Abstract

In September 2018, Danske Bank, the largest bank in Denmark and one of the largest in the Nordic region, published a report which detailed that the bank’s board had fallen into lapses in Anti-Money Laundering/Counter Terrorism Financing (AML/CTF) policies at the bank, in particular, within its Estonian subsidiary. The report was devastating in its criticism of AML processes in the Estonian branch, stating that, over a period of several years, “all lines of defence failed” to manage money laundering risks. Soon after the publication of this report, the CEO of Danske resigned, causing the details of the underlying scandal to become public knowledge (although some the issues involved had been aired publicly on a number of occasions previously). It was also revealed that the bank had become the subject of criminal investigations by US authorities. While the events that are covered in the initial report related to failures to manage AML risks, the situation is more complex than merely deficient AML controls in a remote branch. There was a failure to manage a smorgasbord of different types of risks at both the local and group (i.e., headquarters) level, including: strategic risks; technology risks; and especially operational risks. As befits a sophisticated modern financial institution, Danske Bank operates a group-wide enterprise risk management (ERM) framework covering multiple types of risk (credit, market operational, etc.). The fact that the failure to manage the AML risks took several years to come to light casts doubts on the efficacy of their ERM framework and its implementation. Using Turner’s case study approach, this paper considers the Danske Bank case from the perspective of operational risk management with a view to identifying lessons that can be learned from the scandal that can be applied to future, large-scale operational risk events.

Highlights

  • Danske Bank, the largest bank in Denmark and one of the largest in the Nordic region, is the very model of a successful, modern universal banking corporation, with a solid record of profitability in its chosen markets in Northern Europe

  • During the prolonged incubation period of any large disaster, Turner points out that there is a steady accumulation of events that are at odds with the norms of the organisation(s) but which go unnoticed because their importance is not fully appreciated

  • There were obvious organisational failures that undermined the independence of risk management function in the Estonian branch, making compliance with regulations “ineffective” (Danske Bank, 2018a): “In addition, the branch’s second and third lines of defence were organised in such a way that in practice, they reported to the branch CEO and were not sufficiently independent.”

Read more

Summary

Introduction

Danske Bank, the largest bank in Denmark and one of the largest in the Nordic region, is the very model of a successful, modern universal banking corporation, with a solid record of profitability in its chosen markets in Northern Europe. The report estimated that these transactions involved some EUR 200 billion in value On receiving such an adverse report, the board estimated the bank’s gross income from these suspicious pavements totalled some DKK 1.5 (EUR 0.2) billion and this was to “be donated to an independent foundation supporting initiatives to combat international financial crime” (Danske Bank, 2018b). This ‘donation’ was a substantial hit to the bank’s annual profit when combined with an order from the Danish Financial Services Authority (DFSA) to increase capital with a DKK 10 billion Pillar II add-on (DFSA, 2018). Turner’s Framework for analysing organisational ‘disasters’ is briefly described

Turner’s Framework
Precipitating Event The event that forces itself to public attention
Danske Bank
Estonian Branch and the Non-Resident Portfolio
The Russian Laundromat
AML Regulations
Before the Event
The Precipitating Event
The Onset
After the Event
Rescue and Salvage
Cultural Adjustment
The Incubation Period
Initial Beliefs and Norms
Rigidities of Belief
Decoy Phenomena
Disregard of Complaints from Outsiders
Warnings from Financial Regulators
Termination of Correspondent Bank Relationships
The Danske Whistle-Blower
Information Difficulties and Noise
The Involvement of Strangers
Failure to Comply with Discredited or Out-of-Date Regulations
Minimising Emergent Danger
Risks Apparent in the Danske Bank Scandal
Strategic Risks
Strategic Technology Risk
Operational Risks
Failure of Risk Management
Operational Risk Management
Failures of Operational Risk Management
Key Lesson of Danske Scandal
Further Research
Findings
Summary

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.