Many takeaways from this 43-page Consent Order from NYDFS against Nordea Bank, including the view of DFS that:
• “[t]he combination of deficient AML controls, an unsophisticated transaction monitoring apparatus, and a decentralized global compliance program created a set of circumstances that exposed Nordea’s financial channels to a high risk of criminal abuse. Nordea’s relationships with U.S. banks imported those risks to the New York financial system.”
Other takeaways include (according to DFS findings):
• In noting numerous, uncured deficiencies in KYC, CDD, EDD at its Baltic Branches, DFS principally relied on internal audit findings from the Bank. If DFS thinks what Internal Audit says is important, financial institutions need to as well.
• By failing to properly conduct KYC on Danske Bank, another European bank that subsequently pled guilty in the U.S. to committing fraud on other banks, Nordea “was unable to be fully aware of Danske Estonia’s involvement and activities in money laundering schemes.”
• Some of those transactions were processed through Nordea’s New York Branch, providing a modest jurisdictional hook to DFS.
• Nordea also conducted inadequate diligence on another troubled bank, ABLV, for which it conducted correspondent banking, and had a troubling relationship with the Bank of Cyprus, which had former KGB members on its Board.
• DFS also found that Nordea’s transaction monitoring system, which appears to have been housed in Europe, was insufficient, with just 3 detection scenarios employed in its first iteration in 2010.
• Most of the conduct investigated occurred prior to 2018. The conduct was linked to the Panama Papers leak, the Russian Laundromat, the Azerbaijani Laundromat, and misconduct involving Hermitage Capital Management funds.