Skip to content

Learning Whistleblowing – From a Whistleblower who uncovered a $230 Billion Money Laundering ring.

To say Howard Wilkinson is a brave man is to totally underestimate the risks he took reporting what he knew. In this article we ask, why do so many people cover obvious criminality up? Learning Whistleblowing – the hard way.

“A whistleblower is like a smoke detector. Every building should have one. Sometimes, the smoke detector goes off, and there’s no fire,” Howard Wilkinson told the Danish Parliament. “But sometimes a smoke detector goes off when there’s a fire that’s in the basement that no one’s found.”

Howard Wilkinson was just a man doing his job. Nothing out of the ordinary, and someone who doesn’t like the limelight. He was a trader in the Estonian branch of Danske Bank in Tallinn. Unfortunately for Mr Wilkinson, he was thrust into the limelight as a hero of honesty, a standard bearer for the truth when he raised the alarm on significant money laundering through the branch. Learning whistleblowing the hard way, through reporting against his employers, Howard took a stance.

$230 Billion of Laundered Money…

I, as a seasoned and rough around the edges detective, am always surprised when these things break. Not that they have broken into the public domain, but that it took so long for it to happen. I can’t grasp how so many people know these things are going on and yet turn a blind eye to it. It is precisely why the Anti-Money Laundering Industry fails every day. Because they don’t deal appropriately with what they find (or in this case even what they’re told). There can be no other explanation when 5% of the World’s GDP is criminal money and the agencies, regulators and AML industry uncover so little of it. Less than 1% of stolen funds are ever recovered globally.

“The smoke detector went off four times,” Wilkinson told the Parliament – informing them he alerted Danske Bank four times. Danske is the largest financial institution in Denmark, so we’re not talking about a backwater institution.

“There was a huge fire. The smoke was filling the corridors. The bank didn’t just ignore the smoke detector; it actively tried to switch the smoke detector off… The smoke detector should not be turned off!” Wilkinson lamented.

Wilkinson went into detail in his evidence to the parliament. He named 10 institutions that were involved in moving the money, this included three entities within Danske bank itself. Yet no one else raised an eyebrow. Not a flicker of a report to the authorities. Not one single employee had even attempted learning whistleblowing and what to do.


Aranea whistleblowing software - intelligence & risk solutions

And this is why we built Aranea. To fix the broken reporting mechanisms within the financial sector, honest people need a way to report what they know, without having to do it internally. To give those that are brave and honest enough, a route to report what they know without having to disclose their identity.


I believe that the financial sector is institutionally corrupt. The scandals are too many, the criminal rewards too great and the sheer ineptitude too brazen to accept it is done unwittingly. Yet we, as a global society, see zero convictions for what can only be described as collusion within the sector itself.

Suspicious Danske customer account – Learning Whistleblowing

Howard Wilkinson worked at the Estonian branch of Danske Bank for just over seven years. Through a very simple check, Wilkinson found that a client of the bank ‘Lantana Trading LLP’ was a UK shell company. A full year after Wilkinson reported this to his managers, a senior bank official told him that Lantana was no longer a Danske client and said that another official told him that one of Lantana’s owners was a relative of Vladimir Putin.

Learning whistleblowing - money laundering scandal danske bank - intelligence & risk solutions
Lantana Trade LLC accounts showing very little going through them

“I knew that the non-resident business was the key income driver for the Estonia branch and for the Baltics as a whole,” says Wilkinson during a Fraud Magazine interview. An internal memo later uncovered said that 90% of Danske’s Estonia profits came from non-residents. “However, we were all repeatedly told that the risks were carefully managed. … We were told that Estonia had the best AML procedures in the group.”


Clarity – A non-resident business is an immediate money laundering risk and one that should require what the industry calls ‘EDD’. Enhanced due diligence. This provides further insight into the potential motives and competence of those working in AML within Danske bank in Estonia – Why did they not check? Another red flag for Money laundering is bank branches around known risk states, and money coming from those risk states into the neighbouring countries banking system. For the Estonian branch AML compliance team to either not know this or worse acquiesce to the money laundering going on is criminal – knowing the money was coming from Russia.

Clarity – A non-resident business is a banking customer in one jurisdiction, managing the accounts for a business registered in another. Why? Because the authorities in one jurisdiction will not be interested in a business’s operating practices (and accounts) that is registered and effectively under AML regulation of another jurisdiction. However, the registering jurisdiction is likewise not interested in a business that operates abroad. So the non-resident slips between the crack, in terms of monitoring and responsibility for that. Danske Bank staff will have known about those risk and ought to have had them documented in their AML procedures and policies. Additionally, looking into the beneficial owners of Lantana, one can see they are other entities. not real people, and they are registered in offshore ‘tax havens’. All Money laundering red flags.


An account manager at Danske asked Wilkinson for help in obtaining financial information on a supposed British customer, Lantana Trade LLP. “Lantana Trade had accounts open and wanted to start doing foreign exchange transactions,” Wilkinson says. He was curious about this business, so he spent £1 to buy Lantana’s filing history from the UK Companies House website.

Lantana was a “Dormant Limited Liability Partnership Account” with £0 to its name on the balance sheet. “This of course was not consistent with the company having had accounts open in the bank for several months prior to the account period end date, with significant activity level and account balances,” Wilkinson says.

