View Full-text Download PDF (858kb)

In September 2018, Danske Bank, the largest bank in Denmark and one of the largest in the Nordic region, published a report which detailed that the bank’s board had fallen into lapses in Anti-Money Laundering/Counter Terrorism Financing (AML/CTF) policies at the bank, in particular, within its Estonian subsidiary. The report was devastating in its criticism of AML processes in the Estonian branch, stating that, over a period of several years, “all lines of defence failed” to manage money laundering risks. Soon after the publication of this report, the CEO of Danske resigned, causing the details of the underlying scandal to become public knowledge (although some the issues involved had been aired publicly on a number of occasions previously). It was also revealed that the bank had become the subject of criminal investigations by US authorities. While the events that are covered in the initial report related to failures to manage AML risks, the situation is more complex than merely deficient AML controls in a remote branch. There was a failure to manage a smorgasbord of different types of risks at both the local and group (i.e., headquarters) level, including: strategic risks; technology risks; and especially operational risks. As befits a sophisticated modern financial institution, Danske Bank operates a group-wide enterprise risk management (ERM) framework covering multiple types of risk (credit, market operational, etc.). The fact that the failure to manage the AML risks took several years to come to light casts doubts on the efficacy of their ERM framework and its implementation. Using Turner’s case study approach, this paper considers the Danske Bank case from the perspective of operational risk management with a view to identifying lessons that can be learned from the scandal that can be applied to future, large-scale operational risk events.

Keywords: strategic technology risk; Danske Bank; Russian Laundromat; operational risk management; Turner’s Six Stages Model