Danske Bank Fined €1.82m for AML Transaction Monitoring Failures

On September 13, 2022, the Central Bank of Ireland fined Danske Bank €1.82m for transaction monitoring failures in its anti-money laundering (AML) and terrorist financing systems. Pursuant to the Central Bank’s administrative sanctions procedure, Danske Bank was reprimanded by the Central Bank for multiple breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 (CJA) between 2010 and 2019.

During this time, Denmark’s Danske Bank failed to ensure its automated transaction monitoring system monitored the transactions of certain customer groups in its Dublin-based branch. This led to the exclusion of specific customer categories from the transaction monitoring process, including some customers rated by the bank as medium and high risk.

Transaction monitoring failures

According to the enforcement action, the root cause of these failures was found in the out-of-date data filters applied within Danske’s automated transaction monitoring system, which had not been updated since being applied to the Irish branch in 2006. In failing to examine whether the data filters were appropriate within the system, Danske Bank did not consider the specific requirements of the CJA when it was brought into force in Ireland in 2010. 

As a result of an internal audit in May 2015, Danske Bank became aware of the inadequacies in its transaction monitoring system and the nature of the risks it posed. However, the bank failed to notify the Irish branch of these issues and did not take appropriate action for nearly four years. Between August 31, 2015, and March 31, 2019, it is estimated that 348,321 transactions processed through the Irish branch were not monitored for money laundering and terrorist financing risk.

Danske Bank’s failings ultimately led to three breaches of the CJA, all of which the bank has admitted to. In addition to its transaction monitoring failings, the bank breached the CJA in relation to:

• Enhanced Customer Due Diligence: Danske’s Irish branch did not consider transaction monitoring data, which is essential to identify and assess illicit finance risks specific to those customers and determine where any meaningful additional measures might be required.
• Anti-money laundering / Countering the Financing of Terrorism (AML/CFT) policies, procedures, and controls: The policies, procedures, and controls put in place by Danske Bank did not identify the exclusion of certain groups of customers from automated transaction monitoring.

Key takeaways

Automated transaction monitoring systems are essential for the effective management of data. However, ensuring compliance with regulations means introducing, enforcing, and regularly reviewing policies to ensure systems are operating correctly. This may include above and below-the-line testing to model the potential impact of any rule changes

Additionally, compliance staff must ensure that group systems, policies, procedures, and controls are compatible with the legal requirements outlined by the jurisdiction in which they operate.