CASE STUDY: Danske Bank Estonia
Overview of the Bank
Danske Bank A/S is Denmark’s largest financial institution and one of the largest banks in the Nordic region, offering retail, corporate, and institutional banking services across Europe and internationally. During the period under review, Danske Bank operated a branch in Estonia that serviced a substantial non-resident customer portfolio.
What Happened
In December 2022, Danske Bank pleaded guilty in the United States to conspiracy to commit bank fraud and agreed to forfeit approximately USD 2 billion as part of a coordinated resolution with U.S. and Danish authorities.
The resolution followed investigations into severe anti-money laundering failures at the bank’s Estonian branch. Between 2007 and 2015, the Estonian branch processed approximately €200 billion in transactions through its non-resident portfolio. A significant portion of these transactions was later assessed as suspicious and linked to offshore shell companies, opaque ownership structures, and individuals connected to high-risk jurisdictions and politically exposed networks.
Timeline of Key Events
- 2007–2015: Estonian branch services non-resident corporate customers using offshore structures.
- 2013–2014: Internal and external warnings regarding AML weaknesses emerge.
- 2015: Danske Bank begins winding down the non-resident portfolio.
- 2018: Public disclosure of the scale of suspicious transactions.
- December 2022: Guilty plea and USD 2 billion forfeiture.
- 2025: Continued regulatory actions and asset recovery.
Why It Happened: Traditional Due Diligence Approach
The Estonian branch applied a document-centric due diligence framework that focused on:
- Corporate registration documents
- Identification of directors and declared beneficial owners
- AML questionnaires
- Risk scoring based on customer-provided information
This approach satisfied formal onboarding requirements but failed to establish a substantive understanding of ownership, control, source of funds, and political exposure.
Structural Weaknesses
Key weaknesses included:
- Over-reliance on documentation without independent verification
- Acceptance of declared UBOs without validation
- Limited assessment of control without legal ownership
- Insufficient scrutiny of non-resident and offshore risk
- Weak escalation and challenge mechanisms
- Poor integration between onboarding and transaction monitoring
Missed Red Flags
- Extensive use of nominee directors and offshore entities
- Significant mismatch between economic activity and transaction volumes
- Concentration of non-resident clients from high-risk jurisdictions
- Undeclared political exposure and proximity to PEPs
- Transaction patterns inconsistent with stated business activity
How the Bank Could Have Done Better
A more effective framework would have included:
- Multi-jurisdiction beneficial ownership reconstruction
- Independent verification of ownership and control
- Identification of effective control and influence
- PEP proximity and association analysis
- Economic substance testing
- Continuous risk reassessment informed by transaction monitoring
Why This Case Matters in 2025
The Danske Bank Estonia case remains relevant as offshore structures, sanctions-by-extension risks, and indirect political exposure continue to challenge financial institutions. Regulatory expectations now emphasize understanding ownership networks, control mechanisms, and transaction behavior beyond formal documentation.
Key Lessons for Risk & Compliance Professionals
- Traditional DD frameworks are insufficient for complex structures
- Beneficial ownership must be independently validated
- Control and influence are as critical as legal ownership
- PEP risk includes proximity and association
- Transaction behavior must align with business rationale
- Non-resident portfolios require heightened, ongoing scrutiny
Author: Padmja Jain