Estonia, a small sovereign and EU member state in Northern Europe, gained altitude as Europe’s innovative tech-hub. Recently, the countries financial sector is under a magnifier by international lawmakers and regulators after the national supervisor requested permission from the European Central Bank to withdraw the license of Versobank AS. Simultaneously, the Tallinn branch of Danske Bank was accused of being part of an unrivalled money laundering operation when an estimated 200 Billion Euro was funnelled through the accounts in their non-resident banking department. The Central Bank of Estonia, Eesti Pank, had to reluctantly admit that 1.1 Trillion Euro (1.27 Trillion USD) passed through the countries’ bank accounts between 2008 and 2015; an astonishing figure that is almost 5 times the countries GDP during that very same period.
Versobank AS is owned via several shareholdings by the Ukrainian consortium ALEF. The bank was shut down after the Estonian national supervisor uncovered serious and long-lasting breaches of legal requirements, particularly concerning the prevention of money laundering and combating the financing of terrorism. The systemic nature of these shortcomings resulted in the approval by the ECB to liquidate the bank. KPMG was appointed as the liquidator. The deposit protection scheme was triggered and as of June 2018, depositors can receive further compensation up to a maximum of 200.000 Euro, plus an additional 30% when their account balance exceeds the insured deposit.
The concerns surrounding Danske Bank are more serious. Danske Bank is in Denmark, its home country, considered a systemic bank. Systemic banks are interconnected, and its failure could trigger a domino effect resulting in a domestic, or even global financial crisis. Shares of the bank can be publicly traded on the Nasdaq OMX exchange in Copenhagen. Whilst, publicity already downgraded the share price of the bank by a third, and short-selling of the stock, where investors assume a devaluation of the worth of the bank, gains momentum.
Frontrunners of the global financial crisis in March 2008, Wall Street investment bank Bear Stearns, saw its share price drop from USD 61,58 to USD 2,00 in a matter of days. A run on the bank and the massive dumping of shares caused by fear of liquidity shortages resulting from excessive leverage in the sub-prime mortgage industry. This eventually led to the acquisition of the investment bank by JPMorgan. Although Danske Bank is not over-leveraged and its capital adequacy ratios are enough to absorb a reasonable amount of losses, a scenario similar to Bear Stearns cannot be ruled out completely. Specifically, because the risk for Danske Bank lies in the regulatory fines, lawsuits from duped investors and further reputational damages.
The financial regulator in Denmark, the FSA, identified a change in the operational risk profile of Danske Bank and ordered the Bank to raise its capital cushion to absorb potential losses while protecting the vital elements of the bank in case of heavy deprivation. To mitigate risk and enable the absorption of potential losses due to descending share prices, Danske Bank initially decided to buy back shares from investors for an estimated amount of 1,4 Billion Euro. Buying shares of itself are common practice for systemic corporations to mitigate risk exposure and a way to drive on and stimulate trading and manipulate the demand in its shares. Alternatively, by buying own shares, the bank raises its Tier 1 capital position and potential benefits from long-term growth. Tier 1 capital is the core capital of the bank and is a ratio used by regulators to determine the financial strength of a bank. The ratio is the sum of shareholder equity and the accumulated net income of the financial institution.
Another interesting observation is that the Danish government ordered banks in Denmark to raise its countercyclical capital buffer. This capital buffer relates to the loan portfolio of banks. Loan portfolios have two elements, capital inflow to fund new loans and repayment of existing loans. When a countercyclical buffer is increased, it is likely that a central bank anticipates on an increase of non-performing loans. Loans default when the debtor stops paying interest and cannot redeem the loan. This often happens when income falls behind with expenses. This can be triggered by low turnover, inflation while the income stays behind or the lack of availability of additional (commercial) loans and funding for small and medium enterprises (SME).
For this publication, the business case of Danske Bank and its Estonian branch is further discussed to understand the pitfalls of international banking and the impact weak controls can have on a small economy with a gap between the GDP and non-domestic deposits in its financial institutions.
Non-resident banking and offshore shell companies at Sampo Bank
Sampo Bank was a Finish lender that ran a banking operation between the years 2000 and 2006 as a subsidiary of insurer Sampo Group. The Group is owned by the Finnish government, the state pension fund, and the Municipality Pension Agency. In 2007, Sampo Bank, including its branch in Tallinn, Estonia – AS Sampo Pank – was sold to Danske Bank, as a subsidiary on its own. In 2008 the subsidiary became a branch of Danske Bank and was renamed in 2012.
The Estonian Financial Supervisory Authority forewarned its counterpart in Denmark after the takeover of Sampo Bank in August 2007. Concerns related to the non-resident portfolio of the branch in Estonia. The FSA indicates operational risk factors, such as: ‘the bank’s routine practice has not been fully in compliance with the requirements stipulated invalid legal acts and the international standards.’ The conclusion of the final inspection was evident: ‘the bank has underestimated potential risks, associated with providing services to legal entities registered in a low-tax area and undue compliance with relevant procedural rules.’
Sampo Group invested the proceeds of the sale of Sampo Bank in the Scandinavian Bank Nordea and still owns 21% of Nordea. Nordea Bank, a Swedish systemic bank, is under investigation by the Swedish Economic Crime Authority (SECA) for alleged violation of anti-money laundering regulation and its role in the funnelling of 175 Million USD potentially illicit funds.
After the takeover, Danske Bank pursued the profitable operation in Estonia. Despite the warnings from the Estonian FSA and the Russian central bank, alongside negative media coverage, no action was taken to address the issues. On the contrary, the bank continued its activities and it took until 2015 to terminate the problematic non-resident portfolio.
Due to its geographical location and affinity as a former part of the Soviet Union, Estonia became attractive for deposits from the Soviet region. In general, business owners and individuals from the former Soviet Union were concerned that their venture or wealth could be repossessed. Therefore, legitimate SME’s can incorporate foreign holding companies to keep the shares of their local business to hide the true ownership of the subsidiary. Asset protection for individuals is often done by migration of wealth to an estate. Such estate can be a trust, foundation, or an (offshore) company.
There can be legitimate reasons to cover and protect the ownership of shareholdings or other assets. Those who strongly want to hide their assets or wealth, or with illicit business models, can incorporate an International Business Corporation (IBC) in a tax haven. Tax havens often have a limited corporate register, making it difficult to unravel the ownership structure of the IBC. Shareholdings and directorships in IBC’s can be further hidden by appointing nominees. A nominee is a third party holding a visible position or shareholding in an IBC. Nominees can be corporate entities or other IBC’s in a different tax haven, or individuals.
