Banks, Estonia, EU – Baltic States, Financial Services, Legislation

"The bank has clearly failed to live up to its responsibility in this matter. This is disappointing and unacceptable and we offer our apologies to all of our stakeholders – not least our customers, investors, employees and society in general. We acknowledge that we have a task ahead of us in regaining their trust," Ole Andersen, chairman of the board of directors, said.

"There is no doubt that the problems related to the Estonian branch were much bigger than anticipated when we initiated the investigations. The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at the Group level were inadequate in relation to Estonia," Andersen added.

The investigation ordered from the independent law firm Bruun & Hjejle identified  a total of around 10,000 customers as belonging to the non-resident portfolio at the bank's Estonian branch. To ensure that all relevant aspects are covered the investigation covered a total of around 15,000 customers with non-resident characteristics, that is, a further 5,000 customers, the bank said.

Some 12,000 documents and more than 8 mln emails were searched, and more than 70 interviews were conducted with current and former employees and managers, including members of the executive board and members of the board of directors. Overall, approximately 70 people worked full time on the investigations.  

"We have kept relevant authorities updated, are sharing and will continue to share all relevant findings with them. After today, we will continue to send reports to the authorities as we complete the remaining parts of the investigations. Although parts of the investigation have not yet been completed, we now have enough insight to present the findings and take the necessary consequences," the bank said.

The investigation identified that around 10,000 customers carried out a total of around 7.5 mln payments, while the around 15,000 customers carried out a total of around 9.5 mln payments. For all of the customers covered by the investigation, that is, around 15,000 customers, the total flow of payments amounted to around 200 bn euros.

"At the present time, the investigation has analyzed a total of some 6,200 customers found to have hit the most risk indicators. Of these, the vast majority have been found to be suspicious. That a customer has been found to have suspicious characteristics does not mean that there is a basis for considering all payments in which the customer in question was involved to be suspicious. Overall, we expect a significant part of the payments to be suspicious," the bank said. Danske has also informed the authorities of nearly all 6,200 customers.

As the bank is not able to provide an accurate estimate of the amount of suspicious transactions made by non-resident customers in Estonia during the period, the board of directors has decided to donate the gross income from the customers in the period from 2007 to 2015, which is estimated at 1.5 bn Danish kroner or approximately 200 mln euros.

Carol Sergeant, vice chair of the board of directors and head of the risk committee, said at a press conference on Wednesday that the violations committed were serious and the impact of them will be hard to mitigate. Sergeant affirmed that all results of the report will be forwarded to the Estonian Financial Supervision Authority and authorities for further investigation. She said that the investigation has cost Danske Bank approximately 200 mln Danish kroner or nearly 27 mln euros.

The investigation determined that a series of major deficiencies in the bank's governance and control systems made it possible to use Danske Bank's branch in Estonia for suspicious transactions. Furthermore, only part of the suspicious customers and transactions were historically reported to the authorities as they should have been. "In general, the Estonian branch had insufficient focus on the risk of money-laundering, and branch management was more concerned with procedures than with identifying actual risk," the bank said. The Estonian control functions also did not have a satisfactory degree of independence from the Estonian organization. The branch also operated too independently from the rest of the group with its own culture and systems without adequate control and management focus from the group.

The Estonian branch of Danske was headed by Aivar Rehe from 2007 to 2015.

"For a long time, from when we acquired Sampo Bank in 2007 until we terminated the customer portfolio in 2015, we had a large number of non-resident customers in Estonia that we should have never had, and that they carried out large volumes of transactions that should have never happened," Danske said. The report said that there were signs of danger already then, which the bank did not acknowledge.

"In 2007, shortly after completing the acquisition of Sampo Bank, Danske Bank had a real opportunity to conclude that the non-resident portfolio involved suspicious activity not caught by anti-money laundering (AML) procedures at Sampo Pank in Estonia," the bank said. In 2007, the Estonian Financial Supervision Authority came out with a critical inspection report, and at the same time Danske Bank at group level received specific information from the Russian Central Bank, through the Danish financial regulator.

This information pointed to possible "tax and custom payments evasion" and "criminal activity in its pure form, including money-laundering", estimated at "billions of rubles monthly". However, Danske Bank missed this first real opportunity, the investigators found.

The next significant event was the decision not to migrate the Estonian branch to the group's IT platform. The Estonian branch and the Baltic banking activities formed only small parts of Danske Bank, which faced numerous challenges throughout the financial crisis, not least from 2008. That year, plans to migrate the Baltic banking activities onto the IT platform of Danske Bank Group were abandoned on grounds that it was considered too expensive and required too many resources.

In consequence, the Estonian branch did not employ AML procedures developed at group level, including customer systems and transaction and risk monitoring. At the same time, the group had only limited insight into the Estonian business activities.

Over the many active years that followed, the non-resident portfolio turned into a well-established business within Danske Bank, albeit particular to the Baltics and the Estonian branch. Most presentations on the Estonian branch included little or no information about the non-resident portfolio. This was also the case in connection with strategy discussions, irrespective of the importance of the non-resident portfolio to the Estonian branch in terms of profitability. The Estonian financial regulator had conducted a follow-up investigation in 2009, which resulted in a less critical report compared to 2007. This information was shared with the Danish financial regulator upon inquiries in 2012 and 2013.

A very large part of the profit of Danske's Estonian branch came from the non-resident portfolio, while the share only increased. For example, non-residents made up 49% of the profits before credit losses in 2007, while the number stood already at 69% in 2011 and 99% in 2013. Of the profits before tax, the non-resident portfolio made up 51% in 2007, 42% in 2011 and 76% in 2013.

Both investigators and Danske suspect that there may have been employees at the Estonian branch who aided the customers or cooperated with them. The report identified that 42 employees and agents have been deemed to have been involved in some suspicious activity. Further, eight former employees have been reported to the Estonian police by Danske Bank. Despite the SARs and police reports filed, it cannot be concluded with reasonable certainty to what extent criminal activity in the form of collusion has actually taken place.

There have been breaches at management level in several group functions. There were a number of more or less serious indications during the years, that were not identified or reacted on or escalated as could have been expected by the group. As a result, the group was slow to realize the problems and rectify the shortcomings. Although a number of initiatives were taken at the time, it is now clear that it was too little and too late.

Ole Spiermann, head of the Bruun & Hjejle law firm that compiled the report, said at the Wednesday press conference that the issue was acknowledge on the bank's level only in 2014 and the activity of a whistleblower was directly behind it. "But everything should have taken place sooner," he emphasized, adding that had there been proper procedures in place already in 2007, several non-resident customers would have received a negative response and the problem would not have been this big. He added that the whistleblower was the key figure.

Jorn Jensen, head of Danske's audit committee, said at the press conference that in recent years, the bank has made drastic changes to the regulations and systems concerning the hindering of money-laundering in order to raise independence. In addition, the bank has trained its employees and improved whistleblower systems so that in case rules are violated, it can be notified.