Danske Bank is in trouble with regulators, law enforcement, and perhaps most importantly, its clients and investors. And in the bank's woes lies a lesson for the rest of us; the world of finance today is so complicated that even with established AML/compliance programs in place, it's possible for criminals to exploit the banking or financial platforms of long-standing institutions who may not be paying close attention.

Criminals took it upon themselves to exploit Danske Bank, a well-established institution, so what’s stopping them from exploiting others and potentially using more advanced, cyber-crime schemes like Transaction Laundering, the new, advanced form of money laundering, to go unnoticed?

Money Laundering Hurts Reputations

According to Bloomberg, the warning signals that the Bank was venturing into dangerous money laundering territory were there, but a confluence of reasons converged to wound the business, and reputation, of one of the biggest banks in the world. According to authorities, the bank's Talinn-based branch, Danske Bank Estonia (DBE), may have processed over $7 billion in criminal funds between 2007 to 2015.

And now, as a result of this money laundering scandal, a venerable 150-year old institution is on the skids – shedding investors, and executives who are fleeing from the inevitable coming judgment, which will consist of at least a huge fine, if not even worse sanctions, depending on the extent of the money laundering.

How could the world's 53rd largest bank by total assets (S&P Global Market Intelligence, 2018) fall victim to a scandal like this? No doubt they had oversight systems in place -  big data-based analysis systems to monitor anomalous activities that could indicate money laundering - yet somewhere along the line, something failed.

Deficiencies at Danske Bank

The failure by executives to intervene over “suspicious transactions” at the Estonian branch of the bank was the central core of the problem. According to the bank's own investigation, “It was major deficiencies in controls and governance that made it possible to use Danske Bank’s branch in Estonia for criminal activities such as money laundering.” Among the reasons the investigation attributed those “deficiencies” to include: the lack of a proper culture for, and focus on, anti-money laundering at the Estonian branch (ie, failure to follow up on suspicious data); inadequate governance in relation to compliance and risk; and too much dependence on (faulty) local country management for management follow-up and control.

Additional issues, highlighted in a Bloomberg story, involved a “lean and mean” corporate culture, in which lower-level officials were reluctant to raise problems with higher-ups. That differs from the general culture in Denmark and Scandinavian countries, which values “frank discussions and reaching a consensus,” the report quoted experts as saying. The bank's reputation has been questioned, with regulators now scrutinizing their every action.

In its statements, Danske Bank did not specify what kind of systems it had to detect money laundering, Yet even with those systems, criminals were able to run a multi-year scheme to launder billions. And this was using traditional money laundering methods that banks and businesses are familiar with.

Learning from Past Mistakes and Creating a Safer Future

Back in  2013, a whistleblower prompted attention to the wrong-doings, but Danske only started internally investigating four years later when the news hit more mainstream media reports. Somebody missed something, but for us, it's sufficient to draw the lesson that the same thing could happen to any financial institution, who isn’t stringent on their processes.

If an organization, for example, can be subjected to a Transaction Laundering scam – in which cyber-crooks hide illegal transactions, such as the sale of drugs, behind an approved merchant’s payment credentials – would they be able to catch it? For most organizations, protection against advanced forms of money laundering such as Transaction Laundering, are likely non-existent – which means they don't even know how to detect it.

The Problem is Far More Widespread Than Just One Bank

Danske Bank is far from the only offender here; there are outstanding money laundering or transaction laundering cases open against numerous banks. One of them, ING Groep NV of the Netherlands, recently paid a €775 million ($900 million) fine total to the Dutch government to resolve charges of money laundering over the past decade. According to Dutch prosecutors, the Bank “structurally and for years” provided an infrastructure for money laundering for criminals and terrorists. “The fine is not ING’s first for failing to prevent illegal transactions, according to Reuters, “ In 2012 it paid a penalty of $619 million for facilitating billions of dollars worth of payments through the U.S. banking system on behalf of Cuban and Iranian clients.”

Detection and Ultimate Prevention

The main lesson from the Danske Bank story is that even institutions with long-established AML programs can be exposed to money laundering. Clearly this is something all banks and financial institutions should turn their attention to. Organizations need to reevaluate and update their compliance programs and avoid the kinds of culture and governance issues that affected Danske Bank – but they also need to realize that without outside help from companies that offer automated, advanced technological solutions.  The past few years have exposed vulnerabilities in the payments industry, and as a result, a regulatory eye has begun to keep a closer watch over illicit and illegal transaction activity and pay attention to who is ultimately responsible.

When it comes to Transaction Laundering, the proper technology is crucial to detect those warnings before the alarms sound. Online problems require online solutions and it's up to the payments world to leverage the benefits of automation to collect the right data to make sound business decisions.  Automated tools and technology provide additional insights into the online presence of a corporate customer that adds valuable and predictive information to their comprehensive profile. The technology also allows for more accurate and more frequent monitoring to detect fraud before it can do major damage. Updating to and maintaining a comprehensive risk management process is the best way to avoid the ire of authorities, customers, and investors – and a tremendous loss of reputation.