Individual nominees can be legitimate businessmen or random people looking for extra income. During recent years different nominees were exposed, such as a Flemish dentist, a convicted Caribbean drug trafficker, and even a 74-year-old wanderer living on the streets of Riga (Latvia) with a homeless centre as his registered address.
Corporate nominees belong to the true owner of the business structure or can be set up and owned by an agent. The true owner of a company is named the ultimate beneficial owner (UBO). A UBO can incorporate different layers of IBC’s in different tax havens all with shareholdings in each other. This multi-layering ensures further ambiguity making it difficult, if not impossible, to reveal true ownership of a full structure of corporate entities.
Financial institutions need to know who they are dealing with. Thus, they require documented evidence of the shareholder structure leading to the UBO. Banks are required to perform due diligence on its customers to know your client (KYC) standards. To understand a corporate structure, banks can request a certificate of incumbency that shows the company name, its registration number, the incorporation date, the registered address, and the director(s) and shareholder(s). If a company is multi-layered, each entity needs to submit such a certificate. For personal identification purposes, the individuals in the corporate structure need to provide a notarized passport copy, a proof of address and a bank reference letter. The bank can then check the individual’s credibility by utilizing risk management software such as ‘World Check’. The software is open source and its information is aggregated from the public domain. This means that convictions that fall under privacy laws are not visible via these tools when the media has not picked up on them.
To avoid scrutiny and possible rejection to open a bank account, kleptocrats, criminals, sanctioned individuals and politically exposed persons (PEP’s) can appoint a ‘nominee UBO’. The nominee UBO is a risk for the global financial system because it allows suspicious and outright illegal funds to flow into the real economy. Additionally, the nominee UBO enables terrorist financing to stay under the radar. Since the nominee UBO agrees on its role in a civil agreement with the real UBO, there is no possibility for third parties to suspect that the nominee UBO is not the true owner of the corporate structure.
Alongside the offshore IBC, the Danish kommanditselskab (K/S) and the Limited Liability Partnership (UK LLP) were frequently used by customers of Sampo Bank. A Danish K/S is a partnership with general and limited partners. The general partner is often a private limited company with a minimum capital to reduce the liability of the partnership. The limited partner in a K/S is only responsible for the actions and debt incurred to the extent of their investment. The UK LLP is a partnership between two or more individuals, named members, that is shaped in a corporate entity. The lack of requirements to structure the UK LLP allows the partners to do business on itself without a requisite to have share capital. The offshore IBC, the K/S and the UK LLP can limit corporate income tax but the UBO must declare his worldwide income in his country of residence. This makes these companies a high risk for tax evasion and money laundering.
Companies that serve no legitimate business purpose and are formed to hold assets on behalf of a third party, can qualify as shell companies. There is a difference between a shell company and the regular holding company that has shareholdings in a subsidiary or group of companies to diversify activities and mitigates operational risk. Established economic activities are crucial to determine the status of a holding or shell company.
The country of residence of a company is leading to determine its tax liability. Therefore, shell companies are often registered in a tax haven where the corporate income tax is non-existent, or the IBC is exempt for corporate income tax and pays 0%. To avoid taxation over its income the shell company can park assets with a bank anywhere in the world.
Shell companies often have substantial deposits. The UBO of a shell company has no affinity with the chosen location of his bank account if it is outside of the country where he holds his tax residency. These ‘non-resident deposits’ contain various risks. Risk factors such as tax evasion, financing of illicit activities and the proceeds of crime have a criminal foundation. The lack of affinity non-resident deposits contain is of different magnitude for local economies. In the year 2013 for example, the GDP of Estonia was 18.9 Billion Euro. During that same year, about 30 Billion Euro flowed through the non-resident accounts with Danske Bank in Estonia, almost 1.6 times the size of the total Estonian economy. From a regulatory point of view, the main concern for non-resident deposits is that these deposits are a threat for domestic banks when withdrawn during financial crises. Governments and central banks are unable to act as a lender of last resort or bail out financial institutions when the government has insufficient funds to cover the losses, and taxpayer input is undesirable.
The Fifth Anti-Money Laundering Directive
Secondary law of the European Union has a focus on specific outcomes. These outcomes must be met by the member states. The Fifth Anti-Money Laundering directive that was adopted in May 2018 is implemented in National Law by the member states. The Fifth Anti-Money Laundering directive sets out to close illicit and criminal finance without hindering the normal functioning of payment systems, while simultaneously protection fundamental EU rights and economic freedoms.
The directive is a direct response to the terrorist attacks and the Panama and Paradise Paper disclosures and aims to combat financial crime, money laundering, and terrorist financing. Measures to counter illicit transactions and money laundering, include a further collaboration between the FIUs in Europe; enhancement of the beneficial ownership of international corporations and trusts; identification and prevention of the risks associated with virtual currencies; limiting the use of pre-paid cards; and the improvement of the safeguards for transactions to and from high-risk countries. The AML directive, in combination with information sharing arrangements under CRS/FATCA, seems to be an effective attack on offshore shell companies and non-resident deposits.
Several European countries, such as Latvia and Cyprus, already reformed their anti-money laundering (AML) legislation and instructed their financial industry to repel shell companies and plain ‘letterbox companies’. The fiscal principles of substance and presence become predominant to determine and classify the entity.
Banking for offshore (shell) companies and other non-resident deposits
Offshore banking is a niche market which is usually executed by a strategic business unit within a bank. The needs of offshore companies and other non-resident depositors are unique and lucrative. Offshore companies are often part of tax neutral company structures. Such companies can make loans themselves to beneficiaries and subsidiaries, migrating the default risk of borrowings from the bank to itself. For the beneficiary or subsidiary such a ‘back to back loan’ can create a tax advantage in the country of residence and often stays below the radar of the local authorities.
Loans from offshore companies can be used in a variety of ways. The bank can be an unknown and unwilling facilitator of the transactions or part of the transaction, making them an accomplice. Deposits in offshore companies can be tax-free when the country of residence does not tax such corporate holdings. When the UBO wants to spend these funds for personal benefit, personal income tax must be paid in the country of residence. Dividends can be exempted from taxation, but loans have no tax liability whatsoever. In contrast to mainstream finance, back to back loans and financing options offered by offshore companies do not require the standard checks for the background and creditworthiness of the borrower. The risk of tax evasion and laundering criminal proceeds is substantial. Cash deposits with undeclared or suspicious origin to an offshore company can be borrowed back or loaned to an individual bringing the illicit funds into a local economy without disclosing the actual origin.
