The Recent Danske Bank Resolution – Lessons Learned
A recent 2 billion USD forfeiture and a case of defrauding banks regarding AML controls is an important reminder. Beyond the attention-grabbing news reporting, there are very important lessons learned that should be highly valued in a long term perspective.
Expectations on robust compliance programs are non-negotiable. Advisense takes a broader view on risk appetite, effectiveness gains and long-term impact of non-compliance on trust and reputation.
Danske Bank has reached a resolution with the US and Danish authorities. In a few years following the scandal, Danske has undertaken extensive and persistent remedial actions to assure its financial crime prevention processes, and will continue to do so.
According to the US Department of Justice (DoJ) as of 13th December, Danske Bank has pleaded guilty of defrauding US banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s non-resident high-risk customers, largely originating from Danske Banks acquisition of Sampo.
In the DoJ statement, Deputy Attorney General Lisa O. Monaco declared that “[We] expect companies to invest in robust compliance programs – including at newly acquired or far-flung subsidiaries – and to step up and own up to misconduct when it occurs. Failure to do so may well be a one-way ticket to a multi-billion-dollar guilty plea.”
Communication around this news is a prime example of the daunting costs of extensive risk-taking and non-compliance. However the 2 billion USD forfeiture that Danske Bank has agreed to is only a fraction of the brunt that the bank needs to bear.
Risk appetite
FCGs recent report AML State of Play Denmark, based on interviews with AML experts in ten financial institutes, provides diverging perspectives on developments since the Baltic money-laundering scandal. It tells of both over-compensation due to the fear of injunctions and of perceived inherent challenges in for example KYC and risk classification, which makes it hard to gauge the risk appetite.
“Setting AML KPIs, KRIs and understanding how to manage the risk appetite is crucial to senior management and the board. But these processes are still often viewed as difficult and in need of further development, at least what we see in the Swedish and Danish context, says Ronny Gustavsson, Head of Financial Crime Prevention at FCG. “Any measures or actions need to purposefully fit within the overall holistic framework.”, he continues.
The true cost of financial crime prevention
According to The True Cost of Financial Crime Compliance Study for the USA/Canada 2022, the top external trends driving increased costs are evolving criminal threat and an increase in data privacy requirements, geopolitical risk, AML regulations, as well as regulatory expectations and customer demand for faster payment. Additional factors driving increased costs include growth in volume of AML activity and more complex investigations due to more opaque ownership and attention to sanctions.
The strategy to outsource customer due diligence and/or KYC case management functions is gaining ground. Financial institutions focusing on cost efficiency measures in this direction tend to do so for list screening, customer identity, risk profiling and compliance documentation. More complex UBO identification and sanctions screening activities typically remain in-house. The abovementioned study also confirms that financial institutions that use third-party provider portals/compliance solutions as primary KYC due diligence resources can lower cost of compliance and better identify ultimate beneficial owners, potential criminal relationships and a single risk view.
Significant efficiency gains to be had
Perhaps the “pay and pray” era is coming to an end. There is still significant potential to improve work around both the KYC process and TM, and most importantly to further develop and tune scenarios and connect these processes, including the crucial interrelation with identified risk factors. Frequent discrepancies in this area have been identified by the Swedish FSA, including for example poor or no validation or updating of systems and models, insufficiently developed scenarios or risk classification which makes it hard to ensure a risk-based approach, and weaknesses in customer risk classification which hampers transaction monitoring, little or no connection between the risk assessment and risk factors that scenarios must follow or customers’ risk classification. A final observation which can constitute the most important factor of all, follow-up on AML measures by management.
False alert and conversion rates are key concerns. To demonstrate the efficiency gains to be had, FCG conduceted a benchmark in 2022 on transaction monitoring in Swedish financial institutions. The purpose was to establish an informed view on the volumes of alerts and expected handling time per alert that may be expected given the size and type of organization.
Based on quantitative experience from across multiple TM-assignments across Swedish banks, FCG was able to establish an estimated distribution of measures expected according to categories of alerts. Results from this benchmarking analysis demonstrated that the average handling time per alert is 30 minutes. With a standard hourly cost of in-house personnel involved (appr. 720SEK), one single TM alert is estimated to cost 360SEK.
Reputation and the broader view on share price impact
The market typically responds forcefully to scandals that are predestined to become costly. The absolute correlation is of course difficult to prove. Following the 2018 revelations of Danske Bank’s then alleged laundering of 200 billion Euros, its shares traded 40 percent below their level earlier that year. This is however tends to be local and temporary, and generally bruised banks tend to bounce back.
Tony Apéria, Researcher at Stockholm Business School and owner of Nordic Brand Academy has researched reputation and trust in the financial sector and developed indexes since 2001. His findings demonstrate that Nordea, Danske Bank and Swedbank fare among the lowest ranked. The Panama Papers and the Baltic money-laundering scandals have had a substantial impact, with reputation seeing a negative development as a result. Swedbank is a generally positively appreciated and regarded brand and has bounced back, while Nordea and Danske Bank remain at the bottom. According to Apéria, the value of the brand cannot be directly deferred from the traded share price. What is just as important but harder to gauge are other market behaviours, so called brand-supporting behaviours. Comparable to a net promotor score, this is demonstrated by more customers saying they want to buy products and services from the bank, believing the bank able to manage crises in a good way, are willing to seek employment within the bank, and expressing a want to invest (procure shares) should the opportunity be given.
Adverse media, injunctions and, as in this case yet another fine on historical levels due to non-compliance in financial crime prevention, tend to result in a sudden crescendo only to be soon replaced by other news or new crises.
Conclusions
According to Ronny Gustavsson, it is important to understand that the work needed to come to terms with deficiencies is a long-term task. It requires management stamina to create a culture where all parts of the organization are driving in the same direction and are able to persevere. A greater investment to primarily address deficiencies in regulatory compliance must also address the efficiency and optimization of preventing financial crime such as money laundering and violations of international sanctions.
For further information please contact: