Pour Clifford Chance, Swedbank a facilité le risque de blanchiment
Résumé : suite aux divers scandales liés à une réglementation anti-blanchiment défaillante de certaines banques en Scandinavie, Clifford Chance a mené une enquête sur Swedbank et les rapports du groupe avec une clientèle non résidente.
Le rapport Swedbank* est très détaillé et a été le fruit d'une enquête très étendue qui a dû être très chère :
« The Investigation was broad and intensive, and considered billions of transaction records, approximately 160 million customer records, over 38 terabytes of electronic and scanned hard copy data from Swedbank’s internal files, including over 20 million documents gathered from email servers, employee laptops and mobile devices, shared server files, KYC materials, internal audit reports, and Board and key committee minutes and supporting materials. This data was reviewed against targeted search terms, which were adjusted as we learned more as the Investigation progressed. The Investigation involved the collection and review of relevant documents in multiple
languages, including Swedish, Estonian, Latvian, Lithuanian and Russian. Clifford Chance conducted nearly 100 interviews of 81 individuals, including current and former employees, managers and senior executives, current and former Board members, and an external counsel. » (p. 6).
Le rapport souligne qu'aucun acte de blanchiment n'a été identifié mais que Swedbank a facilité le risque de blanchiment :
« As is set forth in detail in this Report, based on the available information, Clifford Chance did not conclude that Swedbank engaged in money laundering or processed customer transactions that constituted the proceeds of crime. Among other things, this would require definitive knowledge of a customer’s source of funds, which was not available. » (p. 6).
Les défaillances relevées étaient classiques (absence de justifications sur l'origine des fonds ou sur la réelle activité des bénéficiaires économiques, structures de détention des comptes opaques) :
« Although Swedbank Estonia created a special committee to review the on-boarding and maintenance of HRNR customers, the Investigation has identified that this committee approved high risk customers without having complete documentation regarding the ultimate beneficial owners (“UBOs”), proof of source of funds or explanation of the legitimate business purpose of the customers, and did not address red flags that arose from the information that was provided. Some of the companies had complex and opaque ownership structures involving off-shore entities organized in low tax jurisdictions, as well as ownership through foreign trusts and similar vehicles for which the UBOs were difficult to verify. » (p. 7)
Le rapport relève également une divergence entre les bénéficiaires économiques déclarés dans la documentation bancaire et ceux identifiés par les employés qui acceptaient cette divergence :
« Swedbank Estonia also accepted customers despite awareness amongst employees, including relationship managers (“RMs”), that the listed beneficial owners were not the actual UBOs, and in situations in which the prospective customer refused to provide verifiable beneficial ownership information. In addition, at Swedbank Estonia, employees involved in the HRNR business kept certain information regarding the UBOs for some customers outside of Swedbank’s regular customer databases and retained the information in hard copy in a safe or locked drawer to assuage the customer’s concern that the true UBOs may become known to third parties. Swedbank Estonia employees also accepted customer corporate structures knowing that they were designed to conceal the true UBOs from home country tax authorities » (p. 7)
Sur ce thème des bénéficiaires économiques :
- la banque disposait d'une liste de personnes physiques qu'elle utilisait comme ayant-droits économiques pour des structures détenues par des oligarques russes (p. 55) !
- selon le CEO de l'une des filiales du groupe. la banque ne devait pas documenter qui était le bénéficiaire économique d'actifs pour autant qu'elle l'ait identifié (p. 78) !
Absence de perception du risque que courait la banque du fait de ses manquements :
« the Swedbank CEOs appeared to lack an adequate appreciation for the severe risk posed to the institution by the HRNR business in Baltic Banking, given the consistently ineffective AML controls. This lack of appreciation for the degree of risk was evidenced by the Bank’s failure to adopt a Group-level AML risk appetite statement until 2017, or to take steps to ensure consistency of approach to risk rating customers across business lines. The Investigation also found that because senior management failed to appreciate the degree of legal and reputational risk to Swedbank, it did not always engage with the Board in a manner consistent with the importance of these issues. » (p. 9).
Passivité du conseil d'administration :
« As to the Board, the Investigation determined that while the Board was not apprised of the full extent of the legal and reputational risk posed by the AML issues in the Baltics, the Board was informed through regular GIA reports of recurring problems in AML controls, including in the Baltic Subsidiaries. Interviews of Board members indicated that the Board generally understood, based on statements from Swedbank’s management, that these matters were under control. Although the minutes of the Audit Committee do reflect relevant discussions of these issues, the full Board record does not reflect significant challenge by the Board to management on the AML issues that were presented to them. » (p. 11)
qui n'avait pas été renseigné par la direction sur les problèmes potentiels, ce qui illustre la difficulté du rôle du conseil qui doit surveiller la direction mais dépend de la direction pour être alimentée en informations pertinentes :
« Further, the Investigation indicates that, throughout the Investigation Period, Swedbank senior management failed to ensure that the Swedbank Board was properly educated about and fully appreciative of the material legal and reputational risks that the historical compliance deficiencies posed to the institution. This failing was particularly acute during the period from 2016 through into early 2019, when Swedbank’s control functions, with the support of external consultants, had identified to senior management their view of the seriousness of the historical deficiencies, conduct and attendant risks. » (p. 140)
Le récent transfert de fonctions de la deuxième ligne de défense à la première, ce qui est une réflexion nécessaire pour les banques afin d'assurer une articulation appropriée entre les activités des diverses lignes :
« Prior to the formation of GSI (Group Security and Investigations) in 2017, these activities were dispersed over different Business Areas and Group Functions across the first and second lines. With GSI’s creation, Swedbank transferred some of the Compliance function’s responsibilities (e.g., daily transaction monitoring and screening, as well as the general AML framework) to GSI in the first line. Money Laundering and Risk Officers (“MLROs”) and Financial Sanctions Officers, who had previously been part of the Compliance function, were also transferred to GSI. » (p. 46)
Absence de mesure uniforme du risque AML au sein du groupe :
« However, as these examples indicate, the Group did not implement a process to ensure a common risk assessment and rating approach to common customers or to resolve disagreements within the Group over appropriate risk mitigation measures. » (p. 78).
L'identification des problèmes par un employé qui s'inquiétait du fait que l'activité avec une clientèle non résidente à haut risque ne correspondait pas au métier de base de Swedbank :
« In response to these concerns, the compliance manager told the AML officer that the Draft NR Regulation was only a proposal and the ultimate decision rested with the business, but emphasized that “there is a strong case for limiting the business like this . . . if anything happens there is no way we can explain to shareholders why we did this if it is a business outside Swedbank’s profile. We are a low risk profile retail bank with clearly defined business and home markets in the eyes of shareholders.” » (p. 79)
Absence de transparence dans les rapports avec l'autorité de surveillance :
« The Investigation did not conclude on the available evidence that Swedbank or the Baltic Subsidiaries knowingly provided false information to regulators. The Investigation did, however, identify some instances where Swedbank and the Baltic Subsidiaries may not have provided adequate context in their responses to regulatory requests, may have failed to provide updated information, or may have interpreted a request in an overly technical or narrow manner. In considering these instances, it is important to note that a bank typically has constant interaction with its regulators, and that the instances listed below should be fairly considered in the context of the overall dialogue over time » (p. 164)
* Le rapport d'enquête sur Danske Bank avec une note d'analyse se trouve ici.