The Danish Public Prosecutor for Serious Economic and International Crime (SØIK) has charged Danske Bank ‘preliminarily’ with four counts of contravening the Danish Anti-Money Laundering Act in respect of its Estonian branch.

Count 1 states that between 1 February 2007 and the end of January 2016, the Scandinavian banking giant, with its headquarters in Copenhagen, ran a commercial banking business at its branch in Estonia without adequate written risk-related procedures and controls, extensive risk management, know-your-customer procedures, investigation, registration and reporting duties, storing of information and internal controls to deal with risks related to money laundering and terrorist finance.

The Danish prosecutor says that the branch’s compliance with guidelines was woeful. It did not instruct or train members of staff in the rules of the Danish Anti-Money Laundering Act (the imposition of Danish rules over less onerous Estonian rules, or ‘super equivalence,’ seems to be the Danish authorities’ aim here) or in the bank’s AML procedures for establishing business relationships with customers. At times, so they say, no person responsible for compliance was appointed at management level.

Count 1’s charges stem from s78(3) Act No. 651 of 8 June 2017 on Measures to Prevent Money Laundering and Financing of Terrorism, which was formerly s37(7) Danish Consolidation Act 2013. The other three charges also stem from s78(3).

Count 2 states that, during the same period, the parent bank was responsible for its Estonian branch establishing business relations with the branch’s non-resident customers but the bank did not know the customers well enough. There are five specific allegations here.

• The group failed to integrate the Estonian branch into its risk management and control systems, instead letting that branch operate with significantly different risk-taking habits. It allowed the Estonian branch, inter alia, to establish foreign exchange lines for non-resident customers on the basis of cash collateral without knowing enough about their financial circumstances.
• IT systems/human resources were not adequate for the job of processing business relations and perform monitoring transactions.
• The bank did not obtain enough information about the purpose and intended nature of the business relationship or information about the source of the funds.
• It did not obtain enough information about the ownership and control structure of business customers or proof of identity of the beneficial owners of business customers.
• It established relations with customers through intermediaries without identifying the underlying people or companies, and without registering or storing such information.

Count 3 states that the Copenhagen office shirked its responsibility for ensuring that the Estonian branch established procedures to determine whether its non-resident customers or the beneficial owners of its non-resident customers were politically exposed persons or PEPs.

Prosecutors accused the bank of failure to take adequate steps to determine the source of the funds or assets regarding customer relations or transactions. They say that the establishment (and possible continuation of) business relations relating to PEPs were not approved by the branch’s person responsible for compliance at management level. The branch should have subjected its relations with such customers to ‘extra due diligence’ or EDD (the phrase that the prosecutors use is ‘increased monitoring’) and in ending its business relationships with HNW customers it failed to assess whether they “posed an increased risk of money laundering and financing of terrorism.”

Count 4 attempts to saddle the Copenhagen office with blame for the Estonian branch not investigating the business and transactions of its non-resident customers regularly or adequately. It says that the branch should have investigated transactions processed by Danske Bank's systems in Denmark but did not, it should have registered or stored the results of such investigations but did not, and it should have reported ‘customer relations’ and a significant number of suspicious transactions executed for the branch’s non-resident customers to the Danish or the Estonian financial intelligence units but did not.

The document goes on to say that these customer relations and transactions have given rise to suspicions about links to money laundering or terrorist finance, presumably on the part of the Estonian authorities.

Another serious allegation surfaces in the convoluted count 4: between the end of 2013 and January 2016, the bank’s board of directors closed down the entire portfolio of non-resident customers without telling their minions to investigate the customer relations and transactions, without suspending transactions and without sending in reports to the financial intelligence unit, “although it must have been clear to Danske Bank A/S, at the latest in this period, that such investigations and reporting should be done.”

The prosecutors believe that the bank ought to have done this on the basis of a mass of information that it had received from, among others, its internal audit department, the external auditors at KPMG, supervisory reports from the Estonian supervisory authority, information about the termination by two recognised correspondent banks of their business relations with the branch in Estonia and information about money laundering at the branch from an internal tipster.