Money laundering does not recognise borders. At least ten banks were involved in the €200 billion Danske Bank scandal, many of them from European countries. Danske Bank in Estonia and Danske Bank in Denmark merely sat at the heart of a larger web of transactions. This article is an account of where the tainted Russian and Azerbaijani money went and who handled it.

The following revelations come from last November's testimony of Howard Wilkinson before a committee of the European Parliament. Wilkinson worked at Danske Bank’s trading unit in the Baltic states between 2007 and 2014 and in 2013 ‘blew the whistle’ by reporting irregularities to the Danske board, money laundering reporting office and compliance office. He was very circumspect in his account to the parliamentary committee, refusing to name people and even correspondent banks, but the information he collected while working at the bank, coupled with his analysis of Danske Bank's 'draft report,’ reported on in the London Financial Times in September but hinted at in press reports a few months earlier, paints an incomplete but damning picture of regulatory tolerance of bad anti-money-laundering practices.

In view of the Eurocentric preoccupations of his audience, Wilkinson concentrated on the involvement of financiers in EU countries. His testimony drew applause from the committee at the end.

He began by referring to the blue diagram at the head of this article.

“Within Danske [pronounced Danskee] itself, suspicious money moved through the operations in Lithuania, in Estonia of course, and also in Denmark. If we look at the left of the picture, the money typically started in Russia. There were some Russian banks through which the money moved, but there was also the Russian subsidiary of a European bank and the Russian subsidiary of a US bank. We are seeing the European connection even within Russia.

“If we look at the right hand side, where the money goes out, we see two large American banks through which the dollars moved, but we also see the US subsidiary of a European bank. It is necessary to stress the importance of these correspondent banks in the United States. In my estimations, 80-90% of the money that went through Danske Bank ended up in dollars, leaving through US correspondent banks into the financial system.

“The banks in the US, including the US subsidiary of a European bank, were basically the last check. Once the money passed through them, it was out, clean, and in the global financial system.”

Unanswered questions

Wilkinson presented the committee with a slide that contained the following notes. On the left-hand side are the banks in the saga, followed by what is known about their involvement.

• Danske Denmark – Danish FSA report says that payments were only 'technical.' Is this actually true?
• Danske Lithuania – Danske Bank commented in December 2017. Since then, deathly silence. What happened?
• Russian subsidiary of European bank – No evidence that anyone has done anything.
• Russian subsidiary of US bank – No evidence that anyone has done anything.
• US subsidiary of European bank – Closed Danske Estonia's correspondent account in 2015. How many billions went through it up to 2015? what reports were made?
• Large US bank 1 – Asked Danske Bank kindly to close Estonia's correspondent account in 2013. How many billions went through it up to 2013? What reports were made?
• Large US bank 2 – Closed Danske Estonia's correspondent account in 2015. How many billions when through it up to 2015? What reports were made?

He then said the following, referring to the slide.

“So we have all these banks but we do not know very much about what the banks actually did. Perhaps we know a fair amount now about Danske Bank in Estonia, but let us look at Danske Bank in Denmark. According to the Danish Financial Services Authority’s report, there were some payments but they were only 'technical' in nature. The question is whether this is actually true, because people in Estonia were talking to people in Denmark more than once a day regarding transactions. Is that only 'technical'?

“Let us talk about Lithuania. I was told in January 2014 that Danske Lithuania was not allowed to have non-resident customers, yet it emerged that in 2012 a British Virgin Islands company (which, to me, sounds quite non-resident) sent over $100 million through a US correspondent bank into the account of a customer of Danske Estonia. This customer was subsequently kicked out because of money laundering problems. It does raise the question of why, if the Lithuanian branch was not allowed to have non-resident customers...firstly, it had non-resident customers, because that was not the only one, and secondly, it had managed to pick up such a bad one, but we hear nothing about that.

“Let us consider the Russian subsidiary of a European bank. This is interesting because the feedback from the customers was that they were very pleased when this rouble correspondent bank account was opened because apparently the two large Russian banks were actually rather strict regarding payments, according to the customers. But the Russian subsidiary of the European bank had, let me say, a rather relaxed approach to checking documents.

“Now we look at the US subsidiary of a European bank. It took at least 9 years before the account was closed. For the first US bank it took at least 7 years and even the second US bank (which only opened a correspondent account after the first US bank had exited) took two years before it woke up to the problems and closed the relationship with Danske Bank.

“So we see the scandal touching 8 EU countries plus the US. That's 8 EU countries in just the first wave, not taking into account the probability that money went to every single EU country.”

Shell companies

“Just as important, in my view, are the countries that housed the shell companies that were implicated in the schemes. The K/S, a limited partnership structure in Denmark, was being abused; the bank's report found 54 such companies and they were all suspicious. I actually reported them to the bank management; it was ignored.

“But clearly the worst of all is the United Kingdom. The role of the United Kingdom is an absolute disgrace. Limited liability partnerships (LLPs) and Scottish liability partnerships have been abused for years. Some enterprising journalists in the UK found an example of a company – actually not an LLP but a normal limited company – that had a director who had been born, married and accepted as a director of the company within three months. That's pretty good going.

“There are also countries in which parallel schemes operated. One customer I met, who was subsequently implicated in a suspicious activity, told me that they were carrying on the same business in Latvia. A colleague who visited customers in Moscow was told that similar stuff was going through the Czech Republic.”

A few mini case studies

Wilkinson presented the European legislators with some potted case studies using information he had drawn from his supply of emails and other sources at the bank. He added: “The regulators have played an important part in this, and not necessarily in a very positive way.”

