Second Post in a Two-Post Series
On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.
In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.
The Report is lengthy and detailed. As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.
The Internal Investigation Report
In February 2019, Swedbank retained a law firm to conduct an investigation of its AML work. Swedbank has made the report of investigation (the “Report”), issued on March 23, 2020, available on its website. The investigation sought to identify historical deficiencies in Swedbank’s AML compliance systems and controls from January 2007 through March 2019, and focused on the areas of Swedbank and the Baltic Subsidiaries that evidenced the highest historical AML-related risks.
The Report did not go so far as to conclude that Swedbank engaged in actual money laundering or processed consumer transactions that constituted the proceeds of crime because “definitive knowledge” of the customers’ source of funds was not available. However, it did find that Swedbank had inadequate systems and controls to ensure proper management of the AML and economic sanctions risk of its customer base, which “historically exposed Swedbank and its Baltic Subsidiaries to significant AML and sanction risk.”
The Report revealed that between 2014 to 2019, Swedbank’s branches in the Baltic region (including Estonia, Latvia and Lithuania), processed roughly €17.8 billion ($19.4 billion) in payment into customer accounts and €18.9 billion ($20.7 billion) in payments from customer accounts. The Report found that these transactions alerted on three or more of 21 algorithmic detection scenarios utilized in the investigation to identify potentially suspicious transactions.
The Report revealed that from before 2007 through 2016, Swedbank Estonia and Swedbank Latvia actively pursued certain high risk customers as a business strategy. For example, Swedbank Estonia accepted certain customers that had been off-boarded by another Estonian Bank in 2015 that had decided to exit the high-risk non-resident (“HRNR”) business due to money laundering risks.
The Report also found that although the Estonian branch formed a special committee to review the on-boarding and regulation of HRNR customers, the committee still approved high risk customers without having complete documentation regarding the ultimate beneficial owners, proof of source of funds or explanation of the legitimate business purpose of the customers, and did not address red flags. In addition, some Estonia branch employees kept certain information regarding the ultimate beneficial owners for some customers outside of the bank’s regular customer database. Employees of Baltic branches overlooked or disregarded indications of potentially suspicious transactions. Certain high-risk customers of Baltic branches were allowed to open accounts in other Swedbank regions.
The Report found that senior management historically failed to establish clear lines of AML-related responsibilities. It noted that the three CEOs that had led Swedbank throughout the review period lacked adequate appreciation of the severe risk posed by HRNR customers in its Baltic banking. The Report also found that the degree and seriousness of the AML control deficiencies were not appropriately escalated to the Board in a timely manner. The Report further found that Swedbank did not always take an “actively transparent posture” with regulators regarding AML-related issues.
Potential Violations of United States Regulations
The Report further assessed potential non-compliance with United States Treasury Department’s Office of Foreign Assets Control (“OFAC”) by Swedbank’s Baltic subsidiaries or their customers. The Report identified potential violations of OFAC regulations within the payments processed by the Baltic subsidiaries from 2014 through 2019 including 586 outgoing and incoming transactions totaling approximately $4.8 million involving persons in Iran, Cuba, or Crimea. The Report notes that none of the suspect transactions identified involved any OFAC-listed persons.
Swedbank’s Public Disclosures
The Report examined the completeness and accuracy of Swedbank’s public disclosures concerning AML risk and compliance and related issues. The Report determined that certain disclosures or statements made during the period between October 2018 and March 2019 by Swedbank, its then-CEO and senior manager in Group Communications, concerning Swedbank’s historical AML compliance, current compliance and exposure were “either inaccurate or failed on multiple occasions to provide sufficient clarity and context.” The statements identified included:
- Representations regarding Swedbank’s reaction to potential money laundering activity when the investigation revealed that the bank’s historical efforts were not always adequate to mitigate money laundering risks;
- Statements that Swedbank had a systematic approach to detect money laundering when Swedbank did not provide relevant context that its systems did not always meet industry standards and suffered deficiencies; and
- Statements that may have downplayed Swedbank’s exposure to certain AML risks associated with cross border transactions.
Swedbank’s public statements and disclosures to investigators identified in the Report are likely to face increased scrutiny as investors consider shareholder derivative class actions.
What May Come Next
In its press release, Swedbank notes that the Report acknowledges that the Bank has strengthened its AML work and compliance with international regulations. Jens Henriksson, Swedbank’s new President and CEO stated: “It is obvious that there have been cultures in the bank that are not acceptable. This is serious. I have initiated a review which aims to examine the culture and identify actions needed. This work is underway.” The bank notes that it has implemented an action program to remedy shortcomings which, at year-end consisted of 152 initiatives. Moreover, he bank has recruited and appointed new leadership in a number of key roles, and ended the employment of a number of employees whose actions or inactions contributed to AML problems in the Baltic subsidiaries.
Swedbank is still under investigation by the Latvian Police Department, European Central Bank, Swedish Economic Crime Authority, and several United States authorities. It is likely that Swedbank will face additional sanctions from these authorities and that private investor securities litigation will follow.