Factual Statement Is a Tale of Whistleblowing, High-Risk Customers, and Misleading U.S. Banks
Earlier this month, Danske Bank was sentenced in the Southern District of New York to three years of probation and forfeiture of $2.059 billion. The sentencing capped a tumultuous and global scandal that became public several years ago, as the enormous scope of the bank’s anti-money laundering (“AML”) compliance problems emerge: several hundred billion in suspicious transactions allegedly were processed over time at the bank’s former Estonian branch. As a result of the sentencing, Danske Bank was ordered to make an actual payment of $1,209,062,646; the bank received credit for the rest of the forfeiture amount on the basis of a $178.6 million payment to the Securities and Exchange Commission and a $672.3 million payment to Denmark authorities.
Danske Bank was charged not with violating the Bank Secrecy Act (“BSA”), but rather with bank fraud. According to the press release issued in December 2022 by the Department of Justice (“DOJ”) at the time of the bank’s plea, the bank had “defrauded U.S. banks regarding Danske Bank Estonia’s customers and [AML] controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” The DOJ’s choice to charge bank fraud presumably was predicated upon issues relating to U.S. jurisdiction and the actual applicability of the BSA to Danske Bank and activities in Estonia – but the heart of the criminal case is that Danske Bank allegedly hid its own AML failures from three U.S. banks, thereby thwarting the U.S. banks’ own AML programs and compliance with the BSA.
The plea agreement contains a lengthy statement of facts full of eye-catching allegations. As we describe, it sets forth a tale of intentional and sometimes brazen misconduct by Estonian branch employees, coupled with lax oversight and implicit approval, or at least tolerance, of such conduct by some people in upper management. Further, it involves another example of a financial institution, in the eyes of law enforcement and regulators, over-valuing profit and under-valuing compliance systems. The case also highlights, again, the potential risks associated with correspondent bank accounts held by non-U.S. banks, the importance of having fully integrated and coordinated monitoring systems, and the potential role of whistleblowers.
Finally, this saga is not necessarily over entirely. Danske Bank is subject to three years of probation. The plea agreement requires numerous compliance commitments by the bank, including signed certificates of compliance and self-reporting of potential AML failures. Danske Bank’s troubles also have involved lawsuits brought by investors claiming to have been defrauded, although the bank has had success in fending off these actions (see here, here and here).