It is hard to deny that compliance has a reputation for being a little on the dull side. Regulations, forms, processes, and GDPR are enough to make even the most pernickety person fall asleep. Occasionally, however, particularly when it all goes horribly wrong, the wreckage of a broken compliance regime can provide some rather dark humour.
The consequences of the massive money laundering scandals at Danske Bank’s Estonia branch and the Dutch behemoth ING are proof, if it were needed, of the bizarre goings-on just under the surface of any compliance regime.
Professionals would be wise to take note of the following – a nine-figure fine for your bank is bad enough without adding any of the howlers below into the final report.
Danske Bank and the case of the missing head of AML
One of the more startling findings to come out of the Danish Financial Supervisory Authority’s (DFSA) report into the disastrous AML failures at the Estonian branch of Danske Bank was that, as the report puts it, “From the end of 2012 to November 2013, Danske Bank did not have a person responsible for AML activities as required by the Danish Anti-Money Laundering Act.”
Worse than that, the DFSA was not even informed of this state of affairs until early 2018, by which time Danske was deeply embroiled in the so-called ‘Russian Laundromat’ affair.
In fairness to Danske, the report states that in practice the head of Group Compliance and AML took responsibility for Danske’s AML. However, such a person would undoubtedly have had a very full in-tray for the other Group companies. It should not be surprising that due care was clearly not exercised over the Estonian branch in these circumstances.
The consequences to Danske are clear; the consequences in geopolitical terms, given that the scandal involved 200 billion euros ($234 billion) flowing through its systems, are much harder to reckon.
Needles and haystacks
A shame-faced Ralph Hamers, the chief executive of ING, told reporters this month the bank had made “unacceptable mistakes” in its AML oversight. The scale of those mistakes should be obvious to observers: ING settled the case brought against it by Dutch prosecutors for failing to spot money-laundering to the tune of almost a billion US dollars.
The worst thing is, however, that this was by no means unprecedented. Just a few short years ago, in 2012, ING paid a penalty of a breath taking $619m for facilitating payments through the US banking system on behalf of Cuban and Iranian clients – who were, of course, under heavy sanction at the time.
Another ING client, the Uzbek telecoms company VEON, settled US and Dutch bribery charges for $835m in 2016. ING accounts were again implicated in the case. A track record like this shows that even after a series of investigations around the world, it would be unwise to assume that a bank is ‘clean’.
Margreet Frohberg, the lead prosecutor in the Dutch case this year, told Reuters “ING bank accounts cropped up repeatedly” in multiple separate criminal investigations.
It is hard not to imagine a tone of substantial exasperation. While the chief executive argues that ING’s processes have improved since the catastrophic failures, previous failures do not make for optimistic reading. To lose one billion in fines to an AML investigation could be regarded as a misfortune; to lose two looks like carelessness.
Dirty laundry
ING’s failures were in spite of the presence of transactions which looked, on their face, quite ludicrous. Certainly the best example, as Reuters reported at the start of September, was the tidy sum of $150m being channelled through a purported “women’s underwear trader”.
“It should have been clear to the bank,” concluded the prosecutor in a tersely worded statement on its website, “that the monetary flows had little to do with the lingerie trade and were therefore unusual.
Less lurid but still alarming in its reveal of shoddy due diligence was a supposed one-man business in building materials in Suriname, which used mobile ATMs as a cover for money-laundering, processing a total of €9m with ING despite purchasing no building materials at all.
A fruit-and-vegetable trader which was probably nothing of the sort was yet another example.
In all this, argued the Dutch prosecutors, “ING NL should and could have also recognised that the funds that were held in ING’s accounts in these cases probably originated from crime. It failed to do so, and even when ING NL did recognise the fact, it failed to respond adequately.”
Even the most obvious cases failed to sound the alarm bells at ING, a fact that is all the more startling for how ramshackle the scams in question were.
The facts put one rather more in mind of the BBC sitcom Only Fools and Horses than The Sopranos, yet ING saw nothing. Little can be taken for granted, it seems.
Shut up and multiply
To return to Danske, it is worth noting that its troubles were not laid out from the very beginning of the DFSA investigation into its activities. The detailed report in the Financial Times makes the position very clear. At the outset, the amount of suspicious transactions processed through Danske’s Estonia branch was estimated to have been $3.9bn.
Claims in July that the figure could be about double that prompted Danske to admit that the final amount would be “somewhat larger” than the $3.9bn.
Talk about understatement.
Although not all of these transactions will in fact have been suspicious, foreign – mostly Russian and ex-Soviet – money took up an ever greater proportion of Danske’s activity. It appears Danske was simply not careful enough in overseeing transactions from high-risk jurisdictions such as Russia, and had improperly assumed that its old AML procedures were sufficient for handling these transactions.
In unstable situations, such as natural disasters, the public is warned not to trust initial reports. It could be that a similar principle would serve financial professionals well in cases such as Danske’s. If this precedent is anything to go by, multiplying the initial figure by ten should give a useful upper bound on the potential volume of money at issue in an investigation.
Looking ahead
Over the next few years, as more and more European prosecutors cast curious eyes over Russian and ex-Soviet money as the consequences of new sanctions ripple through AML/CTF, there will likely be more stories like ING and Danske.
Certainly some of the facts will be less stark, but what can be gleaned from their failures is that there is often much more going on than is initially obvious – and even the biggest names in European finance could be vulnerable to a hefty fine and severe reputational damage.
All of this was avoidable – if only they had been a bit more suspicious of Russian clients and supposed lingerie dealers. It should not be too much to hope that other banks learn from this ugly spectacle.
Richard Nicholl @rtrnicholl is a Master’s student at the University of St Andrews, specialising in legal history. He also works as a freelance journalist and legal researcher.
Knowledge Hub
Drawing on deep subject matter expertise and our many customer and partner relationships globally we deliver valuable insights through weekly KYC newsletters, white papers, podcasts and events.
Explore the Knowledge HubKYC360 Annual Forum: Key Takeaways
How to Prepare for Australia's New AML/CTF Regulations