Due to the secrecy that surrounds offshore banking, tailor-made services, such as foreign exchange (FX), trade finance, debit cards, and a hold mail service are offered to the clientele. The nature of the transactions in an offshore department of a bank justifies specialized staff dealing with sensitive, and for traditional banking peculiar, matters. Cross-border activities and the different nationalities of clients lead to multilingual business units, sometimes even with a foreign language as their preferred and main communication.
Debit and credit cards issued by offshore banks often have VISA or MasterCard functionalities. To reduce the default risk of credit card debt, debit cards can only withdraw the actual balance on the linked account, and for credit cards, the bank blocks between one or two times the amount of the credit limit on the card on the linked account. Default risk is precluded, but there is a vast risk of money laundering allowing individuals to use company funds for their personal benefit without payment of the appropriate personal income tax.
A hold mail service, where the banks’ address is used on the corporate correspondence of the customer, serves a legitimate purpose for frequent travellers who are away from home most of the time. A hold mail service can also be abused to manipulate the address of the company on outgoing international payments. Beneficiaries from sanctioned countries or payments that need further scrutiny due to its nature possibly avoid the algorithms of international payment standards to detect the transfer. This allows a constant flow of illicit funds into an economy.
Regulatory and financial warfare
Anti-money laundering regulation is often downplayed as a tool for authorities to increase patronizing and control over citizens. Although undeclared money and cash payments are a driver for a part of the traditional economy, the capital inflow of large illicit transfers raises purchase prices of for example prime real estate and high-ticket items such as cars, boats, stocks and lately even cryptocurrencies. Alongside the economic risk, there is a widespread concern of political interference by questionable foreign networks. Political influence can disrupt benchmarks for financial regulation and ultimately turn a country into a corrupt regime with social and financial inequality.
To get an understanding of the ingenuity and the techniques used by organized networks of financial market players, the business case of BTA bank deserves attention. The Kazakh bank filed for bankruptcy protection in the USA in 2010 to restructure its debt exceeding 11.5 Billion USD. Courts in Europe and the USA try to determine whether the former chairman of the bank is responsible for mismanagement and embezzlement that led to the disappearance of 4 to 5 Billion USD. The bank claims that unsecured and sham loans were made to offshore holding- and shell companies. Companies whose alleged UBO was the former chairman of BTA Bank never repaid their loans. Court records reveal a specific transaction that went from Kazakhstan to a shell company in the Netherlands, to an account at FBME Bank in Cyprus, to a personal account at Wells Fargo Bank in the USA. This last account belonged to the stepdaughter of the deposed mayor of the capital of Kazakhstan, Almaty. The money was later used to buy three units in the Trump Soho Hotel Condominium in New York. The seller of the apartments was a company named ‘Bayrock’. Bayrock is known for its connections in the old Soviet republics, Kazakhstan included. The apartments were sold, and the involved companies were dissolved within a relatively short time. The suspicious funds were further circulated into the American economy.
There is a thin line between the presumption of innocence, privacy protection and the investigation of financial footprints left by suspicious users of the financial system. Regulators need to summon or subpoena sensitive information from banks and local financial intelligence units (FIU) receive suspicious activities reports (SAR) from banks. The lack of an all-embracing definition of suspicious activities makes the SAR a constant point of discussion. Financial intelligence is an inevitable and critical link to unravel criminal activity but cannot disrupt confidence in the financial system, whereas financial institutions have difficulties closing the gap between profitability and the regulatory protection of the financial system. A report on the non-resident portfolio at Danske Bank’s Estonian branch disclosed that the Estonian branch filed SAR’s on 653 of its 15.000 customers. A press release from the head office of Danske Bank dated September 19, 2018, highlighted that the total flow of payments in the non-resident portfolio amounted approximately 200 Billion Euro, that 6.200 customers deemed high-risk and that the vast majority have been found to be suspicious. To conclude, Danske Bank expects a significant part of the payments in the non-resident portfolio suspicious. Staff members responsible for detecting suspicious activities and file a SAR to the FIU missed crucial insight and experience to follow up on their duties.
The nature of the current regulatory framework divides the obligation to investigate suspicious transactions between financial institutions and regulators. Penalties and fines are given by authorities. The ultimate punishment for a violation of international standards is the isolation of a rogue financial institution by means of limiting its access to the correspondent banking system or even a ban to transact in US Dollars.
Domestic regulators have different ways to monitor a financial institution. Central banks perform periodic audits and can instruct market players to implement changes in their policies. Banks and other non-bank financial institutions have a duty to report a SAR to the FIU. FIU’s decide if the SAR justifies further investigation. The FIU requests additional information from the bank regarding the transaction and concludes further action to be executed by the regulator.
Audits not always reveal all the obstacles in a financial institution, opening the doors for foreign FIU’s and whistle-blowers to share specific shortcomings they uncover. Recent issues with banks like ABLV, FBME and the Estonian branch of Danske Bank find their origin in a combination of whistle-blower reporting and severe media attention. It questions the effectiveness of the current system where financial institutions play a pivotal role to police themselves and market players can conceal the true nature of illegal transactions – with and without the awareness of the financial institutions involved.
Asia, Europe, and the USA aim to protect the financial system. Efforts to limit tax evasion, financial crime, and eventually prevent money laundering induce several divergent actions. In China, tax evasion is a serious crime. Schemes that limit or avoid taxation are scrutinized and the freedom of movement of the responsible taxpayer is restrained. Recent revelations of the disappearance of important people show the seriousness of the situation and discourage others to evade taxes. Although Europe lacks a uniform framework to isolate financial institutions and FIU’s have their own interpretation of European legislation, the European Banking Authority (EBA) can reprimand regulators of the EU member states when they fall short and prevent the uniform fulfilment of legislation.
As a response to the terrorist attacks in Paris and Brussels and the disclosures via the Panama and Paradise Papers, the European Union announced its fifth anti-money laundering directive. The directive addresses new focus areas such as digital currency, payment identification, limitation on anonymous payment facilities and clarity on beneficial ownership. Beneficial ownership and the cover-up of belongings is one of the pillars of offshore company formation in tax havens. The fifth anti-money laundering directive obstructs easy and private access to offshore tax planning for EU citizens.
