The Nordic AML scandal continues as Danske faces fresh regulator criticism, Australian regulators focus on new targets after Westpac, and the SEC rewards whistleblowing.
We share our financial regulatory highlights from the week of 28 September 2020.
Danske Stays in the AML Spotlight
In an interview with Bloomberg this week, Jesper Berg, the head of the Danish Financial Supervisory Authority (FSA) commented that many of the problems that had led to money laundering failures at Danske Bank were the result of a deferential culture within the institution. In the interview, Berg commented that the bank needed to go from being “a very hierarchical institution to an institution where staff needs to flag mistakes and speak up more.” While noting that the new management of the bank are making efforts to change that culture, he reflected that such matters were “difficult” to address.
These developments come against the backdrop of ongoing investigations in the US and Europe into Danske’s potential role in a money laundering scheme that funnelled over $200 billion of illicit funds from Eastern European jurisdictions into the international financial system. The funds are reported to have passed through accounts held in Danske’s Estonian branch between 2007 and 2015. So far, the investigation has led to criminal charges against the bank’s former Chief Executive Officer (CEO), Thomas Borgen, in May 2019. The current CEO, Chris Vogelzang, is leading a reform programme at the bank, while also seeking to come to an agreement with leading regulatory authorities on both sides of the Atlantic about a package of measures that will satisfy their concerns.
Berg’s comments come only a week after it was revealed that compensation claims lodged in Danish courts linked to the AML/CFT scandal have now exceeded $1 billion. The claims come primarily from institutional investors such as pension funds, who are seeking redress for the drop in the bank’s share value following the emergence of Dankse’s AML/CFT problems in 2017.
The ongoing saga for Danske is obviously important for the institution itself, as one of Denmark and Scandinavia’s biggest banks, and is one of the cases that is also pushing the European Union (EU) forward in its plan to reform AML regulatory oversight in the Union. Scandals such as Danske have suggested that the previously supposed ‘low risk’ markets of Europe potentially need a more diligent eye upon them. One of the possible outcomes of the reform plan, which is currently under consultation, is the creation of an EU AML enforcement agency which could take direct actions against AML failures at a national level.
For individual compliance teams, Danske also provides a case study of how financial institutions can head down a path towards AML/CFT failure as much through the ‘silent’ constraints of organisational culture as active malfeasance. If anything, the Danske example continues to emphasise the need not only for staff to be able to voice concerns, but for financial institutions to treat the elements of AML/CFT – policies, procedures and controls – as a core part of what the business does.
Australian Regulators Consider Next Enforcement Target
Australian regulators – fresh from levelling AML/CFT fines against major Australian bank Westpac – are now apparently considering similar enforcement actions against the Australian affiliate of the global payment services provider, PayPal. The Australian Transaction Reports and Analysis Centre (AUSTRAC), the country’s Financial Intelligence Unit (FIU) informed Australian media sources at the end of the last week that it was considering taking direct action against the firm.
PayPal Australia has been subject to an independent audit requested by AUSTRAC for over a year now, as a result of concerns that the firm had failed to meet its AML/CFT reporting obligations on International Funds Transfers. According to Australian federal law, regulated financial institutions are obligated to report the international transfer of funds into and out of the country. AUSTRAC has previously stated that the financial intelligence that they gather from this kind of reporting is incredibly useful in the fight against international organised crime networks involved in crimes such as human trafficking and child sex exploitation.
The Paypal Australia audit was due to be completed by the end of August, but has continued for a further month, leading to some media speculation about the extent of the problems it might have uncovered. While explaining to the Australian media that it was considering action, AUSTRAC’s spokesperson noted that it would “use the final audit report to determine the extent of any compliance issues and whether further regulatory action is required.” At this point there is no clarity about what that action might look like, but Westpac’s recent fine for AML/CFT reporting failures came in at just under $1 billion (US).
If a fine is levelled, it will add to PayPal’s possible regulatory woes in Australia. The Australian Tax Office (ATO) has expressed past concerns about the firm’s tax arrangements, which see it send the majority of its income to Singapore to ensure ‘tax efficiency.’ Elements in the Australian media have also been extremely critical.
The possibility of enforcement action against Paypal Australia indicates the seriousness with which AUSTRAC takes any failures to fulfill reporting obligations. The FinCEN files leak has focused media attention on the value – or otherwise – of suspicious activity reporting, but bulk disclosures of certain types of higher risk transactions – which are mined for strategic intelligence on criminal activity – are actively used as vital tools for law enforcement not only in Australia, but the US and Canada too. Further enforcement actions will send a message that the Australian authorities do not see financial intelligence reporting from the private sector as a ‘nice to have.’
For individual businesses, it drives home the point of how important their own role is in supporting the wider societal fight against serious organised crime groups, and the wider span of financial and economic crimes. Law enforcement cannot do their jobs as well if they lack the focused support of the obligated private sector. And to provide that, private businesses need to think carefully about whether they have the right AML/CFT tools and technology in place to detect the risks.
SEC Awards Bribery Scheme Whistleblower $1.8 Million
A whistleblower whose information helped to uncover a bribery scheme at Orthofix International was awarded $1.8 million, the US Securities and Exchange Commission announced on 25 September 2020.
The names of the company and whistleblower were left out of the announcement. But the whistleblower’s lawyers confirmed a connection with the Texas-based medical device company, which paid over $14 million in 2017 to settle charges of accounting fraud and violations of the Foreign Corrupt Practices Act (FCPA).
The former charges, those related to accounting failures, came to light when two external analysts noticed that data from quarterly earnings reports and calls painted an unusual picture. While the company seemed to be meeting ambitious earnings targets, the company was also struggling with mounting payment delays and past-due invoices. It was later revealed that executives at Orthofix had been improperly recording revenue and inflating earnings by “channel stuffing” – that is, providing customers with more products than they needed – from 2011–2013.
Separately yet around the same time, a doctor in Brazil brought concerns – first to Orthofix leadership and later to the SEC – that the company’s Brazilian subsidiary “schemed to use high discounts and make improper payments through third-party commercial representatives and distributors to induce doctors under government employment to use Orthofix’s products.”
This was the second FCPA violation for the medical device company in five years: in 2012, a Mexican subsidiary of Orthofix was found to have routinely bribed officials with cash, laptops and other electronics. Those officials would, in turn, award the company sales contracts with government-owned hospitals. That case was settled with a fine of $5.2 million.
Orthofix maintains it self-reported the misconduct and lax oversight related to all cases to the SEC. Further, as part of the settlements, it has agreed to hire an outside consultant to monitor and test its FCPA compliance program.