Danske Bank’s regulatory troubles have been exacerbated after it was fined €1.82bn by the Irish central bank over its anti-money laundering (AML) failures.
The case is the first time that the Central Bank of Ireland (CBI) has fined an institution supervised in a different domicile but operating in Ireland.
Danske Bank is regulated by the Danish Financial Supervisory Authority but its Irish business is supervised for by the central bank for conduct-of-business rules.
It operates in Ireland on a ‘passport’ basis, as is common in the EU’s financial services market.
However, the Irish central bank’s ruling underlines regulators’ determination to clamp down on historical AML failures, even when breaches occur outside of the bank’s home market.
The breaches at Danske’s Irish operations took place between 2010 and 2019.
They related to its automated monitoring system, which the bank failed to update in 2010 when changes to AML regulations were passed.
Consequently, historic data filters wrongly excluded certain customer categories, while transactions considered high to medium risk were not monitored. But although the bank spotted the shortcoming in 2015 following an internal audit, it failed to inform the CBI.
According to the central bank’s estimate, there were almost 350,000 unmonitored transactions between 2015 and 2019, equivalent to 2.4% of all transactions.
The fine was reduced from €2.6m to €1.82m as part of an early settlement scheme agreed with the CBI.
“The Central Bank expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors,” stated director of enforcement and AML, Seana Cunningham.
“The Central Bank will hold firms, including those operating in Ireland on a passporting basis, fully accountable where they fail to take such actions. Anti-money laundering and countering the financing of terrorism compliance is, and will remain, a key priority for the Central Bank,” she said.
“This case highlights the requirement for firms, including those operating in Ireland on a branch basis, to ensure that group systems, controls, policies and procedures are compatible with Irish legal requirements and to ensure that their governance framework and risk management measures operate effectively,” added Cunningham.
“These should be risk-based and proportionate, informed by firms’ business risk assessment of their money laundering and terrorist financing risk exposure.”
While the case is the first time the CBI has fined a passported branch of an overseas bank, it is not the first time a Danske Bank overseas branch has fallen foul of AML rules.
In 2017, it emerged that more than €200bn of suspicious transactions had flowed through its Estonian branch between 2007 and 2015, in what was described as the possibly the largest money-laundering scandal in Europe to date.
“Danske Bank deeply regrets and apologises for the matters which were the subject of this investigation,” stated the bank.
It also added that it has allocated resources to address the fight against financial crime, including the hiring of 3,600 full-time employees and an investment of DKK12bn on “maintaining and improving the overall financial crime risk management framework, including AML controls, between 2018 and the end of 2022”.