“€17.8 billion over 5 years. All from non-resident customers. Who are these customers? The database appears to have a few blanks.”
“I see. These non-res customers, with complex corporate structures, including Malta, Cyprus, and Luxembourg are shy – and we feel it best to keep their personal data off the system. Of course we do.”
“A UK company owned by a Cypriot entity, controlled by person or persons unknown, chooses to bank at an Estonian subsidiary of a Swedish Bank. Perfectly natural. Perhaps they come for the weather?”
I’m fond of some creative writing, but alas the above is not my work. I’m merely imagining conversations that must have taken place inside Swedbank in 2015.
Stung into action by an exposé by Swedish TV, Swedbank commissioned international law firm Clifford Chance to investigate compliance failures. They published their report in March. Be warned – there’s a lot of it.
Swedbank was fined $386,000,000 by its domestic regulator. More fines are coming from Estonia and US.
What can we learn from this story?
Swedbank had policies and procedures. It had compliance teams. Internal reports. It had external consultants and reviews. Problems were flagged. Issues raised.
The Bank spent a fortune on creating an infrastructure to prevent money laundering and when the system worked, ignored the alerts.
Why would they do that?
- Disinterest. Compliance is seen as boring, drudgery. (Disclaimer, some of it is.) Management of it tends to get sent up a circuitous reporting chain – with frontline concerns often not reaching the top.
- Good old commercial interest. Big numbers are sexy.
It’s the role of compliance teams to raise flags and to make sure they’re heard.
But…it’s the boss’ job to listen.
Don’t believe that your company is following its procedures. Know it. Prove it. Document it.
Want a hand? Drop me a line.