R.Babakin - Fotolia

Danske Bank invests in anti-money laundering systems following Estonian problems

Danske bank improves its anti money laundering software, utilising artificial intelligence and machine learning

The massive levels of illegal transaction activity uncovered at a Danske Bank subsidiary in Estonia forced the parent bank to overhaul its anti-money laundering (AML) detection and reporting systems.

The irregularities exposed at Danske Bank Estonia (DBE) are proving to be both a major cause of concern and embarrassment for Denmark’s leading financial service group.

Preliminary investigations run by state authorities in Denmark and Estonia suggest over €8bn may have been laundered through DBE during the period between 2007 and 2015.

Regulators are increasingly holding financial institutions responsible for the real-life consequences of AML failures, particularly when checks and controls fail to detect ML activities relating to terrorist groups, cartels and sanctioned states.

In the case of DBE, Danske Bank’s transaction-focused AML-detection apparatus proved sluggish in identifying account, money transfer divergence issues and anomalies at the Tallinn branch.

The upgrade and strengthening of Danske Bank’s core AML systems will include a greater use of unsupervised machine learning and artificial intelligence (AI) software. This is capable of uncovering quantitative abnormalities among millions of separate transactions while delivering early warning risk analysis updates in real- or near-real-time. 

For Danske Bank, the AML-detection and reporting system failures at DBE harbour potentially significant consequences in terms of financial penalties and loss of reputation for the bank.

Criminal investigation

DBE is being investigated by SØIK (Statsadvokaten for Særlig Økonomisk og international Kriminalitet), the Danish state prosecutor for serious economic and international crime. Estonia’s State Prosecutor’s Office (SPO) is conducting a separate criminal investigation into illegal activities at the branch.

Investigators in Denmark and Estonia have conclusively established that Estonia was used as a “gateway” to channel large amounts of illegal cash into the European Union.

Moreover, investigators agree that DBE became a conduit to Europe for dubious enterprises and criminal organisations located in Russia, Azerbaijan and Moldova. Investigators found that DBE had a significant number of Russian and non-Baltic customers who generated significant profits for the bank. Although Russian “clients” represented just 8% of DBE’s customers by number, they accounted for 35% of the branch’s profit.

“The scale of the money laundering activities at Danske Bank Estonia is absolutely astounding,” said Lisbeth Bech Poulsen, the democratic socialist SF party’s spokesperson on trade, industry and finance.

“This is the biggest case of its kind that we have ever seen in Denmark. The bank will learn valuable lessons from what happened in Estonia. The case reflects badly on both Danske Bank and Denmark.”

Read more about anti-money laundering

The full extent of Danske Bank’s plans to conduct a root-and-branch revamp of its group-wide AML systems will become clear once the bank completes its own internal investigation into DBE.

The scandal has also shaken the confidence of some corporate customers. The controversy was enough for Danish tech group Unity Technologies to terminate its relationship with the bank. The company’s founder, Icelander David Helgason, described the action as “regrettable but unavoidable” given the lapses in Danske Bank’s AML checks and controls. Unity wasn’t alone.

Danske Bank will hope that full range of planned AML improvements will help the bank limit damage, restore its market reputation and retain customers.     

Denmark’s finance regulator (Finanstilsynet) addressed the reputational risk facing Danske Bank over the DBE-affair when it imposed eight new directives and eight reprimands on the bank in May. The FSA ordered Danske Bank to bolster its capital requirement by €670m (DKK 5bn) to reflect increased compliance and reputational risk.

“Our investigation shows there have been serious deficiencies in Danske Bank’s governance. The bank acted too late on information concerning the lack of anti-money laundering measures and on suspicion of the criminal activities of customers, which it received from sources that include an internal whistleblower,” said Jesper Berg, director general at the regulator.

Danske Bank concedes it could have acted more quickly. “Danske Bank has more than 900 employees currently working to combat financial crime,” said a bank statement. “Our governance and control functions have been significantly strengthened. We are making considerable investments on the IT side, and will continue to strengthen competencies across a range of support functions.”

Improved layers of IT security

The initial phase is the strengthening of Danske Bank’s IT-based AML systems. The plan is to introduce improved layers of IT security, including the use of advanced machine learning and AI technologies, to screen and monitor new and existing customers – both private and corporate. There will be a special focus on new customer account applications and transactions.

Danske Bank’s risk management function, whose role is to identify and mitigate risk to ensure full compliance with money laundering rules, will also result in the use of more sophisticated software to identity high-risk customers, detect questionable money transaction activity and issue suspicious activity reports (SARs) to Danish regulatory authorities. The bank will implement similar improvements to its internal audit functions, which serve as the final line in its primary AML defences.

Once fully functional, Danske Bank’s reinforced AML apparatus will have a higher capability to track, identify and issue SAR reports relating to branch and group corporate level transactions. Surveillance will become more centralised, as will the compliance requirements to be met by individual branches and subsidiary offices operating in the banking group.

In the case of DBE, Danske Bank’s Business Banking unit in Copenhagen relied on routine assurances from the branch’s senior management that all ML-rules were being complied with. This same reporting practice was in place for all of Danske Bank’s branches in the Baltic states.

Furthermore, and adding to the general lack of a centralised monitoring system, DBE’s internal audit function was not fully integrated into Danske’s Group Internal Audit (GIA) department. All shortcomings have been corrected following a tightening of surveillance and reporting practices at all of Danske Bank’s branch and subsidiary operations in the Baltic states over the past nine months.

A major IT investment focal point for Danske Bank will be to employ money laundering detection software, using AI and machine learning, to improve efficiency and permit the bank to rapidly siphon through large quantities of structured and unstructured data.

Significant parts of Danske Bank’s AML-detection infrastructure are already automated. The goal here will be to enhance automation while increasing predictive features to better identify emergent multi-channel threats and linked risks, while offering improved capability in the area of recognising increasingly advanced patterns of criminal activity.

Read more on IT risk management

Data Center
Data Management