Until the mid-2010s, the Nordic Region (including Norway, Sweden, Denmark, Finland, and Iceland) was perceived as relatively low risk from a financial crime perspective. Since then, a number of published whistleblower leaks, independent investigations, and journalist exposés have spurred regulatory actions against the largest Nordic banks.
Nordic regulators have increased their surveillance of these banks that are resulting, based on publicly available information, in the identification of several thematic weaknesses. First, the banks lacked sufficient oversight of Baltic operations, including an absence of governance that led to a misalignment between the Nordic head office and foreign operations. Second, they failed to fully assess the risk posed by high-risk and non-resident customers as well as the inherent risk of operating in the Baltics – particularly given that they are ex-Soviet states who maintain cultural, financial, and political ties with Russia. Finally, the banks had a clear misalignment between their financial crime risk assessment, risk strategy, and business that they were conducting in their foreign branches.
This Financial crimes observer provides our perspective on the lessons learned from the recent enforcement actions and scrutiny of Nordic Banks and what financial institutions everywhere should be doing to ensure they understand their own risks and meet regulatory expectations. It is important to note that many of the cited regulatory deficiencies are not specific to the Baltic region - rather, they highlight the need for financial institutions to enhance their programs in all locations presenting a heightened AML and sanctions risk.