The Financial Supervision Authority (FI) relayed suspicions about Danske Bank transactions in Estonia to the Danish head office in 2012, it says. Following an FI inspection in 2014, Danske was obliged to curtail non-resident accounts with the Estonian branch, though neither this nor word from the Danish authorities happened quickly.
An estimated €130 billion* flowed through Danske accounts in Estonia, much of it originating in the Russian Federation and connected with the Magnitsky case.** During the peak year, 2013, around US$30 billion is thought to have passed through Danske, which began withdrawing from Estonia in April 2018.
When and how did the rot set in?
It is salutary to turn the clock back to 2007, when Danske bought out Finnish bank Sampo in Estonia, Latvia and Lithuania, as well as Finland, FI chief Kilvar Kessler told ERR's Hukko Aaspõllu.
''If memory serves, we went to Sampo before the takeover in 2007 with concerns about its risk controls, which weren't in accordance with the law,'' said Mr. Kessler, who was not head of the FI at the time.
The FI issued a precept to Sampo, which should have resolved matters; an FI inspection of what was by now Danske in 2009 suggested the precept was being heeded, Mr. Kessler said. Danske, as one of the largest Scandinavian banks, also had the know-how and resources to improve things further, it was assumed.
The EU framework covering member states' financial regulators was also followed, Mr. Kessler said.
From 2012, the FI started looking more closely at non-residents' business via Danske; in 2014 it visited the Danske branch on the ground, Mr. Kessler said.
Whether Danske was now following money laundering provisions properly was still not clear; Mr. Kessler stated that initial inspections were narrower in focus, later extending to non-residents' risk controls and regulations compliance.
Proper role of a financial supervisory body
EU member states' financial supervisory authorities are responsible for the home market and cover questions such as banks' capital sufficiency, risk control operations and compliance etc. Danske is thus under the aegis of the Danish supervisory authority (the Danish FSA), Mr. Kessler said.
The FI's role in Estonia conversely is more limited when it comes to foreign-owned banks, focussed on overseeing liquidity and other areas not directly connected with risk managment.
''Of course, first and foremost it is the banks' and their management's responsibility to keep their own houses in order; they are not children who need constant direction,'' Mr. Kessler continued.
A clear picture of Danske Estonia, showing development of non-residents' deposits, ie. Were they increasing or diminishing, and at what rate etc., was still wanting, Mr. Kessler said, though there seemed to be stability, even without knowing the Danish FSA's detailed view.
''These things look easier with the benefit of hindsight,'' said Mr. Kessler, on being asked why the FI didn't look at Danske before 2014.
''We take 2014 as a reference point, when our investigation revealed a relatively large share of non-resident accounts,'' said Mr. Kessler.
''We were also getting information from other sources, which I can't reveal because of security issues, which suggested all was not well at the bank,'' he continued.
EU regulations complicated
EU rules in 2014-2015 were also a factor, as they developed along a complex trajectory, said Mr. Kessler, causing confusion on cross-border issues and who was to report what to whom.
Domestic Estonian law, however, dictates that suspicions of money laundering, terrorist financing and similar illegal activities should be reported to Estonian financial intelligence units, who can freeze accounts. The FI has a role in ensuring money laundering regulations compliance, but detecting individual crimes or looking at individual transactions at a particular bank lies outside its remit, Mr. Kessler went on, though it does look at the bigger risk picture, eg. at IT systems which may be screening illicit transactions.
In short, whilst 2014-2015 was particularly hazy on responsibility, clearly risks had accumulated with Danske Estonia, something the Danish head office was aware of, Mr. Kessler said.
''The international situation had changed too, including the stand-off between Russia and the US, affecting international banking,'' he said.
Danske's growth into a significant player in the region also implied they could manage their own affairs – which seemed to be the case, but with international change and banks' due diligence requirements increasing, 2014, but not earlier, became a watershed year, said Mr. Kessler. 2014 was also the year Mr. Kessler was appointed head of the FI.
''I do not know whether a change of leadership was a factor,'' he said; ''I do not want to emphasise it in any way, but rather point out that we are all part of a management community – suspicions about what might have been happening at Danske go back to at least 2013 in any case,'' he said.
Effectiveness of FI inspections
Effectiveness of the FI's methodology, including its on-the-spot inspections, might also be called into question.
''There is definitely a paucity of information. The FI is not omnipotent and cannot see each individual transaction on every account,'' said Mr. Kessler.
Why didn't Denmark act sooner on information received?