Case study 1 – the Danish FSA

Wilkinson presented the following notes to the committee.

A Internal email from [name deleted] to [names deleted], 7 April 2013: "The FSA has helped the bank in a critical situation. They are now very worried..."

B Comments from [name deleted 1] to [name deleted 2], which [name deleted 2] told me about in January 2015: “I don't care in the slightest what happens in Estonia. My job is to protect Danske Bank.”

Internal email A was sent by a senior manager at Danske Bank. Wilkinson mused: “If a senior executive at a bank thinks that the FSA has helped his bank, I think that it's a pretty fair bet that the Danish FSA did actually help it. That raises the question of whether it is the job of the FSA to help the largest bank? There are other questions. Would they have helped the Swedish subsidiary in Denmark in a critical situation? Or would they have only helped the largest bank in the country? There are some real issues about fairness.

“The second quote – and I cannot, unfortunately, name the people, but I can say that the second person was not an official from the Danish FSA and the first person was an official from the Danish FSA – was reported to me in January 2015. That was before any of this really blew up, so I do not think that there is any reason to doubt it. The FSA official wanted to protect Danske Bank. We're seeing a theme emerging here – help and protect. Is this in line with EU law? Is this what one ought to expect from regulators?”

Case study 2 – the Estonian FSA before its total change of approach, which started in 2014

A Email from [name deleted] to [names deleted], 7 April 2013: "We have been contacted by the Danish FSA who have been contacted by the Estonian FSA again. They express concern about our blacklisted Russian customers...they have contacted the bank twice lately but they have the impression thta we do not take the issue very seriously."

B Agreed minutes of meeting between [names deleted] and [names deleted], 25 April 2013: "[The Estonian FSA] confirmed that co-operation with the bank had been effective and constructive...there are no reproaches according to the level of regulations in the bank."

Wlikinson explained: “The Estonian FSA...it's almost like two FSAs, one FSA starting in 2014, which is very active, and there was one before 2014 and we've got one particularly terrible example here. On 7th April, we learnt that the Estonian FSA had contacted the Danish FSA 'again' – it had happened before – about, in this case, blacklisted Russian customers. The Estonian FSA said that they had contacted the bank twice but thought that it did not take the issue seriously.

“That was on 7th April, but something magical happened in the next three weeks, because by 25th April, in an agreed minute between the Estonian FSA and Danske Estonia, now we find that there has been 'effective and constructive' co-operation and there are no reproaches! I do not understand what happened in those 18 days.”

Case study 3 – the Estonian FIU

Wilkinson then moved on to the role of the Estonian FIU, the financial intelligence unit. He thought that the timeline shown below contained a particularly shocking example of failure. His example related to a company that he described only as ‘A.’

• 6 June 2012            Account opened for company A at Danske Estonia.
• 28 Feb 2013            Company A reported by Danske Estonia to Estonian FIU.
• 18 July 2013           Company A investigated by Estonian FIU.
• 19 July 2013           Company A filed false accounts at Companies House in the UK.
• 25 Sept 2013          Company A closes accounts at Danske Estonia but the beneficial owner still has other companies with accounts open at Danske Estonia.
• April 2014                4 related companies of company A still have accounts open.

Wilkinson referred to the list by saying: “In the entry for 2 July, 'investigated' was the bank's word. I take that to mean that the FIU came and asked the bank a lot of questions. On the 18th the FIU came and asked more questions. On 25th September the company closed its accounts but the owner just set up some new ones! I left in April 2014, when four related companies still had accounts open.

“There is something missing here, though. Just one day after the enquiry, the company filed accounts in the UK that were definitely false, so why did the Estonian FIU fail to figure that out? All they had to do was look on the website. All they had to do was to ask the UK authorities to help them.”

NDAs

Finally, the ‘whistleblower’ tackled the thorny subject of non-disclosure agreements. As has been well reported, he signed a secret non-disclosure agreement under Estonian law which has prevented him from talking to the authorities without the permission of the bank. He revealed: “In mid-2015 my understanding of the legal position was that it might be enforceable in preventing me talking to the authorities, but it might not. As a private citizen, I cannot take the chance. I will only report if I know that I am 100% safe.”

Stephen Kohn, Wilkinson's American lawyer, told the Eurocrats: "Although Danske Bank waived the NDA contractually for the purposes of this testimony, they warned us that Mr Wilkinson could be charged criminally under bank secrecy laws from Estonia or other countries involved." He said that the bank also thought that Wilkinson might attract charges under data protection rules if he were to identify people at the bank, which he did not do by name or job title.

Four pleas to Europe

To conclude, Wilkinson identified four main issues: “The first point is that it cannot be right to have NDAs that prevent the disclosure of wrongdoing and the EU should try to find a way to ban them. Secondly, as covered well in Danske Bank's intelligent draft report, something must be done to prevent the use of shell companies that are established in EU countries.

“Thirdly and very importantly, there is a need for a new model of regulation that removes the obvious 'home country' bias that we see in these cases. In the case of Denmark, it is not so much 'soft touch' regulation as 'affectionate caress' regulation. Finally, I would suggest that the committee should make recommendations as to how to protect whistleblowers.”

Regulatory reform in the air

Danish financial regulators have responded recently to the overwhelming impression of ‘regulatory capture’ - when regulators work in favour of the firms they are supposed to be regulating – that Wilkinson’s testimony revealed. Danish business minister Rasmus Jarlov has told the Financial Times that his Government is planning to “discuss how we can ensure that we don’t have ties that are too close between the financial sector and the authorities.”

Jesper Berg, the head of the FSA, took the occasion to deny vehemently that any regulatory capture had taken place at his organisation.