Danske Bank: “If we’re going down, you’re coming with us.”
First Post in a Two-Post Series
On March 19, 2020, Swedbank received the first of what will likely be multiple sanctions regarding alleged deficiencies in its Anti-Money Laundering (“AML”) processes and mishandling of information exchanges with public investigations. At the conclusion of parallel investigations by Swedish and Estonian authorities, Swedbank AB must now pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with the applicable requirements. These penalties are all prelude to the ongoing investigations by the Latvian Police Department, European Central Bank, Swedish Economic Crime Authority, several United States authorities and, presumably, the inevitable private securities litigation to come.
In this post, we will discuss the various public AML-related investigations and enforcement actions plaguing Swedbank. In our next post, we will discuss the details and implications of the report of internal investigation regarding these problems performed by an outside law firm at the request of Swedbank, which has made the report publicly available. The bigger picture: the saga of Swedbank is just part of the larger and seemingly non-stop AML debacle centered around Danske Bank and its now-notorious Estonian Branch.
Swedbank has Dankse Bank (“Dankse”) to thank for the current onslaught of investigations. As we blogged about here, here, and here, the Danske money laundering scandal is the largest AML scandal in history, and it is the reason that Swedbank is under such intense scrutiny. Danske initiated an internal investigation into allegations of money laundering perpetrated in its Estonian branch. The investigation report, issued in September 2018, exceeded even the wildest of predictions. The report found that Danske’s Estonian branch allegedly had processed $234 billion in suspicious transactions by thousands of non-resident customers between 2007 and 2015. The report determined that the Estonian branch’s AML procedures were insufficient, to say the least, and resulted in multiple breaches of AML requirements. The report detailed “red flags” that should have put parent company Danske Bank Group on notice of the deficiencies. Although the report did not hold any of Danske Bank Group’s Board, Chairman, Audit Committee, or CEO accountable for the conduct, CEO Thomas Borgan resigned the same day the report was released.
At the core of the suspicious transactions were non-resident customers, including those in the Non-Resident Portfolio, “a pool of non-resident customers managed within the Estonian branch by a designated group of employees.” These customers, who were both private persons and corporate entities, accounted for only 2.4% of the total customers of the Estonian branch, yet produced a significant portion of deposits made in the entire Danske Baltic bank branches. These customers exhibited certain risk factors the report noted that adequate AML procedures would have flagged.
While the results astounded the financial sector, testimony by whistleblower U.K. citizen Howard Wilkinson spurred various financial enforcement agencies to action. Danske was subject to criminal investigations in Estonia, Denmark, France, the United Kingdom, and of course, by the United States Department of Justice (“DOJ”) and Securities Exchange Commission (“SEC”), as well as private securities litigation in the United States District Court for the Southern District of New York and in Copenhagen City Court in Denmark.
Swedbank’s Turn in the Hot Seat
Swedbank, based in Stockholm, Sweden, just happened to be the largest bank operating in Estonia. On February 21, 2019, a Swedish public television station reported that Swedbank allegedly allowed suspicious transactions to pass through its own Baltic branches from Danske’s Estonian branch. Coincidence? Authorities thought not. The financial supervisory authorities of Sweden, Estonia and Denmark soon announced they were opening investigations into Swedbank. Ironically, during an early 2019 telephone conference, Swedbank’s former CEO, Birgitte Bonnesen, stated that Swedbank was comfortable with its money laundering safeguards. Birgitte Bonnesen has since been fired.
On March 19, Swedish and Estonian authorities released their findings and issued their penalties. The Swedish Finansinspektionen found that Swedbank AB has significant deficiencies in its management of money laundering in its Baltic operations. Perhaps the most damning finding was that Swedbank AB had been aware of illicit activities in the Baltics, and had received several internal and external reports warning about the money laundering deficiencies. Despite the alarm bells, the authorities concluded that Swedbank AB nonetheless failed to take proper action.
The buck did not stop there. When looking into Swedish operations, the authorities also found significant issues with the bank’s risk classification of customers and its transaction monitoring, and that the bank had not lived up to AML requirements.
In Estonia, the authorities concluded that Swedbank AS had severe deficiencies in its AML risk control systems and was out of compliance with AML requirements. Kilvar Kessler, Chairman of the Estonian Finantsinspektsioon, stated: “The banking group made choices that allowed it to service higher risk clients without proper anti-money laundering systems and controls and without knowing to the fullest extent the money laundering risks posed from servicing these clients.” Estonian authorities are still pursuing a criminal investigation to determine whether money laundering or other criminal acts occurred.
To ice the proverbial cake, both the Swedish and Estonian authorities also found several instances of the bank withholding information that would reveal the gravity of the AML deficiencies and the situation at large.
Swedbank AB was issued a warning and an unprecedented administrative fine of 4 billion Swedish krona ($38 million USD). Swedbank AS was ordered to take comprehensive measures to: 1) understand and mitigate AML risks, 2) amend its organizational framework to effectively manage those risks, and 3) change internal practices to understand and review high risk clients and suspicious transactions.
Swedbank is still under investigation by other domestic and international authorities. Swedbank’s internal investigation recently uncovered facts that indicate it potentially had violated United States regulations through 586 transactions totaling $4.8 million. Needless to say, and as we will discuss in our next post, these results do not bode well for potential penalties to come.