On July 24, 2019, the European Commission (EC), the European Union’s (EU) executive arm, published a Communication and four reports that assess the current state of the EU’s anti-money laundering (AML) and counter-terrorist financing (CTF) framework and make recommendations for improving it. Among these is a post-mortem of several recent high profile incidents of alleged money laundering conducted through EU banks. Notably, the EC declined the European Central Bank’s calls to set up a permanent cross-border agency to police financial crime, or to transform recent AML directives into an international regulation.
The first bank implicated in the wave of alleged money laundering incidents was Latvia’s ABLV Bank, which was self-liquidated last year after the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Treasury Department, accused ABLV of institutionalizing money laundering, violating sanctions imposed on North Korea, and using bribery to influence Latvian officials. The issue then spread to Danske Bank, Denmark’s largest bank, which continues to emerge as one of the largest money laundering cases in history. The Estonian branch of Danske Bank allegedly processed approximately $224 billion in suspicious transactions by thousands of non-resident customers, including $30 billion of ex-Soviet and Russian money, from 2007 through 2015. The U.S. and EU authorities reportedly have opened investigations into the scandal, while Danish authorities have filed preliminary charges against Danske Bank, alleging that the bank failed to provide adequate IT systems or human resources to perform transaction monitoring, and failed to obtain adequate information regarding the beneficial ownership of the accounts at issue. Swedbank and Deutsche Bank both are reported to have processed suspicious payments that were transferred through Danske Bank.
A common theme throughout these incidents has been the exploitation of the weaknesses of the AML and CTF controls at Baltic and Nordic banks by a Russian money-laundering ring, using money originating in Russia and the former Soviet states. Pilatus Bank in Malta shut down last year following a U.S. probe that revealed suspicious transactions involving Azerbaijan’s ruling elite. The Dutch regulator fined ING Group, the Netherlands’ largest financial services provider, $915 million last year for violating laws on preventing money laundering and the financing of terrorism by not properly vetting the beneficial owners of client accounts and not detecting unusual transactions. The ING fine was the largest AML fine in European history. Nordea Bank is the latest Nordic bank to be accused of laundering upwards of $790 million from Russia and other former Soviet states. The size and pervasiveness of these alleged money-laundering incidents at EU banks—with clear links to Russia—has led many to question whether existing EU controls have the teeth to effectively police national institutions.
The EC’s report on ten recent cases of money laundering in EU banks identified four main categories of shortcomings: (1) ineffective or lack of compliance with the legal requirements for AML/CTF systems and controls; (2) governance failures in relation to AML/CTF; (3) misalignments between risk appetite and risk management; and (4) negligence of group AML/CTF policies.
The reports also identified shortcomings by member state regulators, including lack of staff and AML/CTF expertise, intervening only after significant risks had occurred or when faced with repeated compliance and governance failures, and inadequate enforcement of AML/CTF rules when enforcement did occur.
At the same time, the reports note that the Fifth Anti-Money Laundering Directive (AMLD5), which member states must transpose into national law by January 2020, and other recent laws have substantially improved the EU’s AML and CTF regime by: (1) ensuring implementation of beneficial ownership registries for companies and publicly available registers for trusts and other legal arrangements; (2) limiting the anonymity offered by virtual currencies, wallet providers and pre-paid cards; (3) improving information sharing rules between AML/CTF supervisors and prudential regulators; and (4) strengthening the authority of the European Banking Authority to collect, analyze, and disseminate information and to act where Union law has been breached. The EC proposed additional measures to build on these steps, including the enhanced cooperation between Financial Intelligence Units and the possible interconnection of bank account registries and data retrieval systems.
These incidents point to broader risks for affiliates operating in Baltic and Nordic regions, and show an increased willingness by EU regulators to penalize AML failures at high-levels – in the hundreds of millions of dollars equivalent – previously associated only with U.S. AML enforcement. Financial institutions based in these regions or with affiliates in these regions should consider their exposure to the money laundering identified in these incidents and whether they or their affiliates have programs designed to address this risk. They also may wish to ensure that the AML programs for these entities are integrated into a larger, group-level AML strategy for compliance, and that they are sufficiently resourced with appropriate empowerment of the compliance function. U.S. banks that provide correspondent banking services to such institutions may wish to enhance their due diligence for these institutions.