Mr. Kessler stated that he was in constant contact with Danish counterparts, in accordance with EU principles noted above. Separate clauses in EU regulations, furthermore, require clear and express consent from the Danish authorities before talking about sensitive issues, he said.
''It is fairer and better to ask the Danish authorities to comment themselves on the matter,'' said Mr. Kessler.
''I can't see everything my colleagues there have done since 2012 in relation to Danske,'' he continued, refusing to speculate on whether the Danish FSA prioritised the issues sufficiently.
Why the slow developments after 2014 findings?
2014 is four years ago; why are we only having these conversations now?
''We visited Danske in 2014 as stated and found that there were issues. We were proceeding as standard routine. The first time we visit a business, we aren't going to close a business there and then, there has to be a very good reason to do that,'' he said.
''We felt that feedback from the bank was very satisfactory at the time, especially from Copenhagen,'' he said.
''We got the impression that that was sufficient at the time; the bank understood its risks,'' he said.
Danske Estonia required to cut non-resident accounts
However, in the FI's view the reduction in non-residential accounts by 2015 was not happening as fast as required, and in July it issued a precept to Danske that it was under obligation to press on with this, which Danske disputed, eve though in the long-term it could have been ordered to cease all operations.
The Danish FSA published the results from their own inspection in April 2016, Mr. Kessler said.
''We also published our findings from 2014 and 2015, even though we weren't legally obliged to do so,'' Mr. Kessler added.
''The ongoing Danish regulatory work was also based on our 2014 findings,'' he said.
Nevertheless, progress has been made down to the present.
''Whereas the proportion of non-resident accounts at Danske was 20% in 2014, today it's less than 10%,'' he pointed out, ''particularly with offshore accounts, often the most 'toxic; these fell from 10% to about 0.8% today,'' he continued, though this process was laborious.
Whose fault is it then?
Mr. Kessler believes responsibility lies with those who violated mechanisms in place which should ensure everything works for all concerned.
''The bank is responsible and so, depending on circumstances, to a certain extent are its employees,'' Mr. Kessler said.
''What happened can serve as a warning to both society and bankers themselves, namely, that if you still take unnecessary risks which could lead to implications in criminal activity, it will have consequences,'' he said.
''Crime doesn't pay, in other words, and the social response needs to be powerful enough to make people in the financial sector think twice before exposing themselves to these kind of risks,'' he went on.
Did Danske management in Estonia commit wrongdoing?
Danske Estonia management culpability is more a philosophical question of jurisprudence, Mr. Kessler said.
''What I can say is in a bank where the risk taking principles and functions are balanced and meet the legal requirements, that bank is fully responsible and has checked all the boxes,'' he said.
Head of the Danske Estonian branch in 2014 was Aivar Rehe, who left the post in September 2015.
How much blame can be apportioned to the Danish FSA for not acting quicker is also debatable, as are the parent bank's risk controls.
It is also possible other actors in other territories knew something about what was happening but did not speak up.
The story is so multi-faceted that more is likely to come to light, Mr. Kessler said.
What happens next?
Danske's own internal report is due on 19 September and should reveal a lot more, including the likelihood of criminal proceedings.
''I have already told the head of the criminal section of the Police and Border Guard Board (PPA) that we at the FI work fully in conjunction with any criminal proceedings,'' Mr. Kessel said.
''We do not have any presumption of innocence, no subterfuge, we simply ask 'Have you done this in your organization?', and if the answer is 'no', then there is no problem,'' he went on.
We also ask ''Have you done x,y, and z? If any of these are not done, there is a problem. Too may such problems and it's 'thanks and goodnight' to that organisation,'' he stated.
''However, our level of factual collection and analysis level is not necessarily as refined as those of those involved in criminal proceedings,'' he pointed out.
As to whether such activities still occur with non-resident accounts in banks in Estonia right now, Mr. Kessler simply said ''I hope not.''
* Or around US$150 billion (Latest estimate). To put things into perspective the GDP for Estonia in 2017 was US$41.56 billion, Denmark's was US$286.8 billion (Source: CIA World Factbook).
**Russian lawyer Sergei Magnitsky, who had blown the whistle on illicit financial activity, died in custody in Russia in November 2009 after 11 months' incarceration. Mr. Magnitsky's former boss, American Bill Browder, filed a criminal complaint against Danske in summer 2018, saying that money laundered through the Estonian branch was "absolutely" blood money.
Editor: Andrew Whyte