To stimulate a capital inflow of offshore wealth and fight structural challenges in the country’s infrastructure, the Russian government implemented a ‘de-offshorizatsia’ law in 2012. The law, which is in line with global practice on the taxation of offshore wealth, requires Russian taxpayers to declare their interest in offshore companies that they control. Failure to report the holdings is a criminal offense. Hence the reason for many wealthy Russians to change their residency and even passport.
The United States is in a prominent position with a currency serving as the global reserve standard. This position yields a double morale; the dollar needs to maintain its value for domestic expenditure, while simultaneously the currency must be protected against international abuse. To safeguard the government revenues, the Department of the Treasury is among other things responsible for the supervision of national banks, the enforcement of federal and tax laws and the investigation and prosecution of tax evaders. The Office of Terrorism and Financial Intelligence heads the Office of Terrorist Financing and Financial Crimes, the Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC) and the Treasury Executive Office for Asset Forfeiture (TEOAF). The Office of the Comptroller of the Currency (OCC) and the Department of Homeland Security also have leading roles to ensure national security.
Financial and commercial isolation is the fundament of the sanction programs commissioned by OFAC and FinCEN. OFAC targets foreign states, individuals and organizations that are believed to be a threat to the US national security. Sanctions can include fines, asset freezing and a ban from doing business in the US, its citizens and permanent residents. Investigations are executed by the Office of Global Targeting (OGT). OFAC publishes a sanction list of Specially Designated Nationals (SDNs) and a list of Sectoral Sanctions Identifications (SSI) pointed towards Russian persons, companies, entities, and subsidiaries. FinCEN aims to protect the US financial system from illicit use, it combats money laundering and promotes national security. Title III of the US Patriot Act on anti-money laundering to prevent terrorism, and above all, Section 311 allows FinCEN to designate a foreign financial institution a ‘primary money laundering concern’.
FinCEN can invoke section 311 of the Patriot Act upon finding reasonable grounds to conclude that a foreign financial institution is a primary concern for money laundering. The reasonable grounds are enough to publish a Notice of Finding that takes immediate effect. To lift a 311, the underlying activities leading to the concern must be resolved first. The Final Rule follows the Notice of Finding when no substantial progress is being made for absolute reform. In contrast to the general belief, the designation of section 311 is not a freezing order; it forces the private sector to take measures to avoid that they get drawn into contagious sanctions from regulators. Banks become gatekeepers of the financial system by isolating rogue actors, and enablers cut off ties with sanctioned parties. This makes the publication of findings under section 311 a global challenge. Foreign financial institutions often react by the termination of the correspondent relationship with the designated entity, limit their exposure and potential liability and regulators mitigate their risk and can impose sanctions on those dealing with the named financial institution.
Where did it go wrong for Sampo Bank in Estonia?
Perestroika and glasnost reformed the Soviet Union and ultimately triggered the collapse of the Union of Soviet Socialistic Republics (USSR). Republics that were part of the USSR until 1991 became independent. Reliance on Russia and its comprehensive market enabled these states to jump-start their local economies. Eesti Forekspank was founded in 1992 with a focus on the Russian market, mainly offering cross-border payments and foreign exchange transactions. It is assumed that the substantial non-resident portfolio originates from this period and was further developed after critical events like the financial crisis, mergers and takeovers, and ultimately Estonia joining the European Union.
During the Russian economic crisis of 1998, the Estonian Central Bank acquired most of the shares of Eesti Forekspank and Eesti Investerimispank. The banks later merged and were rebranded into Optiva Pank. In 2002 Optiva Pank was sold to Sampo Bank and renamed Sampo Pank. In 2007, Danske Bank acquired Sampo Bank including all subsidiaries and branches in the Baltic region. It inherited the operation and cultivated the profitable business model.
The definition of money laundering changed over time. 9/11 and the attack on the Twin Towers in New York accelerated an aggressive strategy led by the United States to combat the financing of terrorist activities. Money laundering and terrorism financing became the key for authorities to open doors all around the world. Legislation changed, and regulators monitored financial institutions and their transactions. This led to fines, sanctions and even closures of banks. Not all countries implemented the same standards to combat financial crime and money laundering. Sometimes, regulators were personally devoted to specific company structures or transactions that they didn’t see the harm and let them go. A report commissioned by Danske Bank discussing the challenges in their Estonian branch revealed shortcomings with the hallmarks of ignorance and disinterest.
Danske Bank downplays its role in the Estonian failing, stating that the extent of the suspicious transactions is a legacy that originates from the takeover of Sampo Bank. To put things into the right perspective, smaller banks, such as the Lebanese Canadian Bank Sal, Banca Privada d’Andorra, ABLV Bank, and FBME Bank were closed, liquidated or sold after FinCEN accused them of being a primary institute of money laundering. BNP Paribas violated sanctions against Sudan, Cuba, and Iran, and was forced to settle for 8.9 Billion USD with the US Treasury. HSBC was fined 1.9 Billion USD for weak controls that allowed terrorist to abuse the financial system. In a similar event, Socit Gnrale agreed to pay 1.34 Billion USD for sanctions violations of transactions with Cuba and Iran. The Russian mirror trade scandal, estimated at 10 Billion US Dollar, resulted in fines for Credit Suisse and Deutsche Bank in the USA, UK, and Russia. In a press release, the UK Financial Conduct Authority names the Estonia branch of Danske Bank a participant in the mirror trade scheme. Various laundromats that include Moldova, Russia, and the Baltics have not yet found a definitive conclusion, although banks in Russia, Latvia and Moldova were shut down for their role in different sophisticated money laundering operations.
Danske Bank Estonia: More than ‘just’ a 200 Billion Euro Problem
The highly profitable and very active non-resident portfolio of the Estonia branch of Danske Bank contained approximately 10.000 customers. Another 5.000 customers of the branch are subject to further investigation to estimate the risk exposure from the bank’s perspective. Copenhagen based law firm Bruun & Hjejle was commissioned by the main office of Danske Bank to investigate the nature and extent of doubtful customers and their suspicious activities in the Estonian branch. The probe by Bruun & Hjejle is not impartial and not fully independent for the simple reason that Danske Bank assigned the case to the law firm as a client. Only regulators and law enforcement can impose fines and sanctions or bring a criminal case to court, downgrading the report – which is well studied and reflects true events – into a biased opinion of the bank.
