Takeaways From Deutsche Bank's $186 Million Sanctions & AML Penalty

The Deutsche Bank 2023 Penalty: Here's What Happened

Like most sanctions and AML penalties dished out by regulatory authorities, the US Federal Reserve Board's $186 million penalty on Germany's largest bank by total assets splits into parts.

Here they are:

• $140 million for alleged sanctions and AML violations
• $46.2 million regarding its relationship with Danske Estonia
  

Let's examine each part. ‍

Sanctions and AML Violations

As many readers know, this isn't the first time the Frankfurt-based bank has been in the regulatory doghouse in the US. 

And here comes a fascinating facet of the latest case:

The Fed issued the latest fine because Deutsche Bank failed to make sufficient progress after the Fed and the New York State Department of Financial Services levied more than $300 million in penalties on the company between 2015-2017.

The offenses during that period were broadly for two failings. First, insufficient policies to ensure compliance with the Office of Foreign Assets Control (OFAC) sanctions against countries including Iran, Libya, and Syria. Secondly, failings in maintaining an effective AML program to comply with the Bank Secrecy Act (BSA).

And the Fed, in its statement regarding the 2023 penalty, said the bank had made "insufficient progress" in the following areas:

• Compliance Oversight
• Customer Due Diligence
• Transaction Data
• Transaction Monitoring and Filtering
• Suspicious Activity Reporting (SARs)
  

So, the bottom line is this: Deutsche Bank, according to the Fed, did not do enough since its initial slap on the wrist and multi-million dollar penalties back in 2015-2017.

‍

‍

Danske Bank Estonia Relationship

The second chunk of the $186 million 2023 total penalty is a $46.2 million fine for BSA and AML failings regarding the correspondent banking relationship Deutsche Bank had with Danske Bank Estonia.

Danske Bank Estonia is infamous for being at the heart of what has been described as Europe's largest money laundering scandal, which exploded into the public domain in 2017.

We'll delve into further details later in this article. However, acting as a correspondent bank, Deutsche Bank - according to the Fed - cleared billions of dollars for the Estonian subsidiary of Danske Bank (Denmark's largest bank) between 2007-2015. 

In 2022, Danske Bank agreed to pay over $2 billion for its AML failures in Estonia.

The following section will reveal the key takeaways from the Deutsche Bank 2023 case.

1. Regulators Are Pushing for Strong Transaction Monitoring Processes

The first key takeaway from the Deutsche Bank penalty regards transaction monitoring and customer due diligence (CDD). These are cornerstone processes in sanctions and AML compliance and are a central theme in the case. But how so?

As part of the enforcement, the Fed didn't just stop at dishing out a nine-figure financial penalty. 

They also stated that Deutsche Bank must improve and strengthen its AML transaction monitoring systems and CDD program. And to be clear, these aren't lightweight recommendations without clout. The Fed issued a new legally-binding consent order (because the prior orders were not fulfilled).

However, back to the broader picture: What does this all mean for professionals working in AML and sanctions compliance? 

The growing pattern over the last few years is that regulators worldwide are increasingly demanding that all companies and organizations (whether in the financial sector or otherwise, whether the company is small or large) invest and prioritize robust AML and sanctions compliance systems.

And remember, the incredible advances in regulation technology (RegTech) now mean the excuses for not having them are drying up. 

The regulators all know this, of course. And they are very aware that AML and sanctions compliance boosting tech (sanctions.io is part of this sector), such as transaction monitoring and transaction screening, are more straightforward and cheaper than ever to implement.

2. Compliance Culture Failings Come Up Again in 2023

The next significant takeaway from the 2023 Deutsche Bank penalty is a topic that comes up repeatedly: Failings in the compliance culture of a business or organization.

In this sanctions.io series of learning from sanctions and AML failings, we also examined Microsoft's 2023 penalty, issued by the US Department of Commerce's Bureau of Industry and Security (BIS) and OFAC, for sanctions violations in Crimea.

And what do the Microsoft and Deutsche Bank cases have in common?

You guessed it: Apparent weaknesses in compliance cultures. You can learn more about why Microsoft was on the receiving end of regulatory wrath in this article from the blog.

But back to the bank that many call "DB''. No one is suggesting (well, perhaps the Fed is) that Deutsche Bank doesn't have a culture of complying with AML and sanctions regulations. And it's important to remember that we are only privy to some of the information about the case. 

However, it doesn't take a genius to surmise that a problem in the culture of following compliance rules is likely to be an issue, with regulators once again dishing out astronomical nine-figure penalties for violations.

And one conclusion from the case is this: Poor compliance cultures are coming up again and again in 2023, and it's something all AML, sanctions, and compliance officers should be aware of.

Recommended reading from the blog - Beyond Box Ticking: 5 Tips for Compliance Officers to Show Business Value

3. Correspondent Banking Risks Are in Focus Again

For the next key takeaway, we will focus on Deutsche Bank's banking relationship with Danske Bank Estonia. According to Deutsche Bank, the partnership ended in 2015. 

But all these years later, it's rearing its ugly ahead again. 

As mentioned earlier in the article, between 2007-2015 - and acting as a correspondent bank - it cleared billions of dollars for the Estonian subsidiary of Denmark's largest bank. 

This week's (July 19, 2023) $46.2 million penalty levied on Deutsche Bank is because, according to the Fed, ineffective AML internal controls allowed transactions to take place that formed part of the world's largest money laundering scandals of recent years.

You can learn more about the money laundering risks associated with correspondent banking in this sanctions.io article. But in a nutshell, when a bank acts as the correspondent (performing financial services for a respondent bank), it often relies on the respondent bank's know-your-customer (KYC) and customer due diligence (CDD) processes rather than its own. 

In 2023, the high risks associated with correspondence banking relationships are popping up frequently. 

Deutsche Bank is the latest case. But only last month (June 2023), OFAC fined one of Sweden's largest banks, Swedbank, $3.4 million for sanctions violations that involved correspondent banking relationships. 

Final Thoughts and How sanctions.io Can Help

This article is part of a series of reports that reveal key insights from recent sanctions and AML violations. Here are more from the blog:

• Microsoft's 2023 Sanctions Penalties: 5 Key Learning Points
• Learning From BAT's $635M North Korea Sanctions Fine: 5 Key Insights
• Unravelling Swedbank's $3.4 million OFAC Sanctions Penalty: 3 Key Insights
  

To learn more about how our sanctions, PEP, and criminal watchlist screening service works and to receive answers to all your queries regarding the sanctions.io API, integrations, and more. Book a free Discovery Call now. 

7-Day Free Trial (No Credit Card Required)

We offer a free 7-day trial (no credit card is required) and will be delighted to walk you through our service. sanctions.io is a highly reliable and cost-effective solution for sanction checking. AI-powered and with an enterprise-grade API with 99.99% uptime are reasons why customers globally trust us with their sanctions screening needs.