The Central Bank has reprimanded and fined Danske Bank a total of €1.82m for three breaches of anti-money laundering laws.
The three breaches stem from the failure by Danske Bank to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers of its Irish branch.
The breaches occurred over a period of almost nine years, between 2010 and 2019.
This is the first penalty that the Central Bank has imposed on a financial institution which is incorporated and supervised outside of Ireland, but which operates here as a branch on a passport basis. The bank is authorised by the Danish Financial Supervisory Authority.
The three breaches of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 have been admitted by Danske.
The Central Bank's Director of Enforcement and Anti-Money Laundering, Seana Cunningham, said the importance of transaction monitoring in the global fight against money laundering and terrorist financing cannot be overstated.
"It is imperative that firms implement robust transaction monitoring controls which are appropriate to the money laundering risks present and the size, activities, and complexity of their business," Ms Cunningham said.
"These controls must be applied to all customers, irrespective of their risk rating, as they enable firms to detect unusual transactions or patterns of transactions and where required apply enhanced customer due diligence to determine whether the transactions are suspicious," she added.
The Central Bank said it recognises that while firms may rely on automated solutions for transaction monitoring, they must ensure that systems employed for this purpose are appropriately monitored and calibrated correctly to take account of the actual money laundering or terrorist financing risk to which the firm is exposed.
"In this case, the transaction monitoring system used by the Irish branch was a Danske group wide automated system that had applied historic data filters which operated to erroneously exclude certain categories of customers from being monitored for a period of almost nine years. This led to the serious breaches in this case," the Central Bank said.
"This case highlights the requirement for firms, including those operating in Ireland on a branch basis, to ensure that group systems, controls, policies and procedures are compatible with Irish legal requirements and to ensure that their governance framework and risk management measures operate effectively," Ms Cunningham added.
Danske became aware that its automated transaction monitoring system erroneously excluded certain categories of customers in May 2015 but failed to rectify it or notify the Irish branch or the Central Bank of this issue.
It was only in October 2018 when the Irish branch identified the issue that steps were taken to rectify it, which were completed in March 2019.
But the Central Bank said it was not informed of the issue until February 2019.
"The failures to rectify the issue and to notify the Central Bank promptly are aggravating factors in this case. The Central Bank expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors. The Central Bank will hold firms, including those operating in Ireland on a passporting basis, fully accountable where they fail to take such actions," Ms Cunningham said.
The Central Bank said it had determined the appropriate fine to be €2.6m, but this was reduced by 30% to €1.82m in accordance with the early settlement discount scheme provided by the regulator.
From 2014, Danske Bank's Irish branch has offered banking services to corporate and institutional clients only.
In a statement, the bank said it acknowledges the seriousness of the issues identified in the Central Bank's investigation, which have been fully accepted by Danske.
It said it had not identified that any financial loss was caused to its customers as a result of the breaches.
"Danske Bank deeply regrets and apologises for the matters which were the subject of this investigation," it said today.
"Danske Bank recognises the importance of effective anti-money laundering procedures and takes its obligations under legislation and regulatory guidance very seriously," it said.
It added that it has allocated significant resources to ensure successful financial crime prevention, including 3,600 full time employees dedicated to fighting financial crime.
"Danske Bank will have spent approximately 12 billion DKK on maintaining and improving the overall financial crime risk management framework including AML controls between 2018 and the end of 2022," it added.