Following the so-called Panama Papers Nordea’s President and CEO, Casper von Koskull, initiated an internal investigation to conclude whether Nordea Bank S.A. in Luxembourg (NBSA) has adhered to internal rules and external regulations regarding activities related to offshore structures. The investigation has now been completed and presented to Nordea’s Board of Directors. All relevant supervisors have been or will be informed of the findings. Nordea has decided on a number of actions to immediately address key conclusions and the recommendations made by the investigation.
The internal independent investigation has been led by Nordea Group Compliance and Nordea Group Operational Risk with advice and support from Mannheimer Swartling as well as local auditing and law firms. The scope of the investigation has been offshore structures which are either administered by the law firm Mossack Fonseca and/or incorporated in Panama and which had a customer relationship with Nordea Bank S.A. in Luxembourg (NBSA) at 15 April 2016:
– On 15 April 2016 NBSA had 129 offshore structure customers in scope for the investigation, out of the total number of 562 offshore structures in NBSA.
– In addition, 16 structures in Nordic Private Banking have been reviewed.
– The tax part of the investigation has covered the full period 2010-2016 for which 137 structures have been in scope, but a few of these were closed before 15 April 2016.
– Total assets under management in the 129 structures amount to EUR 216m. Five of the structures have beneficial owners resident in the Nordic region.
In addition, the Swedish law firm Mannheimer Swartling has been appointed by the Group CEO and Board of Directors of Nordea Bank AB (publ) to make a separate review in order to conclude how the management and the board of NBSA have managed their duties in relation to the operations of offshore structures from a governance and risk management perspective.
Key conclusions from the internal investigation
• The investigation concludes that NBSA has offered administrative services to customers, but it has neither found evidence that employees have initiated the establishment of offshore structures, nor that they have proactively contributed to customers’ potential tax evasion.
• NBSA has had relevant policies and instructions in place, eg related to Know Your Customer (KYC), Anti Money Laundering (AML), tax reporting and tax compliance, and complied with both Nordea Group Directives, Luxembourg legislation and ICMA guidelines.
• Separately from the Private Banking investigation, Nordea has also reviewed the Russian management’s ownership of private offshore structures. We have found no evidence of any violations of Nordea’s internal policies in relation to establishing or maintaining such structures. Documents provided by the employees also support that these structures have been reported to the relevant tax authorities as required by Russian law. The review has identified one case in breach of the code of conduct in Nordea Bank Russia related to advice.
• The Code of Ethics decided by NBSA in the autumn of 2009, reaching beyond what is required by Luxembourg law and stipulating that Nordea employees must reasonably ensure that customers comply with relevant rules for declaration and taxation, has not been consistently implemented. The instructions for how to document adherence to the policy have been insufficient.
• At the time of customer onboarding NBSA has had sufficient evidence of tax compliance in accordance with the Code of Ethics in 114 of the 137 offshore structures.
• After onboarding there are various signs of a different nature in 68 of the customer files from 2010-2016 that require further analysis to confirm that the beneficial owners of these structures have adhered to Nordea’s policies regarding tax evasion. Most of the cases refer to the period before 2013.
• The investigation has reviewed 21 Private Banking customers (5 in NBSA and 16 in Nordic Private Banking) who are Nordic residents with an active offshore structure during 2010-2016. Among these customers there are five cases that require further analysis.
• The investigation has found that many of the reviewed KYC files fall clearly below the standards set forth in the Group’s policy. This is mainly related to the so-called enhanced due diligence (EDD) required for high-risk customers. The regulation also stipulates that all customer files need to be updated on a regular basis, the so-called ongoing due diligence (ODD), which in the files investigated has not been the case to a sufficient degree. An improvement has been noticed in recent years.
• The investigation has found seven cases where renewal of Powers of Attorney have not followed internal policies, but all criteria required for this to be defined as illegal are likely not met; ie employees have not had a clear benefit or illicit advantage of backdating.
Statement from the Swedish law firm Mannheimer Swartling
Based on the review, Mannheimer Swartling has concluded that deficiencies exist related to the governance and control structures in NBSA. In view of the results of the internal independent investigation carried out by Nordea Group Compliance and Group Operational Risk, it is clear that certain deficiencies related to AML and tax issues exist in NBSA. While the board and the executive management of NBSA have been aware of the operations associated with offshore structures and also identified certain associated risks related to AML and tax issues, they have not viewed, identified or addressed offshore structures as such entailing specific risks or received reports from eg the risk and capital or compliance functions of any such risk.
