Barrington Parker said claims against BNP Paribas based on genocide in Sudan were subject to U.S. judicial review, and a lower court judge erred in concluding otherwise.

Twenty-one refugees now living in the United States filed the proposed class action against BNP Paribas in 2016, over its role as the Sudan regime’s main bank from 1997 to 2007.

They said BNP Paribas’ processing of thousands of illegal transactions through its New York offices furthered the regime’s campaign of murder, mass rape, torture and deliberate HIV infection against its own people.

BNP Paribas’ June 2014 guilty plea was the first by a global bank to large-scale, systematic violations of U.S. economic sanctions, the Department of Justice said at the time, (via Reuters). To read the full opinion, click here.

Monroe’s Musings:

It will be interesting to see how judges rule in this case as it has direct import on bank AML compliance and sanctions programs – and the potential civil lawsuits that egregious failures can produce in their wake.

Over the last decade, when banks have paid hefty AML and sanctions penalties, they opened themselves up to many avenues of civil lawsuits, including actions from jaded investors angry about lost shareholder value, in cases of fraud, actions from individuals defrauded in Ponzi schemes and even terror lawsuits if a bank moved funds for a sanctioned regime or entity.

In some cases, banks have settled the lawsuits, and paid further penalties, while in others, they have been stuck in legal limbo. Only time will tell how the case plays out. On its side is that BNP has radically retooled its financial crime compliance department, adding new talent, systems and processes. 

©2018 Association of Certified Financial Crime Specialists
All Rights Reserved