Swedish and Estonian Regulatory Actions Against Swedbank for Anti-Money Laundering Compliance Failures

by Jonathan J. Rusch

Since 2018, the Danske Bank money laundering scandal has triggered substantial repercussions across the European banking system. One of the Scandinavian banks that strongly felt those repercussions is leading Swedish bank Swedbank. In 2019, initial reports of suspected money-laundering transactions occurring between Danske Bank and Swedbank [1] led to:

    • The firing of multiple Swedbank senior executives;[2]
    • An internal report that disclosed Swedbank’s Estonian operations had handled €135 billion in “high-risk, non-resident” money flows; and
    • Parallel investigations of Swedbank and its Estonian subsidiary Swedbank AS by the Swedish and Estonian financial supervisory authorities (Finansinspektionen (FI) and Finantsinspektsioon, respectively), as well as separate inquiries by U.S., Swedish, and Estonian authorities.[3]

On March 19, both the FI and the FFinantsinspektsioon announced the results of their parallel investigations.[4] The FI imposed a $384 million (SEK4 billion) administrative fine on, and issued a warning to, Swedbank, for what it termed “serious deficiencies” in Swedbank’s management of money laundering risk in its Baltic operations. The Finantsinspektsioon issued a “precept” (directive) to Swedbank’s Estonian subsidiary, Swedbank AS, to take measures to improve its anti-money laundering (AML) risk control systems because they were not in line with AML requirements.

Because they were conducted in close coordination, and provide complementary regulatory perspectives on what happened at Swedbank, both the FI and Finantsinspektsioon decisions warrant closer review.

The FI Investigation and Decision 

FI issued a 93-page decision that reported on three aspects of its investigation: (1) Swedbank’s compliance with the rules for governance and control with regard to AML measures in the bank’s subsidiaries in Estonia, Latvia, and Lithuania during the period 2015–Q1 2019; (2) matters related to the bank’s provision of information to FI; and (3) how Swedbank has complied with the AML regulatory framework in its business area of Swedish banking.[5] FI specified that it did not investigate the compliance of the Baltic subsidiaries with their local AML regulations, or if and to what extent money laundering occurred in the Baltic subsidiary banks.[6]

In brief, FI stated six principal findings:

1. Swedbank “has not had sufficient governance and control of the Baltic subsidiary banks in several aspects of its anti-money laundering work.”

2. Swedbank “has not identified and managed the elevated compliance and reputational risks” that some of its non-resident customers and resident customers with non-resident beneficial owners imposed on the group.

3. “[T]here were insufficient resources and a lack of competence in the subsidiary banks’ work to combat money laundering and roles and responsibilities have been unclear. Swedbank repeatedly received reports about these deficiencies but did not take sufficient action.”

4. The members of Swedbank’s Board of Directors “have not been sufficiently knowledgeable about the Baltic operations and associated risks. Swedbank has thus not met the requirements to identify, measure, govern, internally report and have control over the risks associated with its business.”

5. On three occasions — in the current investigation that began in April 2019, and in two previous cases in November 2016 and October 2018 — Swedbank “did not fully provide the information that [FI] requested. In one case in March 2019, Swedbank also provided [FI] with false information.”

6. With regard to compliance by Swedbank’s Swedish operations with the anti-money laundering regulatory framework, “there were deficiencies in the bank’s risk assessment of customers,” Swedbank “has not validated a model for customer risk classification,” and “there were deficiencies in Swedbank’s monitoring of ongoing business relationships.”[7]

On the basis of its review, FI found Swedbank’s deficiencies to be of such a nature that they provided grounds on which to intervene against Swedbank. It considered Swedbank’s violations in the governance and control of the Baltic subsidiary banks’ operations and the provision of information to FI to be so serious that it gave FI cause for FI “to consider withdrawing the bank’s authorisation.”[8]

At the same time, FI credited Swedbank with implementing and continuing to implement “extensive changes to rectify the deficiencies.” It stated that it

currently has no cause to assume anything other than that the violations observed in the investigations will not be repeated and that Swedbank will be able to successfully rectify the deficiencies. Given this background, Finansinspektionen deems it sufficient to issue Swedbank a warning.[9]