“We believe that the insight we have obtained during the independent internal investigation carried out by Nordea Group Compliance and Group Operational Risk is sufficient and appropriate to provide a basis for our judgment that it has been completed with high professionalism in defining the scope, methodology, structure and documentation of findings, that the conclusions in a good way reflect the fact findings and that no material findings have been excluded from the conclusions presented,” says Biörn Riese at Mannheimer Swartling.
Following the completion of the investigation, Casper von Koskull, President and CEO of Nordea, comments: “Group Compliance and Group Operational Risk have done a very robust investigation where approximately 60 persons have spent more than 30,000 hours going through more than 10,000 documents to get all facts on the table. The investigation shows that Nordea in Luxembourg at an early stage introduced new, stricter policies and standards regarding tax compliance in 2009, long before this was market practice or required by law. This was complemented by training programmes and hiring of tax competence. However, I’m disappointed that the investigation shows that the implementation was insufficient. That is not acceptable. The deficiencies are, to a large extent, of a governance and control nature. Even so I’m comforted by the conclusion that no evidence has been found that Nordea employees have proactively contributed to tax evasion. I want to be absolutely clear. We do not accept Nordea being used as a platform for tax evasion or aggressive tax planning. Nordea is the largest bank in the Nordic region and has a special obligation to be a good corporate citizen. Taxes are mandatory, and tax compliance by corporates and individuals is critical for society at large. We recognise that following the letter of the law only is not enough. We must adapt to our stakeholders’ expectations and the norms society has today to earn our customers’ trust.”
Mr. Casper von Koskull initiated a number of initiatives like:
• The Business Ethics and Values Committee is an operational function that will proactively work to develop key policies and strategies and ensure that they are in tune with our Nordic values as well as our stakeholders’ demands and views on what a responsible bank must adhere to.
• Policies will be changed in order to minimise the room for individual interpretation. We must have a common view on compliance and a consistent implementation of our policies throughout the Nordea Group.
• The established Tax Board on group level will make the call on complex issues and ensure consistent decisions on these matters.
With these initiatives and the measures below I’m confident that we have mitigated the identified deficiencies. Compliance is by nature never done. We will now continue our investigation as part of the continuous operational risk and compliance work, and we will continue to invest in and strengthen our compliance functions.
Summary of measures taken by Nordea
• Nordea will apply stricter governance of Nordea Bank S.A. in Luxembourg (NBSA) and integrate NBSA into the Nordic organisation while also respecting the legal and governance responsibility of the board and management of NBSA. The decision to integrate NBSA into the Private Banking organisation is to ensure a consistent implementation of policies and secure a fully compliant culture. NBSA will have a new board composition also including an external board member and internal control functions will be strengthened. A strategy and risk review of NBSA will also be conducted in respect of the jurisdictions where our customers are present and considering, among other things, relevant Nordic business relations criteria. The likely outcome will be a more limited scope going forward.
• NBSA has taken immediate action and blocked the accounts where suspicious indications were found. This goes for the 68 cases highlighted by Group Compliance. We are in accordance with our policies investigating these accounts further to obtain reasonable comfort that customers comply with relevant rules for declaration and taxation. Otherwise their accounts will be closed. Even if an account will be closed NBSA will still fulfil its reporting obligations under the OECD’s Common Reporting Standard (CRS).
• Nordic Private Banking customers will also be handled without delay to verify that documentation is complete.
• Nordea will strengthen its tax policy on customer advice for the Nordea Group.
• NBSA will immediately ensure that the required KYC data are provided.
• Nordea will say no to all new company structures where the business purpose is not clear.
• NBSA will enforce new, stricter criteria for existing and new customers having offshore structures. As a consequence the number of customers with offshore structures will be significantly reduced. Offshore structures will not be allowed unless the CRS can be fully applied to the ultimate beneficial owner of the offshore structure, allowing automatic exchange of information between tax authorities. New criteria also include clarified requirements regarding documentation to support sufficient evidence of tax compliance, board of directors, acceptable jurisdictions, etc. All current offshore structure customers at NBSA will now be reviewed based on these clarified requirements, and also from a KYC and tax perspective. If not deemed acceptable, the customer relationship will be terminated. This review will be finalised by the end of 2016.
• NBSA will no longer assist customers with the administration of offshore structures neither with the law firm Mossack Fonseca based in Panama nor with other corporate service providers. As previously stated, all of our interaction with Mossack Fonseca is currently being discontinued and is expected to be completely discontinued by the end of the year.
• Nordea will promptly take action on all the recommendations in the report.
• Nordea will continue to strengthen competencies and resources in control functions in the Group and NBSA.