9.5 million payments were made between 2007 and 2015 by the 15.000 customers that covered the investigation. 6.200 of these customers were classified as high risk and most of their transactions deemed suspicious. The total flow of payments is valued around 200 million Euro and the gross income for the bank estimated at 1.5 Billion DKK.
Several motives for the internal organization within the Estonian branch were discovered. Internal collusion between customers and employees, where employees received performance-based incentives, and cooperation with agents and customers resulted in some suspicious activities. At the same time, the acceptance of regulatory changes fell behind with the international standards, sometimes forced upon by traditionally hostile governments and shady actors.
Illicit activities grew rapidly while profitability prevailed. The head office of Danske Bank in Copenhagen was kept out of sight and turned a blind eye. They allegedly confused limited credit risk and high-profit margins with compliance, when all anti-money laundering (AML) procedures were not followed and all lines of defence failed. It did not help that the branch in Estonia used a different IT system as the head office, and the main languages used by the staff were Russian and Estonian; difficult to understand for the head office.
Audits, whistle-blower reporting, negative press and changes in the legal framework eventually resulted in the termination of the non-resident portfolio. Although the portfolio was closed, authorities are investigating wrongdoing by the branch and, as a matter of course, can fine the head office for violations of e.g. AML requirements. Another significant offspring is the growing interest of the European Parliament in the findings of journalists and whistleblowers to get a further understanding of failing bank regulation and moral hazard.
1.1 Trillion Euro in cross-border transactions in a 232 Billion Euro economy
The Central Bank of Estonia announced in October 2018, that the total cross-border transactions of the country between 2008 and 2017 totaled 1.1 Trillion Euro. Official data reveals that the sum of the trade balance of the country in that same period was 232 Billion Euro. A gap of 900 Billion Euro as an offspring of non-resident and cross border transactions demonstrates a systemic problem in the Estonian financial industry.
Versobank and Danske Bank facilitated respectively 1 Billion Euro and 200 Billion Euro in suspicious non-resident transactions. Leaving 667 Billion Euro still to be uncovered. Danske Bank was in size the fifth bank of Estonia, after Swedbank, SEB, Luminor, and LHV. Perhaps another question to ask in this context is who handled the transactions concerning 667 Billion Euro of non-resident deposits that did not go through Danske Bank.
Following the money
Often, when laundromats are involved, critics allege the political tension between the USA and Russia. To understand the magnitude of the wrongdoing of Danske Bank in Estonia and the Russian influence in illicit transfers, the capital inflow needs further scrutiny. Court records and the public domain reveal some of the transactions funneled through accounts at the Estonian branch showing no links to Russia:
- Azerbaijani Laundromat: A capital outflow from Azerbaijan of 2.9 Billion USD between 2012 and 2014 ended up at accounts of four British firms; LCM Alliance LLP, Metastar Invest LP, Polux Management LP, and Hilux Services LP. All four firms have accounts with Danske Bank in Estonia. The scheme was used to pay European political exposed persons (PEP), lobbyists and contractors and contained hallmarks of money laundering. The companies hired different ignorant frontmen and nominees, as well as offshore service providers which allowed them to hide the true beneficial ownership of the companies.
- Mirror trades: Stocks and bonds can be used to transfer, launder and convert suspicious money and currency from shady origin to assumed legitimate and clean assets. In a mirror trade transaction, related entities buy and sell the same quantity of stocks or bonds at different locations and offset the transaction. The transaction lacks an obvious economic purpose and the result is a capital outflow from a controlled or sanctioned environment to a freely accessible and often tax-free entity. Compliance at trading desks differs from traditional money wires, a mirror trade, therefore, avoids transactional scrutiny. The Estonian branch actively offered its clients and intermediaries bonds as a fast, cheap and reliable way to transfer money overseas. The bank itself indicates two issues: (i) ‘We do not have full knowledge of the end-clients of the intermediary’, and (ii) ‘There is a potential reputational risk in being seen to be assisting capital flights’. Therefore, the bank concluded in an internal memo based on the issues concerning bond trading as a replacement for traditional FX transactions, that ‘potentially this solution could be used for money-laundering’. The annual amount of mirror trades in the Estonian branch was estimated in an internal memo of the bank at 9.8 Billion USD.
- Kingsway Trade LLP: The FinCEN findings related to the closure of FBME Bank in Cyprus name Kingsway Trade LLP. The company was linked to the former head of the Dubai branch of the International Bank of Azerbaijan (IBA), who was arrested in Azerbaijan on charges of loan embezzlement of 318 million USD. IBA requested for chapter 15 bankruptcy protection in the USA. In September 2013 Kingsway Trade LLP made several transfers to a group account at Danske Bank in Estonia. The incoming transfers were part of the earlier mentioned FinCEN notification and should have been flagged by Danske Bank.
- Politically exposed, blacklisted, suspicious and sanctioned individuals: Know Your Customer (KYC) procedures have been a concern for Danske Bank since the acquisition of Sampo Bank. The internal auditors of the bank were not able to determine the actual source of funds or even beneficial owners of specific transactions and clients. During an onsite inspection, it was revealed that ‘the reason underlying beneficiaries are not identified is that it could cause problems’ when regulators or the FIU requests further information.
- North Korea: 35 tons of missiles, grenades and other weapons made in North Korea were transported by four Kazakhs with alleged destination Iran – both sanctioned countries. The buyer of the arms, worth 18 million Euro was a New Zealand Company named SP Trading Ltd., whose (nominee) director is a 29 year-old employee of fast food chain Burger King in Auckland. The shareholders of SP Trading Ltd. are anonymous IBC’s in the British Virgin Islands. A similar company structure applies to the seller, a company named Air West Limited. SP Trading Ltd. held a bank account with Sampo Bank (Danske Bank/Estonia Branch) whose correspondent relationship was with Deutsche Bank AG, and Air West Limited had an account with the Bank of Georgia which received the payment of the arms transaction via its correspondent account at JP Morgan. The security council of the United Nations (UN) deemed the transaction as an evasion of sanctions. The transaction draws even further attention to the future of Danske Bank; in 2018 Latvian ABLV Bank was hit with a 311 notification under the US Patriot Act and designated a Primary Institute of Money Laundering Concern by FinCEN for sanctions evasions in relation to North Korea, and went into liquidation.
