Bank secrecy rules get a rethink after Danske laundering shock
Danske Bank is turning into a case study for European regulators, legislators and bankers to rethink fundamental assumptions about how the finance industry should operate.
First up is the principle that bank clients should be protected by secrecy laws. The sheer scale of the Danske money-laundering scandal means those rules may now get a review. The financial regulator in Denmark, the bank's home, has started lobbying counterparts elsewhere for a broader discussion.
Jesper Berg, director general of the Financial Supervisory Authority in Copenhagen, says it's clear there are "huge privacy issues". But "we need to figure out how to resolve this".
Danske Bank faces billions of dollars in fines as it awaits the outcome of criminal investigations across Europe and in the US. The bank admitted last year that it was at the centre of an unprecedented laundering scandal after failing to screen thousands of clients in Estonia. Much of the €200 billion of mainly Russian money that flowed through those accounts was suspicious, Danske acknowledged.
The case revealed potential loopholes in European legislation. While rules governing data protection and client confidentiality protect privacy, they also mean that nothing prevents a customer blacklisted by one bank from moving to another.
Crossing the street
"The fact that the thousands of customers that left Danske could just cross the street and go somewhere else, to another country – there was no sharing of information there – that was really unfortunate and it should be avoided,” Berg said. He says letting banks share data would be a more effective tool than creating a single European entity to target money launderers.
His approach resonates in Finland, which will take over the rotating presidency of the European Union in July.
"The idea is extremely good and supportable," said Samu Kurri, head of the financial analysis and operational risks department at the Finnish FSA. "But as always, the devil is in the detail and it would take very careful preparation to draw up." It would also "represent a fundamental change to traditional tight banking secrecy on a philosophical level", he said.
In the European Parliament, too, the idea of allowing banks to share client information is finding some support. Jeppe Kofod, spokesman for the parliament0s special committee on financial crime, tax evasion and tax avoidance, says the balance needs to be tipped toward prevention.
"I don't want to sacrifice privacy," he said. But banks "should be able to share some of the data in a protected way", he said. "Today, it is too easy for criminals to operate in a number of banks."
At least two other Nordic banks have been caught up in the widening Estonian laundering scandal. Swedbank allegedly handled more than $100 billion (€89 billion) in potentially suspicious funds, while Nordea Bank may have enabled almost $800 million in questionable transactions. Both are accused of ties to the Danske affair.
Currently, banks must report suspicious behavior to their national financial intelligence unit, or FIU. Those units work with local law-enforcement authorities to investigate, but the information can't be shared with other banks. Putting together a potential criminal case takes time – and meanwhile, possible launderers are free to launder.
Berg says it's worth considering whether banks should be allowed to share reports of suspicious customers before the police confirm illegal activity. Financial institutions already collect information to meet know-your-customer requirements, and in the Nordic region are working on a unified system to avoid customers being bombarded with multiple requests.
Such a common infrastructure, Berg said, could include "customers that have been thrown out of one bank, so they're not allowed to go to the next bank".
Philippe Vollot, Danske's head of compliance since October, says that while it makes sense to share general information, privacy concerns make it more challenging to distribute suspicious-activity reports. The subject of such a report may ultimately be found innocent of any involvement.
"To have somewhere in the system a capacity that criminals would not be able to move from one financial institution to another – that would be something extremely effective to combat financial crime," he said. "The issue here is the data privacy regulation, and it's actually a philosophical debate about where does it start? Where do you draw the line?"