Banks, Estonia, EU – Baltic States, Financial Services

"In the summary of the report in English several claims and opinions are presented which the FI does not agree with, on the basis of both legal and factual circumstances," the FI said on Thursday.

Where the DFSA says in its report that in the Danske case they met all the obligations in the field of anti-money laundering and their role only lay in combining the information received from the FI with overall supervision over Danske Bank, according to the FI the investigation of the level of Danske should have raised suspicions in the DFSA.

It deserves to the pointed out, according to the FI, that income from the non-resident business of the branch was not proportional to the size of that business line within the bank, and should have raised additional red flags in Danske Bank. The FI believes that bank governance should be designed, built and run as a single whole that covers all the parts of a bank and all its risk, including control and governance arrangements for anti-money laundering (AML) and for combating the financing of terrorism (CFT). 

The Estonian agency said that EU banking directives, regulations and guidance set minimum harmonized standards for bank governance. This law very clearly imposes on the home member state a duty to supervise bank governance, including the governance of bank branches, as these are not separate legal entities with independent liability towards their creditors.

"The DFSA argues in the summary report that the FI is responsible for the AML supervision of the Estonian branch. This is a simplified view of the legal circumstances. FI has repeatedly explained that AMLD3, a piece of EU legislation harmonizing anti-money laundering in the EU prior to June 2015, did not have any provisions on the division of responsibilities when cross-border banking is provided and freedom of establishment is exercised," the FI said.

"As discussed, combating money laundering and terrorist financing by a bank is generally a matter of building effective controls, which is purely an issue of the bank’s governance. It is the current opinion of FI that it is rather artificial and unrealistic to make a sharp distinction between internal governance, which deals with ML and TF risks, and the rest of the bank internal governance. In practice, the internal governance of a bank is a holistic system. A majority of the responsible authorities in EU countries handle the AML risk control organisation of outgoing branches of a bank as a whole is under their supervision as the home authority," it said.

"Obviously it is a problem for any bank when the home country authority requires a certain set-up of governance, but the host country authority demands that the bank act in a totally different way. The FI sees that European rules and authorities are designed to avoid this happening and to minimize the risk of such conflicts. AMLD4, which is in force from June 2015, rightly addressed issues of cross-border jurisdiction, allocating responsibilities between the home and host countries," the Estonian regulator said.

The FI said it is somewhat surprised that the DFSA firmly states "the host country supervisor, the FI, is responsible for the AML supervision of the Estonian branch."

"Firstly, it is not clear what period that statement is intended to cover and whether the DFSA is sufficiently qualified in Estonian law to make such a statement. Secondly, Estonia and the other member states decide how they implement the EU directives, including AMLD, by making one or more agencies responsible for all or certain responsibilities under the directives," it said.

The Estonian FSA also said Estonia has also allocated a number of institutions as supervisors under AMLD, and the Financial Intelligence Unit (FIU) of Estonia collects reports of suspicious transactions from obliged entities including incoming EU bank branches. The FIU has the right to request information from obliged entities, including bank branches, and to freeze assets held in them.

According to an internal report of the Danish FSA published on Thursday, the governing board of the Danish Financial Supervision Authority (FSA) is of the opinion that the Danish FSA has met its obligations as the competent authority responsible for Danske Bank and has acted in accordance with the division of responsibilities, and that anti-money laundering supervision should have been conducted by the FSA of Estonia. 

"It is the opinion of the governing board that, in the entire period 2007-2018, the Danish FSA has met its obligations as the competent authority responsible for Danske Bank and has acted in accordance with the division of responsibilities in the AML area between the Danish FSA and the Estonian Supervisory Authority (EFSA)," David Lando, chairman of the governing board of the Danish FSA, said.

As the host country supervisory authority, the Estonian supervisory authority (EFSA) has had and still has responsibility for the anti-money laundering (AML) supervision of the Estonian branch, according to the report.

"The division of responsibilities between the Danish FSA and the EFSA with regard to Danske Bank's branch in Estonia follows from the EU legislation. As the host country supervisor, the EFSA is responsible for the AML supervision of the Estonian branch. This follows from the AML directives, and this division of responsibilities was also followed in practice," the executive summary of the report says.

Danske Bank is under investigation by authorities in Denmark, Estonia, Britain and the United States over suspicious payments totaling 200 billion euros made through its Estonian branch between 2007 and 2015. The chief prosecutor's office of Estonia in December 2018 declared ten former employees of the Estonian branch of Danske suspects in relation to the investigation into alleged money laundering at Danske.