- Moldovan Laundromat: 20.8 Billion USD was laundered via Moldova between 2011 and 2014. Criminal charges were brought forward against 16 Moldovan judges who approved fake debt certificates allowing the theft to take place. Shell companies with fake directors and shareholders used bogus paperwork that was sometimes even copy-pasted to justify transactions. The first layer of the transactions went through Moldindconbank in Moldova and Trasta Komercbanka in Latvia, a small bank that was shut down in 2016 for failure to comply with money laundering regulations. The second layer of the laundromat included the Estonia branch of Danske Bank as the single largest receiver of illicit Moldovan funds.
Based on the above findings, one can conclude that excessive risk-taking is not the sole domain anymore of the investment industry with exotic trade strategies. It is merely a combination of limited controls encouraged by the quest for optimum profitability, failing audits, and regulation that stays behind of innovation and developments in the financial sector. A member of Group Compliance & AML at Danske Bank stated that if just half of the findings from the three inspections of the Estonian FSA conducted in 2014 were correct, ‘then this is much more about shutting all non-domestic business down than it is about KYC procedures’. It took until early 2016 before the full non-domestic portfolio was terminated.
Since December 2014, Estonia offers global citizens a virtual residency in the European Union. Although this e-residence program attracts foreign enthusiasts and location-independent enterprises, while giving them access to the European Single Market, the inflow of this new group of bank customers has limited effect on the 667 Billion Euro that needs to be scrutinized to differentiate legitimate transactions from illicit transfers. Eesti Pank does not collect separate data for these transactions and therefore a thorough investigation of the financial industry is required. Given the extent of the figure, it is expected that further discoveries are just a matter of time.
Public records, including the portfolio investigation and internal reports from Danske Bank, reveal that much work is still to be done. The results of the portfolio investigation contained 6.200 customers, leaving another 8.800 outstanding. There has not yet been a full screening against international sanctions lists, such as EU/UN and OFAC. Also, trading activities are not yet analysed. The inquiry of the portfolio reveals illicit transfers and further shortcomings. However, fraudsters and other illicit actors try to conceal and hide their misconduct in creative ways. It is therefore uncertain if all suspicious activities can be designated.
The Danish, Estonian and several other European authorities, as well as US law enforcement, re-opened investigations into the Estonian branch of Danske Bank. Further probes by law enforcement in several countries come at an inconvenient moment for Denmark. The country, among others, has recently been a victim of dividend arbitrage, where dividend tax is paid once but reclaimed several times. In the past, dividend arbitrage also referred to as ‘CumEx’ had cost European taxpayers 55 Billion Euro.
The discovery of the scandal was kept as an internal problem by the bank. Only after a whistle-blower spoke with the media an intensive quest for the truth was started by investigative journalists and international regulators. The closure of the non-resident portfolio of the bank was a good start and showed some willingness of the bank to solve the matter. However, the case gained altitude when Hermitage Capital Management involved various governments in their search for justice after the investor was duped in a tax refund scheme.
Hermitage Capital Management
Hermitage Capital Management was a foreign investor in post-Soviet Russia. Its investment strategy of shareholder activism was vastly profitable. Like most investment funds, Hermitage Capital Management used (offshore) tax planning strategies offered by local service providers. Staff members at service providers responsible for corporate tax planning often work as lawyers, accountants or auditors. They can take positions as nominee director and shareholder and serve as local representation where required. Although aggressive tax planning structures are commonly used by oligarchs and their inner circles, the Russian tax authorities try to cease the foreign use of these, sometimes addressing them as tax evasion.
The success of Hermitage and its unconventional investment strategy gained the interest of Russian officials. After a raid, the ownership of several companies belonging to the Hermitage Group was transferred without the knowledge and approval of its beneficial owner. In an opaque transaction, a tax refund of 230 Million USD was granted to the companies that were obtained under suspicious circumstances. The funds were distributed via a dense web of offshore companies having bank accounts with several European banks, including Danske Bank in Estonia.
Sergey Magnitsky was a lawyer and auditor who managed the Hermitage companies that were duped by the doubtful tax refund. Magnitsky unravelled the transaction and was, instead of being seen as a whistleblower, arrested on suspicion of aiding tax evasion in historic events. His imprisonment led to his death and became the motive to isolate Russian officials suspected of human right abuses. Several countries have already implemented legislation to limit the freedom of movement of Russian officials and businessmen and their finances, often referred to as ‘Magnitsky Acts’.
Hermitage Capital follows the vanished money and files complaints in receiving countries. The French authorities investigate the flow of funds of 33 Million USD through France and have included Danske Bank in their investigation. Although Danske Bank was an assisted witness in the French criminal proceedings, recently the Tribunal de Grande Instance in Paris placed the bank again under formal investigation. The findings can result in further criminal charges.
The dysfunction of financial crime detection and money laundering prevention demonstrates that the Estonian laundromat is far beyond a local problem. Before an old employee, who worked at Sampo Bank and later the Estonian branch of Danske Bank, blew the whistle to a Danish newspaper after his reports to the main office in Copenhagen were largely ignored, there was just limited evidence of wrongdoing.
The needs of bank customers often include cross-border payment facilities. To enable and guarantee payments to international banks all around the world, financial institutions need direct and indirect relationships with each other. Correspondent banks fill this gap and act as agents by connecting payment institutions with each other. International payments are executed over nostro, vostro and loro accounts. These accounts at the correspondent bank are owned by the sending and receiving banks. Danske Bank used different correspondent banks to execute international payments.
SEPA payments allow the participants in the Eurozone to make efficient and simplified cashless cross-border Euro payments. Correspondent banks facilitate these payments and are required to execute transactions within the European Economic Area (EEA). The sending bank is obliged to examine the rationale of the transaction before it is forwarded to the correspondent bank for processing. The correspondent bank has a duty of care as well to either request supporting evidence of the economic motives of the transaction, reject it and return the funds, or approve and forward the payment to its destination. It is mandatory for both the sending bank and the correspondent bank to file a SAR to their domestic FIU for each and every suspicious transaction.