The Finantsinspektsioon Investigation and Decision

Finantsinspektsioon issued a 53-page decision that set out in considerable detail numerous failings in Swedbank AS’s money laundering and terrorist financing (ML/TF) program that violated the Estonian Money Laundering and Terrorist Financing Prevention Act (MLTFPA) and regulatory requirements.[10] Those failings included the following:

    • Swedbank AS “lacked appropriate systems and structural units.” More specifically, there were “systematic shortcomings” in Swedbank’s solutions for implementation of the MLTFPA’s obligations and objectives of the MLTFPA, which “were not appropriate to mitigate the risks that Swedbank took with its business strategy in a significant extent.”
    • During the on-site inspection, Finantsinspektsioon found that Swedbank AS’s High Risk Customer Acceptance Committee “did not care in the past about the contents of the data pertaining to a client, i.e., who the client was and what had been its operations, and if the client was even acceptable to Swedbank.” It noted that subsequently, in Swedbank AS’s reviewing of these client relationships, “many of the business relationships concluded in the past are suspicious to Swedbank, which is why the business relationship has been terminated and, in some cases, the Financial Intelligence Unit has been notified.”[11]
    • Swedbank AS “had not identified, assessed or analysed all the money laundering and terrorist financing risks related to its economic activities.”[12] Among other failures, Swedbank AS’s management and employees “had no overview of the risks” threatening Swedbank AS.[13]
    • Swedbank AS’s organizational solution “had significant shortcomings,” such as lack of a compliant ML/TF internal control solution, failure to take into account the standard “three lines of defense” approach to compliance, and lack of even a central ML/TF unit or sufficient human resources.[14]
    • Swedbank AS failed to meet its obligation to report ML/TF risks and incidents to competent national authorities, such as compilation of adequate operational risk reports and notifying the Estonian Financial Intelligence Unit of possible ML/TF or related offenses.[15]

In view of Swedbank AS’s comprehensive AML compliance failures, Finantsinspektioon’s precept directed Swedbank AS to address those failures within eight months, and notified the bank that it would impose a penalty payment for failure to comply with, or to execute improperly, the precept.[16]

Evaluation

These regulatory actions by the FI and Finantsinspektsioon are by no means the final chapter in Swedbank’s saga. The Finantsinspektsioon decision makes clear that Finantsinspektsioon, which has authority to conduct extrajudicial proceedings of misdemeanors as established in the MLTFPA, had opened a misdemeanor procedure on Swedbank SA in October 2019, but terminated it in November 2019 “in favour of criminal proceedings to ensure continuation of the criminal proceedings initiated by the Office of the [Estonian] Prosecutor General and to avoid the potential risk of double jeopardy.”[17]

In addition, Latvian prosecutors recently charged 11 people, including several former Swedbank employees, with money laundering. The charges reportedly involve Swedbank employees’ allowing customers to exchange large amounts of cash without recording their names or the origin of the funds.[18] Swedbank apparently also remains under investigation by the Swedish Economic Crime Authority and multiple U.S. authorities.[19]

For its part, the FI can be expected to maintain vigorous oversight of other Swedish banks’ AML compliance programs, where appropriate with other countries’ financial supervisory agencies, despite the constraints that the coronavirus pandemic has imposed on agencies’ operations. In December 2019, the FI announced that its investigation of governance and control of AML measures at Skandinaviska Enskilda Banken AB (SEB), which the FI is conducting in cooperation with the supervisory authorities in Estonia, Latvia and Lithuania, had led it to open a potential sanction case against SEB.[20] On March 25, however, the FI announced that it was delaying its decision with regard to a sanction assessment against SEB until June 2020. The FI stated that it was doing so “due to the effects of the spread of the coronavirus and subsequent reprioritisations within FI.”[21] 

Subsequently, on April the FI announced that it would extend its freeze on new supervision investigations only until May 3. Its announcement stated that with the lifting of the freeze, “FI will gradually resume the supervision with which the authority has been tasked.”[22] How long that gradual resumption will take, of course, is beyond prediction.

Footnotes

[1] See Jonathan J. Rusch, SVT Reports $5.8 Billion in Suspected Money Laundering Between Swedbank and Danske Bank, Dipping Through Geometries, February 21, 2019, https://dippingthroughgeometries.blog/2019/02/21/svt-reports-5-8-billion-in-suspected-money-laundering-between-swedbank-and-danske-bank/.

