Key Takeaways From Danske Bank’s Settlement of DOJ and SEC Fraud Charges Over Its Anti-Money Laundering Compliance

Skadden Publication / White Collar Defense and Investigations

Anita B. Bandy Alessio D. Evangelista Andrew M. Good Ryan D. Junck David Meister Bora P. Rawcliffe Christopher S. Herlihy Greg Seidner

On December 13, 2022, Danske Bank A/S, headquartered in Denmark, pled guilty to one count of conspiracy to commit bank fraud (18 U.S.C. § 1349) and agreed to forfeit approximately $2.06 billion to resolve an investigation by the U.S. Department of Justice (DOJ). According to the plea agreement, Danske Bank conspired to commit bank fraud by misleading U.S. banks between 2008 and 2016 in order to maintain, and in one case to open, U.S.-dollar accounts that allowed Danske Bank to process billions of dollars in highly suspicious transactions through the U.S. financial system. Those included potentially criminal transactions from high-risk accounts for non-resident customers of the bank’s Estonia branch that were processed without appropriate anti-money laundering (AML) policies, procedures and controls in place. The criminal information to which Danske Bank pled identified misstatements and omissions that Danske Bank made to its U.S. correspondent banks about the quality of its AML program and about specific transactions and customers. (See December 13, 2022, DOJ press release.)

Danske Bank also agreed to settle civil fraud charges brought by the U.S. Securities and Exchange Commission (SEC) in a parallel proceeding for violating the antifraud provisions of section 10(b) of the Securities and Exchange Act of 1934 and SEC Rule 10b-5. The alleged conduct involved services provided by the Danish bank’s Estonian branch, and mainly featured non-resident customers located in Russia and other former Soviet-bloc countries. The SEC complaint alleged that, from approximately 2009 to 2016, Danske Bank misled U.S. investors in English-language reports on its website about its AML compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

Although Danske Bank was ordered to pay $178.6 million in disgorgement with prejudgment interest and $178.6 million in a civil penalty, the SEC deemed the disgorgement satisfied by forfeiture and confiscation in the parallel criminal cases brought by Danish authorities and the DOJ. (See December 13, 2022, SEC press release.)

As part of a coordinated resolution, on December 14, 2022, a Danish court ordered Danske Bank to pay approximately $500 million in penalties, and $171 million in forfeiture for violations of Denmark’s Money Laundering Act and Financial Business Act between late 2013 and early 2016. This represents the largest penalty ever imposed in Denmark for conduct related to money laundering.

The DOJ plea and SEC settlement flag important issues for non-U.S. banks that interact with U.S. correspondent banks, are subject to SEC reporting requirements, or otherwise avail themselves of the U.S. financial system:

  1. The actions make clear that the DOJ and SEC will seek to address programmatic AML failures and misrepresentations about AML compliance programs through fraud statutes. Typically, the DOJ has brought charges under the Bank Secrecy Act (BSA) to address this type of conduct. But, because Danske Bank does not have U.S. branches, the BSA was not available.
  2. In cases involving money-laundering surveillance and reporting obligations of broker-dealers, the SEC has authority to pursue charges under Rule 17a-8, which was promulgated under Section 17(a) of the Exchange Act and requires broker-dealers to comply with the reporting, recordkeeping and record retention requirements in regulations implemented under the BSA. The SEC can also bring charges involving books and records or internal control failures where a bank has reporting obligations under the Exchange Act. Here, the SEC instead relied on its anti-fraud charging authority based on significant trading of Danske Bank American depositary receipts, which were sold over-the-counter and quoted by OTC Markets Group in the U.S., and the fact that approximately 18% of its securities were held by U.S. investors. The SEC also alleged that the bank made misrepresentations or omissions in reports posted on its corporate website “for the benefit of and made available to ... actual and prospective U.S. investors.”
  3. For the DOJ, using the bank fraud statute provides a 10-year statute of limitations. Meanwhile, relatively new authority gives the SEC broad authority to seek disgorgement, or ill-gotten gains, for intent-based fraud that goes back 10 years. This authority further tolls the statute of limitations for disgorgement and other equitable relief for time spent outside the U.S. That is particularly relevant for foreign and multinational financial institutions and opens up additional historical conduct for potential enforcement.
  4. Non-U.S. banks like Danske Bank frequently respond to AML and sanctions compliance inquiries from U.S. correspondent banks at account opening and during periodic due diligence. They also routinely make representations about their compliance programs and controls, transaction monitoring and specific customers or transactions. Non-U.S. banks should carefully review the internal processes that govern and monitor these activities, and consider whether their previous representations to and interactions with U.S. correspondent banks were accurate and complete in light of past reviews, audits and regulatory findings and, if they were not, whether those representations and interactions could result in civil, criminal or regulatory liability.
  5. As expected, the plea agreement aligns with the DOJ’s recent pronouncements about its corporate criminal enforcement policies and enforcement priorities. For example, the agreement emphasizes that Danske Bank’s lack of voluntary self-disclosure negatively impacted the penalty calculation, but that the bank received full cooperation credit in part because it provided all known facts relating to individuals involved in the conduct at issue and it produced data located outside of the U.S. in a way that did not implicate foreign data privacy laws. The plea agreement also flags this as a case where a monitor would have been imposed but for the fact that the Danish Financial Supervisory Authority already appointed an independent compliance expert. In line with its policy to consider recidivism, the DOJ also pointed to Danske Bank’s past regulatory issues involving insufficient AML controls, even though the bank had no prior criminal history. See our October 6, 2022, client alert, “Revisions to the DOJ’s Corporate Criminal Enforcement Policy Will Require Companies To Reevaluate Their Compliance Systems.”
  6. The $2 billion resolution reflects the significant monetary penalties that can be levied by U.S. and foreign regulators in AML-related enforcement actions. Although the SEC agreed to credit its disgorgement claim based on restitutionary and forfeiture relief obtained in the related criminal cases, the SEC imposed a civil penalty on Danske Bank equal to the significant disgorgement ordered.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.