The correspondent bank plays a crucial role in money laundering because it is the final step to convert a suspicious payment into clean money. In 2013, JP Morgan Chase & Co. changed their policy as a correspondent bank and ceased working with several European banks they flagged as high risk. Bank of America quickly took over their position as a correspondent bank. Most of the international transactions of Danske Bank were executed by Deutsche Bank. In 2015 Deutsche Bank ceased Dollar clearance for the branch in Estonia due to the increase of suspicious transactions. Some of which were linked to narcotics and identity theft and were reported to the authorities. Two recent internal reviews by Deutsche Bank concluded that an estimated 80% of all suspicious transactions for the Estonia branch of Danske Bank went through the correspondent accounts at Deutsche Bank. The report from Bruun & Hjejle concluded in relation to international payments via the correspondent system ‘in processing payments for its customers, the Estonian branch may not have access to information on the ultimate source of funds nor the ultimate recipient of funds’.
Transactions in foreign currency contain a specific risk. All US Dollar payments, for example, are routed via New York, where clearance takes place to forward the payment to its destination, even when the final destination is in the same country as the remitter. Since international payment settlement takes place in the USA, failure to comply with AML regulation and sanctions evasion can result in substantial fines at state and federal level in the USA. Additionally, when the SWIFT message system is used to forward underlying transaction information of a payment to the receiving and correspondent bank, the US Treasury has limited access to this data. Therefore, the USA can penalize financial institutions across the globe for abuse of the US currency and financial system. This means that Danske Bank, its predecessor, as well as the correspondent banks and other enablers, can be individually fined for the transactions they had involvement in.
Alongside government fines and criminal proceedings that could lead to seizures, investors and customers of the bank – including duped parties in the various laundromats, can file civil claims against the bank and its management. Although clawback convictions are mostly limited to the loss the investor experienced and the actual profits made by the bank, regulatory fines are not limited by external claims. The first-class action suit against Danske Bank by a group of American Depository Receipts (ADRs) investors is in preparation to be filed. It is presumably not the only civil suit or class action that is in preparation against the bank.
Although Estonia migrates the scandal to the holding company in Denmark, the consequences for the mini-state can be devastating. The total flow of suspicious transfers through the branch is almost eight times the size of the economy. It does not need much crosswind for the economy to collapse. The risk exposure of the bank and the potential contamination is a serious concern, mainly because investigations are not fully concluded yet and further underlying activities will be exposed.
The risk of contagion: a domino effect
One of the vulnerabilities of the financial system is the tight collaboration between different financial institutions and their reliance on the shadow banking system. The result is that in times of economic prosperity and high profitability, everyone wins. When the financial markets decline or are in a downward spiral, the interconnectedness can result in a worldwide panic – as we saw with the collapse of investment bank Lehman Brothers and the 150 Billion USD rescue mission for insurer AIG to prevent an unsolvable financial crisis. Still, financial institutions all around the world declared for bankruptcy and were rescued with taxpayer input, while many customers lost their life savings.
The capital position of a bank contains tier 1, tier 2 and tier 3 capital. Tier 1 capital is the shareholder equity and includes unpaid profits. There is no obligation to repay tier 1 capital, which is permanently available in the bank. It is meant to absorb potential losses caused by non-performing loans. The fiduciary standard and the system of fractional reserve lending allow commercial banks to lend out money they don’t have. The foundation of fractional reserve lending is the assumption that a bank run, where customers massively withdraw their deposits at the same time, does not occur.
The supplementary capital of a bank is called tier 2. Tier 2 capital contains revaluated reserves, general provisions, hybrid (debt and equity) capital instruments, and subordinated debt. Due to the volatile value of the banks’ risk-weighted assets, the exact tier 2 capital requirement fluctuates. Tier 2 capital is external capital where the value depends on the overall performance of the issuing institution. Tier 3 capital includes short-term unsecured loans. A banks’ tier 2 and tier 3 capital depend on external factors such as market conditions and is therefore highly contagious.
Banks, investments funds and actors in the shadow banking sector, invest in each other’s products. This creates a sensitive level playing field with potentially devastating consequences. In a creditor hierarchy, subordinated debt has a lower position than senior secured liabilities. Investors in bank products don’t participate in tier 1 capital but are merely connected with the brand, where share price fluctuations have an impact on the collateral and guarantees. Commercial paper (short-term) and corporate bonds (longer term) issued by a financial institution are unsecured promissory notes; investors receive repayment of their investment including a coupon or interest intermediate or at maturity. Broker-dealers can buy and sell bonds on the primary market and debt securities on the secondary market. The value of bonds and securities traded before maturity depends on a combination of the daytime value of the issuer and supply and demand.
Structured or exotic investment products often provide investors with a capital guarantee. Such guarantees are hedged via option strategies or by a long-term zero coupon bond. When the underlying guarantor of the bond or security defaults, the bond is worthless. Also, when the investment strategy is based on interim payments, the return on investment can be lower as anticipated.
The above is important to understand the correlation between failing banks and day to day personal financial affairs such as pension plans, investment programs, and even bank- and savings accounts. The risk exposure of the Danske laundromat is not the sole domain of the holding company, it reaches further and has the potential to disrupt the European financial sector and ultimately affect the most vulnerable groups in society.
Thus far, the discussion is limited to the Danske Bank Group and its potential fiscal challenges. This vacuum is peculiar for several reasons. To calculate the risk associated for Denmark and Estonia, one needs to include the effects a further downgrade of the value of the bank and the consequent contagious effects has sector-wide. For this article, risk exposure is limited to shareholdings and investments to disclose realistic scenarios, even when the group survives the current challenges. The base point for exposure is regulatory fines triggering a downward spiral and a decline of the share price of the bank.
On the positive side, Danske Bank is profitable and very well capitalized. In 2017, the net profit of the Group was DKK 20.9 Billion (est. 2.8 Billion Euro) up from DKK 19,9 Billion in 2016, and the return on shareholder equity was 13.6%. The CET1 capital ration was 17,6%. Together with the issuance of speculative senior non-preferred bonds to raise its capital buffers and absorb losses, the bank could overcome the regulatory punishments and consecutive civil claims and avoid investor panic.
Disclosed shareholders of the bank include AP Moller (the investment fund for Maersk), BlackRock UK, Norges Bank, Vanguard Group USA, Didner & Gerge, ATP Fondsmaeglerselkab, Davis Selected Advisers NY, and SEB Investment Management. These shareholders are pension funds, equity funds, investment holding companies, and banks. The single largest shareholder of Danske Bank is AP Moller. One of the disclosed shareholders of AP Moller is the investment division of Danske Bank. A very odd situation can occur when the share price of Danske Bank declines and the share price of AP Moller-Maersk and its investment fund, respond as well. This would mean that the Bank is hit twice by the lower share price; directly via its own value, and indirectly by the stake it holds in AP Moller-Maersk.