[2] See Ott Ummelas, Reuters, Swedbank executives fired amid €200bn money laundering investigation, The Independent, October 1, 2019, https://www.independent.co.uk/news/business/news/swedbank-money-laundering-investigation-executives-fired-danske-bank-a9127941.html.

[3] See Richard Milne, Swedbank admits to money-laundering failings, Financial Times, September 17, 2019, https://www.ft.com/content/c10076e2-d920-11e9-8f9b-77216ebe1f17.

[4] See FI, Press Release, Swedbank receives a warning and an administrative fine of SEK 4 billion, March 19, 2020, https://www.fi.se/en/published/sanctions/financial-firms/2020/swedbank-receives-a-warning-and-an-administrative-fine-of-sek-four-billion/; Finantsinspektsioon, Press Release: Swedbank fined for serious deficiencies in its measures to combat money laundering, March 19, 2020, https://fi.ee/en/news/swedbank-fined-serious-deficiencies-its-measures-combat-money-laundering.

[5] Finansinspektionen, Decision: Swedbank AB, FI Ref. 18-21044 and FI Ref. 19-7504 at 1 (March 19, 2020) (FI Decision), https://www.fi.se/contentassets/fd722f1e092b42c98910914969812a26/swedbank-beslut-2020-03-19-eng.pdf (PDF: 4.85 MB).

[6] Id. 1-2.

[7] Id. 2-3.

[8] FI Decision, supra note 6, at 3 (March 19, 2020), https://www.fi.se/contentassets/fd722f1e092b42c98910914969812a26/swedbank-beslut-2020-03-19-eng.pdf (PDF: 4.85 MB).

[9] Id.

[10] Finantsinspektsioon, Decision of the Management Board: Precept to Swedbank AS on a request to bring their practice into line with the legislation regulating the activity of credit institutions (March 18, 2020) (hereinafter Precept), https://fi.ee/sites/default/files/2020-03/English%20translation%20of%20the%20precept%20to%20Swedbank%20AS_FINAL.pdf (PDF: 871.38 KB).

[11] Finantsinspektioon, supra note 4, at 7.

[12] Id. at 8.

[13] Id. at 9.

[14] Id. at 11-13.

[15] Id. at 18-19.

[16] Id. at 31-34.

[17] Id. at 2.

[18] See Aaron Eglitis, Former Swedbank Employees Charged With Laundering ‘Large’ Sums, Bloomberg News, May 14, 2020, https://www.bnnbloomberg.ca/former-swedbank-employees-charged-with-laundering-large-sums-1.1436229.

[19] See SWEDBANK, 2019 ANNUAL AND SUSTAINABILITY REPORT 17-18 (2020) (SWEDBANK 2019 REPORT), https://internetbank.swedbank.se/ConditionsEarchive/download?bankid=1111&id=WEBDOC-PRODE53581973; Johan Ahlander and Esha Vaish, Swedbank admits money laundering flaws, faces multiple U.S. probes, Reuters, April 25, 2019, https://www.reuters.com/article/us-swedbank-results/swedbank-admits-money-laundering-flaws-faces-multiple-u-s-probes-idUSKCN1S10DK. Swedbank also reported that the European Central Bank “conducted a review of Swedbank’s Baltic subsidiaries corporate governance and presented an action plan that will be implemented in cooperation with the Baltic subsidiaries.” SWEDBANK 2019 REPORT at 146.

[20] Finansinspektion, Release, December 18, 2019, https://www.fi.se/en/published/news/2019/fi-opens-sanction-case-in-seb-investigation/

[21] Finansinspektion, Release, March 25, 2020, https://www.fi.se/en/published/news/2020/fi-delays-decision-on-seb-until-june/.

[22] Finansinspektion, Release, April 28, 2020, https://www.fi.se/en/published/news/2020/fi-resumes-work-on-supervision-investigations/.

Jonathan J. Rusch is Principal of DTG Risk & Compliance, a consulting firm specializing in corporate-compliance issues, and a Senior Fellow of the Program on Corporate Compliance and Enforcement at New York University School of Law.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.