Danske Bank, the largest bank in Denmark, agreed to plead guilty to fraud and paid $2 billion to settle long-standing anti-money laundering and fraud violations stemming from its banking operations in Estonia.  Danske Bank plead guilty to one count of bank fraud conspiracy.

The notorious Danske Bank case in Estonia has been the subject of regulators in Denmark, the European Union and non-governmental watchdogs because of rampant circumvention of AML and sanctions restrictions by Russian and other high-risk customers.  Despite these clear violations, is has taken years for prosecutors and regulators to catch up, complete investigations and resolve cases against Danske Bank.

The Justice Department will credit nearly $850 million in payments that Danske Bank makes to resolve related parallel investigations by other domestic and foreign governments. The SEC resolved its case with Danske Bank for $413 million in penalties.  Danske Bank agreed to implement an enhanced compliance program and AML controls.

The factual statement accompanying the settlement paperwork paints a damning picture of Danske Bank’s culture, its commitment to compliance with the law, and a high-level reluctance to address known illegal conduct and AML failures.  Danske Bank’s failure to act in response to obvious concerns was the product of a culture more committed to making money than to compliance with the law.

Between 2007 to 2016, Danske Bank provided banking services through its Estonia branch to a lucrative line of customers serving non-resident customers.  Danske Bank Estonia actively implemented strategies to ensure that customers could transfer large amounts of money through Danske Bank Estonia with little to no oversight.  Danske Bank executives and employees provided these high-risk customers with strategies to shield the true nature of their transactions, including by using shell companies that obscured actual ownership. In sum, Danske Bank processed $160 billion through U.S. banks on behalf of their customers.

In applying its Corporate Enforcement Policy, DOJ cited the following factors:

• The nature, seriousness and pervasiveness of the conduct;
• The bank’s failure to voluntarily disclose the matter to DOJ;
• The bank’s commitment to enhance its compliance program;
• The bank’s resolution with other domestic and foreign authorities, including the engagement of an independent expert as required by Danish authorities;
• The bank’s continued cooperation with DOJ’s ongoing investigation.
• Danske Bank’s full cooperation and remediation.

By February 2014, Danske Bank knew that a large number of its customers were engaged in highly suspicious and potential criminal transactions through U.S. banks.  Danske Bank also knew that its Estonia AML program did not meet Dansk Bank’s standards and were insufficient to meet the Estonia bank’s risk profile.

The Justice Department characterized the prosecution as a fraud on United States banks for the benefit of Danske’s high-risk customers who resided outside of Estonia, including in Russia.  In responding to U.S. bank inquiries concerning its AML compliance, Danske Bank officials lied about the state of Estonia’s AML compliance program, transaction monitoring capabilities and information regarding its customers and their risk profile.

The money laundering operation began back in 2007 when Danske Bank acquired Finland-based Sampo Bank, which had extensive business in Estonia serving high-risk non-resident customers.  As time went on, this line of business in Estonia generated more than half of Danske Bank’s revenues in Estonia.

As far back as 2010, Danske Bank staff admitted to the Danske Bank board that compliance controls were not in place in Estonia to monitor compliance risks. Estonia branch employees colluded with customers to hide the true nature of their transactions and helped them to set up accounts tied to shell companies.  U.S. financial institutions became concerned by 2013 and started to  raise concerns about Dansk Bank’s weak AML and KYC controls.