Although Sampo Group already sold its Baltic banking division to Danske Bank in 2007, and there is a statutory limitation to prosecute the previous owner, the financial markets including activist investors could respond. Especially now that Nordea Bank is under investigation for money laundering as well. The disclosed shareholders of Sampo are Bjorn Wahlroos, Solidium Oy, Capital Research & Management Co., Keskinainen tyoelakevakuutusyhtio Varma, The Vanguard Group, Inc., DWS Investment GmbH, BlackRock, Nordea, Lazard Asset Management LLC.
Danske Invest still holds 700.000 shares of Sampo via its Finnish Institutional Equity Fund, 210.845 shares via its Finnish Equity Fund, and 202.525 shares via its Finland Opportunities program. The total indirect exposure for Danske Bank in Sampo via its investment funds is estimated at 44 million Euro.
US-based investment funds, private equity firms, and other institutional investors are known for their aggressive litigation strategies in their home country to enhance their position in civil claims against financial institutions. These civil claims find their origin in regulatory probes leading to fines and convictions or indictments of the involved bankers. Settlements have causality with regulatory fines and therefore contain risk for the liquidity position of the bank.
How exposed are the correspondent banks?
Most cross-border transactions are legitimate. All such payments are monitored via human detection mechanics and algorithms looking for discrepancies between a transaction and individual customer profiles. When a transaction is flagged as suspicious, the financial institutions involved are required to request supporting evidence of the transaction, alongside with an update of the customer profile that is held under KYC standards. The result of the transaction verification process leads to the approval or rejection of the payment, followed by a notification to the FIU.
Illicit transactions become money laundering when the funds enter a local economy without being declared to a tax authority. Obviously, shady actors try to conceal the purpose of their transactions making it difficult for the banks involved to detect fraud. Red flags for money laundering contain fabricated and fake invoices, erroneous payment details, general, vague, incorrect and incomplete payment descriptions, sham loans, and transactions without a legitimate purpose. Further dissembling of the true nature of funds is done via a process called ‘smurfing’, where one transaction is separated into various smaller payments. These payments can show up in the form of trade-based money laundering. With trade-based money laundering illegally obtained assets are used to buy legitimate products and sell these in regular trades and traditional markets. Often the supplier of these legitimate products is not aware of the origin of the payment he receives, limiting the clawback potential for duped parties.
Not all transactions deemed suspicious have an illegal nature. Suspicious transactions need investigation by all gatekeepers. This means that the sending bank, the correspondent bank and the receiving bank have a role to protect the financial system from illicit transactions. There is no relinquishing responsibility to a next fact checker in line, all senders and receivers of the funds need to exclude illicit transactions. Verification of suspicious transactions leads to false positives when there are no grounds to block the transaction. Since most suspicious transactions are legitimate, such a verification process is time-consuming, expensive and above all difficult to justify in a commercial setting; a flagged transaction that is cleared of suspicion gets approved after scrutiny. The Estonia branch of Danske Bank cooperated with several suspicious customers to execute high-risk transactions. Such a process that involves criminal money flows is called ‘guilt washing’, and is a form of money laundering with joint-liability for all enablers, in this case, the correspondent banks and the ultimate beneficiary of the payment and the recipients financial institution.
Although the total cross border transactions in Estonia between 2008 and 2017 was estimated at 1.1 Trillion Euro, and the suspicious transactions for the Estonia Branch of Danske Bank totalled 200 Billion Euro, only law enforcement can declare these transactions criminal. The provable involvement of criminal networks using Danske Bank as a crucial step in their laundromat though foresees a pessimistic future scenario when law enforcement comes in.
All enablers in the international money transfer supply chain are individually responsible for their own transactions. This means that different national regulators can fine each enabler for the same transaction or set of transactions under their jurisdiction. When transactions are executed in US Dollars, the Treasury Department can also penalize the enablers. The correspondent banks for the Estonia branch of Danske Bank were mainly Deutsche Bank, JP Morgan and Bank of America. Currently, US criminal investigators have only interviewed the three correspondent banks in relation to specific customers of the Estonia branch of Danske Bank. However, it is inevitable that the correspondent banks become part of a larger probe by law enforcement into their role as an enabler of illicit transactions once the extent of the criminal activities is proven.
Deutsche Bank is the primary correspondent bank for US Dollar transactions in Europe. It is, therefore, no wonder that an estimated 1 million transactions worth 160 Billion Euro of the total suspicious transfers coming from Sampo Bank and Danske Bank Estonia, were routed and cleared through the Nostro accounts of Deutsche Bank. Deutsche Bank itself already launched two internal investigations into its role in the scandal, but regulators have not yet stepped in to indicate misconduct. In 2015, when Danske Bank already started closing the non-resident portfolio of the Estonian branch, Deutsche Bank stopped clearing US Dollar payments for the branch but continued to settle Euro payments via SEPA.
In 2012, JP Morgan was forced by regulators to improve its anti-money laundering policy and controls. The following de-risking process resulted, among other things, in the termination of correspondent services for European financial institutions that were later designated as a primary money laundering concern by FinCEN. The high percentage of non-resident clients was for JP Morgan a reason to also stop facilitating transactions for the Estonia branch of Danske Bank. Promptly Bank of America, who already provided US Dollar clearing for the Estonia branch, took over the market share of JP Morgan. Also, Bank of America stopped working with the Estonia branch in 2015 after it initially requested not to send transactions for offshore shell companies through its channels. Although no calculations have yet been confirmed, it is reasonable to expect that the vast sum of the remaining part of suspicious transactions, 40 Billion Euro, was routed through JP Morgan and Bank of America.
Discussions relating to the correspondent banking system tend to ignore the role of the financial institution ultimately receiving illicit transfers. This party is as much responsible for scrutiny of incoming payments as the other parties in the supply chain of the transaction. The portfolio investigation executed by the Danish law firm Bruun & Hjejle on behalf of Danske Bank, speaks about a total of 7.5 million transactions in the non-resident portfolio in the years 2007 to 2015. Including all ultimate recipients in an investigation to determine further contamination and imposing penalties, takes time. Overlap with other regulatory probes in financial crime is likely and can result in accumulated fines.