Danske Bank fined €1.8 million for not updating AML controls in Ireland branch since 2010
“The transaction monitoring system used by the Irish branch was a Danske group wide automated system that had applied historic data filters which operated to erroneously exclude certain categories of customers from being monitored for a period of almost nine years. This led to the serious breaches in this case.”
The Central Bank of Ireland has fined Danske Bank €1,820,000 for three breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 (CJA). The three breaches have been admitted by Danske.
Danske Bank failed to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers of its Irish branch, for a period of almost nine years, between 2010 and 2019.
Appropriate fine was of €2,600,000
The historic data filters that were applied within Danske’s automated transaction monitoring system, first implemented in 2005 and rolled out to the Irish branch in 2006, were the root cause of the issues.
The Danish bank, however, did not make any adjustments to the system to take account of the specific requirements of the CJA when it came into force in Ireland in 2010. This led to the erroneous exclusion of certain categories of customers from transaction monitoring, including some customers rated by Danske as high and medium risk, which caused the three breaches of the CJA in this case.
In 2015, the bank became aware of the issues in its transaction monitoring system but did not take adequate action for almost four years, which led to 348,321 unmonitored transactions in Ireland between 31 August 2015 and 31 March 2019 (2.43% of all transactions processed through the Irish branch).
The appropriate fine of €2,600,000 was reduced by 30%2 to €1,820,000 in accordance with the early settlement discount scheme.
Firms operating in Ireland on branch basis must still comply with its framework
The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seana Cunningham, said: “The importance of transaction monitoring in the global fight against money laundering and terrorist financing cannot be overstated. It is imperative that firms implement robust transaction monitoring controls which are appropriate to the money laundering risks present and the size, activities, and complexity of their business. These controls must be applied to all customers, irrespective of their risk rating, as they enable firms to detect unusual transactions or patterns of transactions and where required apply enhanced customer due diligence to determine whether the transactions are suspicious.
“The Central Bank recognises that while firms may rely on automated solutions for transaction monitoring, they must ensure that systems employed for this purpose are appropriately monitored, and calibrated correctly to take account of the actual money laundering or terrorist financing risk to which the firm is exposed. In this case, the transaction monitoring system used by the Irish branch was a Danske group wide automated system that had applied historic data filters which operated to erroneously exclude certain categories of customers from being monitored for a period of almost nine years. This led to the serious breaches in this case.
“This case highlights the requirement for firms, including those operating in Ireland on a branch basis, to ensure that group systems, controls, policies and procedures are compatible with Irish legal requirements and to ensure that their governance framework and risk management measures operate effectively. These should be risk-based and proportionate, informed by firms’ business risk assessment of their money laundering and terrorist financing risk exposure.”
