Nordic countries have a reputation as traditionally safe banking destinations, with the financial institutions of Norway, Sweden, Denmark, Finland and Iceland regularly ranking amongst the safest in the world. However, following a series of high profile international money laundering cases involving Nordic banks, that reputation has been shaken, putting a spotlight on Nordic banking AML compliance.
The cases in question involved banks across the region. In 2018, for example, Denmark’s Danske Bank was implicated in a €200 million money laundering scheme connected to its Eastern European and Russian branches. In 2019, Sweden’s Swedbank was also implicated in the Danske Bank scandal after an investigation revealed it had laundered around €20 billion in its Estonian branches for Russian customers. In 2020, another Swedish institution, SEB Bank, was fined SEK1 billion after an investigation revealed poor money laundering controls in its Baltic branches.
In response, in 2021 Nordic governments collectively requested that the IMF conduct an independent review of the region’s money laundering and terrorism financing risks, so that regulators could take appropriate steps to strengthen their regulatory compliance controls.
Given the increased focus on anti-money laundering (AML) and counter-financing of terrorism (CFT) in the region, it is more important than ever that companies understand the Nordic regulatory landscape and the compliance obligations that it entails.
Nordic Banking Regulators
All of the Nordic states have established dedicated domestic authorities, known as Financial Supervisory Authorities (FSA) to provide oversight and supervision of AML/CFT regulation. Key regulatory bodies include:
Norway – Finanstilsynet
The Financial Supervisory Authority of Norway supervises Norway’s financial system, and is responsible for managing the licensing of banks and financial institutions, with the goal of ‘promoting financial stability and well-functioning markets’.
Norway’s primary AML regulation is the Anti-Money Laundering Act. As a member of the EU, Norway implements the Anti-Money Laundering Directives.
Sweden – Finansinspektionen
The Financial Supervisory Authority of Sweden provides oversight of all banking, securities and insurance companies, working to ‘authorise, supervise and monitor all companies operating in Swedish financial markets’.
Sweden’s primary AML regulations are the The Money Laundering and Terrorist Financing (Prevention) Act and the The Act on Penalties for Money Laundering Offences. Sweden is also in the EU and implements its Anti-Money Laundering Directives.
Denmark – Finanstilsynet
The Danish Financial Supervisory Authority is responsible for the ‘supervision of financial undertakings’ of banks and other financial service providers in Denmark. It also assists the government in developing financial legislation, and collects and communicates financial sector statistics.
Denmark’s primary AML regulation is the Act on Measures to Prevent Money Laundering and Financing of Terrorism. As an EU member state it implements the Anti-Money Laundering Directives.
Finland – Finanssivalvonta
The Finnish Financial Supervisory Authority provides oversight for Finland’s financial and insurance sectors, working to ‘enable balanced operations of credit institutions, insurance and pension companies and other supervised entities in stable financial markets’.
Finland’s primary AML regulation is the Act on Preventing Money Laundering and Terrorist Financing. Finland also implements the Anti-Money Laundering Directives as an EU member state.
Iceland – Seðlabanki Íslands
Iceland’s Financial Supervisory Authority merged with the Central Bank of Iceland in 2020, with the Central Bank taking on its supervisory responsibilities. As a regulator, the Central Bank is responsible for monitoring Iceland’s financial institutions ‘to ensure that their activities are in compliance with the law and with Governmental directives’.
Iceland’s primary AML regulation is the Act on Measures against Money Laundering and Terrorist Financing. Although it is not an EU member state, Iceland is part of the European Economic Area (EEA) and adopts elements of the Anti-Money Laundering Directives as part of its domestic AML/CFT legislation.
Nordic Banking Risk Environment
Nordic banking money laundering scandals created financial turmoil across the region. The pattern of compliance failures suggested that Nordic banks were collectively struggling to implement effective AML controls, and failing to adequately address risks. Key compliance vulnerabilities that may have contributed to the compliance failures of the Nordic banking system include:
Nordic banks struggled to share important risk data across borders and institutional frameworks due to barriers such as data secrecy laws. Following the AML scandals, Nordic banks launched a joint scheme to share information on suspicious transaction patterns.
Nordic banks used out of date AML/CFT technology, creating regulatory blindspots and generating high volumes of false positive alerts. The remediation of false positives not only created administrative backlogs, but had a negative knock-on effect on the effective management of true positives.
Nordic banks relied on manual compliance processes during important customer due diligence (CDD) processes, leading to poor quality risk profiles and slower alert remediation. The challenges of manual compliance were exacerbated as firms were forced to deal with high volumes of alerts.
Employee Compliance Training
Research suggests that employees of Nordic banks were hesitant or unable to address compliance violations, with up to 62% of employees failing to intervene upon discovery of unethical behaviour. The deficiencies in regulatory awareness reflected a failure in company leadership and a need to enhance compliance training to better spot money laundering red flags.
AML Solutions for Nordic Banking
In the wake of its AML challenges, the Nordic banking community is taking collective action to address its compliance failings, including an effort to enhance the data that it collects in order to perform more robust CDD and build more accurate risk profiles.
The push for better customer data also reflects the need for better financial crime technology solutions. For example, banks that previously relied on manual Google searches of customer names and risk factors, are now implementing automated screening solutions, adding speed and accuracy to their compliance processes, more intuitive name-matching, and the capability to adapt quickly to changes in the risk environment.
Beyond speed and accuracy, the automated screening solutions add depth and detail to customer data processes, with advantages over manual searches that include:
- Name-matching: Automated solutions can screen against a vast range of customer names in different language systems. Similarly, solutions can be programmed to recognise regional naming conventions, aliases, and spelling variations.
- Politically exposed persons: Automated PEP screening enables firms to capture information from a range of PEP lists. In conjunction with other screening tools, automation allows for the swift detection of changes in PEP status.
- Adverse media: Automated adverse media screening solutions can cover a variety of news stories from different foreign countries, taking into account source reliability and political bias.
- Sanctions screening: The global sanctions landscape changes constantly. Automated sanctions screening helps firms know as soon as possible when a customer is designated on a sanctions list and use fuzzy logic algorithms to account for naming discrepancies.
Future Compliance Considerations in Nordic Banking
The Nordic banking community is likely to focus on improvements to its collective KYC framework. The EU’s anti-money laundering directives will also have an effect on Nordic banking AML compliance: the Sixth Anti-Money Laundering Directive (6AMLD) came into effect on 3 June 2021, with an overt focus on the harmonisation of anti-money laundering standards across the EU. The EU also recently announced an update to 6AMLD; particularly relevant to Nordic financial institutions is the introduction of new whistleblowing protections for workers that identify compliance violations within their companies.