Coloures-pic - Fotolia

Swedbank to rebuild anti-money laundering systems after damning report

Report finds that €36.7bn in transactions, all carrying a high risk for money laundering, were processed through the bank’s branch network in Estonia, Latvia and Lithuania

This article can also be found in the Premium Editorial Download: CW Nordics: CW Nordics: Startups face tough decisions as coronavirus hits

Swedbank is overhauling its anti-money laundering (AML) IT infrastructure in the wake of a highly critical report that identified deficient AML detection, control and customer validation systems as the key factors that contributed to the Swedish bank’s systematic failure to prevent money laundering-related transactions in its Baltic subsidiaries.

The report, conducted for Swedbank by London-based law firm Clifford Chance, found that €36.7bn in transactions, all carrying a high risk for money laundering, were processed through the bank’s branch network in Estonia, Latvia and Lithuania between 2014 and 2019.

The report calculated that an estimated €4.4bn in transactions may have violated financial sanctions imposed by the US against named Russian oligarchs suspected of laundering money through banks operating in the Baltic states.     

The report also said Swedbank actively targeted high-risk customers from Russia and former Soviet states. Swedish, Danish and US authorities continue to investigate the scale of money-laundering activities conducted through largely unvetted accounts in Nordic-owned banks in the Baltic states.

The report highlighted inaction by Swedbank’s senior management and board in failing to adequately police its Baltic bank subsidiaries, while neglecting to invest in high-performance AML systems that could be monitored in real time from the bank’s headquarters in Stockholm.  

Swedbank is rebuilding its AML infrastructure against the backdrop of continuing investigations by economic crime agencies in Sweden, Estonia and the US. In March, financial market regulators in Sweden and Estonia imposed fines totalling €347m on Swedbank in respect of breaches of money-laundering laws. The US’s financial watchdog is expected to impose substantial fines on Swedbank by the end of 2020.

“Mistakes were made by management that were serious,” said Jens Henriksson, Swedbank’s CEO. “There was also a certain culture in the bank that contributed to errors and inaction. A review has begun to examine this culture and help us decide what needs to be done to correct existing deficiencies.”

The Clifford Chance-led probe used specialist forensic support from risk management firm FTI Consulting to uncover irregularities in Swedbank’s AML systems.

The FTI-headed investigation deployed 21 algorithmic detection scenarios to collect and analyse potentially suspicious transaction data over a five-year period to March 2019. A total of 30 billion transactions were scrutinised as part of the overall probe. Swedbank’s branches in the Baltics accounted for 50% of all the transactions inspected.

The forensic examination of data by FTI concluded that of the €36.7bn in transactions that presented as high risk for money laundering from 2014 to 2019, €17.8bn emanated from payments to customer accounts and a further €18.9bn from customer accounts that were held with Swedbank’s branches in the Baltic states. 

The Clifford Chance-FTI investigation revealed that Swedbank did not introduce compliance protocols with systematic automated customer and transaction screening in its Baltic subsidiaries until 2017. The vast majority of high-risk money transactions conducted by Swedbank through its Baltic branches, by volume and value, were determined to have taken place before 2017.

Read more about anti-money laundering in Europe

Swedbank updated its IT-based customer screening systems in May 2018 in response to a know your customer (KYC) directive issued by Sweden’s ministry of finance. This mandated all banks in Sweden to adhere to stricter controls and procedures concerning the identification of bank customers. Under the directive, banks are required to verify a customer’s identity data using a specific range of “information technology means and methods” in circumstances where face-to-face meetings are either inconvenient or unfeasible.

The Clifford Chance-FTI investigation collaborated with Swedbank’s IT personnel to access SharePoint site listings containing data fields that included site address, name, description, owner, commission date and monthly views for live and archive sites dating back to 2016 – the point at which site listings were automated.

Swedbank’s SharePoint intranet and content management system was used to identify and collect documents from 148 current and former bank employees, including senior managers. FTI extracted 20 million individual records from email mailboxes and archives, user share data, laptops and mobile devices. A further 220,000 individual employee-generated records were harvested from SharePoint.

The Clifford Chance-FTI probe uncovered a number of critical shortcomings in Swedbank’s technology-led AML capability. The bank’s system for screening payments was deemed inadequate and unfit for purpose. This system was later upgraded, at the request of Swedbank’s Group Compliance, to use ProScan to screen payment transactions more effectively.

Deficiencies were also identified in the manual transaction monitoring systems used at Swedbank’s Baltic subsidiaries. This system was replaced by a Nice Actimize automated monitoring system customised for potentially high-risk transactions.

“The investigation report gives us the facts that we can use to resolve outstanding problems in our AML structures and systems,” said Göran Persson, Swedbank’s chairman. “We will implement any changes needed to correct weaknesses that exist in our AML systems and compliance. The bank has clearly not measured up to our responsibilities or to the requirements of our customers and society generally.”

Anti-Financial Crime unit

Swedbank’s AML IT rebuild coincides with a series of interlinked initiatives. The bank established a dedicated Anti-Financial Crime (AFC) unit in 2019 as part of a broader scheme to reinforce group KYC systems. The AFC pooled resources and competences from across the bank’s core technology and investigative departments to develop a frontline position to fight financial crimes.

The AFC’s focus is on AML, counter-terrorism financing, fraud prevention, cyber and information security. The unit is tasked with coordinating internal and external investigations within the AML area. It also has overall responsibility for the bank’s AML functions, including framework and processes for KYC, risk classification, transaction monitoring and reporting to authorities.

“The AFC houses the essential resources and competences to provide the robust capabilities the banks will need in the AML area,” said AFC head Anders Ekedahl.

Swedbank’s capacity to successfully police its AML responsibilities has been improved through its participation in the Nordic KYC collaboration project with partner banks DNB, Danske Bank, Nordea, SEB and Handelsbanken.

This Nordic KYC bank alliance aims to develop a joint platform with standardised processes to handle KYC data. Nordic banks are looking to simplify KYC processes for corporate customers, while strengthening financial crime prevention on a pan-Nordic basis. The six banks will each own a 16.6% equity holding in Nordic KYC.

“We are working on producing a Nordic KYC utility standard for compliant KYC information while exploring alternatives for a future digital solution,” said Fredrik Millde, Nordic KYC’s acting CEO. “We hope to launch Nordic KYC commercially in 2020. The target is to offer KYC services to large and medium-sized companies in the Nordic region.”

Read more on IT for financial services

Data Center
Data Management