Last month, the chief executive of Danske Bank resigned over a €200bn money laundering scandal, said to be the largest in history.

Thomas Borgen was in charge of Danske’s international operations – including Estonia where money laundering is said to have occurred – before he became CEO in 2013. He came under fire for allegedly ignoring warning signs and failing to act. In 2010, when other concerns surfaced, Borgen claimed he had not “come across anything that could give rise to concern.”

The case is a clear example of the huge potential for damage – both reputational and financial – that can occur through having poor controls. Ratings agency Moody’s downgraded Danske Bank in response to news the US Department of Justice is now conducting investigations. Furthermore, Standard & Poor’s has warned that Denmark’s AAA credit rating risks being cut.

Danske is also facing potentially enormous fines from US and European regulators. In the UK, the national Crime Agency has also launched an investigation. Initially there was surprise that Danske was involved in money laundering activities because the Nordic banks in general have strong reputations for transparency.

What happened?

Money laundering is said to have occurred between 2007-2015. It is reported Danske laundered funds for around 15,000 clients who were mainly Russians, including some prominent politicians.

Around 44% of all deposits came from non-residents and there were vast sums involved – the figure of €200bn was 10 times Estonia’s national output in 2014. The bank is also said to have earned large fees from illicit transactions – in 2013, these were €10m.

How was it uncovered?

A British whistleblower, Howard Wilkinson, formerly head of trading for the Baltic’s for Danske Bank, is said to have uncovered the money laundering. According to a Danish newspaper report, he is said to have warned the bank’s executive board in Copenhagen in 2013 and 2014 about suspicious activities at the Estonian branch.

There has since followed an internal investigation, which found there was a “series of major deficiencies” in its control and governance system. It has been revealed illicit money may have flowed through some 15,000 accounts held by 15,000 non-resident customers and that to date, of the 6,200 accounts examined, “the vast majority” appear to be suspicious.

The UK is also implicated. In 2014, it was alleged UK limited liability partnerships were a “preferred vehicle” for non-resident clients. An example which has come to light is the ‘Azerbaijani Laundromat’ when some €2.5bn was allegedly laundered by four UK-registered shell companies. Apart from Russia, non-resident customers were said to come from the UK and the British Virgin Islands.

What happens now?

Where there are suspicions, customers have been reported to authorities. The bank has also said 42 staff members and eight former employees have been reported to the Estonian police.

Borgen is said to have failed to disclose sufficient detail to the main board for a number of years, but despite this, neither have been held to be legally responsible.

Just who is to be held accountable will no doubt come out but there are already failings that should be noted by other financial services firms. Notably, many documents were in Estonian and Russian and the Danske board said it was not fully aware of their content – it was assumed the branch was already taking appropriate money laundering procedures.

The Estonian branch also had its own IT platform, which meant remote supervision was also difficult – and apparently, updating the system so that anti money laundering processes were equivalent to the head office had been dismissed for cost reasons.

Danske is now closing down its local customer business in Estonia and the challenge now will be to prove that the deficiencies were localized and will never happen again.