“It was on the face of it suspicious,” said WIlkinson.

We have a saying in the police that involves excrement and Sherlock Holmes that springs to mind with this statement.

Wilkinson contacted the Danske account manager and financial compliance officer to explain the problem. “The compliance officer promised to follow-up with the customer,” he says. “The member of branch management later told me that the customer had made a mistake with its filing and would refile with amended accounts.”

“In the absence of any context of general concern on my part, this seemed plausible,” he says. “Clients often controlled several companies with accounts in the bank, which opened and closed down frequently. All account openings for non-residents had to be approved by a special committee, so frequent openings and closings didn’t give me any particular concern. It was not impossible that in isolation the filings for two companies could have gotten mixed up.”

A year after Wilkinson’s Lantana discovery, a senior bank official had told him that Lantana was no longer a Danske client and said that another official told him that one of Lantana’s owners was a relative of Vladimir Putin.

“In general, chucking bad clients out of the bank is a positive sign,” Wilkinson says. “However, given the context that this client was exactly the one that I had highlighted the year before as having filed false accounts, this was a concern. The colorful links that the senior official mentioned to me — that Lantana’s beneficial owners included officials from the FSB [Russia’s internal security and counterintelligence service, Federal Security Service] and a relative of President Putin — only added to my concern.”

At the end of 2013 Wilkinson checked Companies House again to review Lantana’s amended account. “The amended accounts at least showed that the company was not dormant,” he says. “However, they were still false and bore no resemblance to the actual activity level or cash balance of the company. Because I had alerted relevant people in the branch — including a member of management — to the initial false accounts and received assurances from management that things would be sorted out, this indicated that something was very wrong.”

Wilkinson then escalated his concern to Bank management in Copenhagen. This included — the chief risk officer on the executive board, group chief auditor (head of internal audit), group head of AML and head of the Baltic Banking division. The email subject line read, “Whistleblowing disclosure — knowingly dealing with criminals in Estonia branch.”

Wilkinson felt he had no option but to alert senior leaders in the organisation.


Clarity – Whistleblowers don’t think of themselves in such terms. When I reported illegal killings in Afghanistan, I didn’t ‘categorise’ myself as a whistleblower. I just saw it as doing my job. As a senior criminal detective, I naively thought my opinion and disclosure would be taken seriously. It wasn’t. And it was only when I got home, I realised through talking to foreign office staff I was being talked of as a whistleblower. Wilkinson will have thought similarly. That he was just doing his job to protect the bank’s reputation and stop criminal activity within it. Not blowing the whistle – a term that at least hints at treachery.


“It is not appropriate to raise these issues within the branch due to their serious nature, that it is unclear at what level in the branch there was knowledge of the incident and because of a general problem regarding confidentiality in the branch,” Wilkinson wrote in the email.

Wilkinson described to the Danske officials his investigation’s findings, he emphasised these problems:

  • The bank knowingly continued to deal with a company that had committed a crime (probably there is some tax fraud here too).
  • An employee of the bank co-operated with the company to fix the “error.”
  • The bank continued dealing with the company even after it had committed another crime by submitting amended false accounts.
  • The bank in the first place managed to open an account for a dormant company — quite an achievement.

He summed up these issues.

  • The bank may itself have committed a criminal offense.
  • The bank can be seen as having aided a company that turned out to be doing suspicious transactions (helping to launder money?).
  • The bank has likely breached numerous regulatory requirements.
  • The bank has behaved unethically.
  • There has been a near total process failure.

Wilkinson wanted to ensure that the Lantana case really was just a one-off. “So, being curious, I independently decided to dig a little more and looked at the accounts of three of the most profitable LLP clients in the branch,” he says. “They were all false and looked very similar to the previous one; they were inconsistent with actual activity levels and actual cash balances. These three also turned out to share the same registered address in the U.K. This was scary. It appeared there was something systemically really bad going on.”

He sent a second whistleblowing report at the beginning of 2014 to the internal auditor who’d been tasked to look into the issues from Wilkinson’s first report.

For a period the internal audit investigations seemed to proceed properly. However it soon became clear that group management wasn’t going to take the necessary urgent action.

Wilkinson checked 12 additional profitable LLP clients. “All had the same registered address as the three in my second whistleblowing report,” he says. “All looked basically the same and were wholly inconsistent with actual activity on the bank accounts. … In total, I looked at 16 large limited liability partnerships [LLP] clients — all with false accounts and 15 with the same registered address.

“Later that month, I made a third whistleblowing report,” Wilkinson says. He then gave a fourth whistleblowing report to an executive board member and senior lawyer. When they also failed to act urgently, Wilkinson left the bank to report independently of the bank to the appropriate authorities.

Danish authorities eventually investigate – Learning whistleblowing.

The Danish Financial Supervisory Authority (FSA) eventually began investigations after Wilkinson’s reports to Danske. “Danske Bank has historically not lived up to its obligations in the AML area,” according to a summary memo from the FSA to the Danske Bank board of directors and executive board.

The FSA wrote that Danske Bank Group’s internal audit department’s audit letter reported:

  • Some customers had companies that existed for less than two years in order to be able to avoid submitting financial statements.
  • The corporate structures were complicated with activities in countries of the former Soviet Union and companies in other countries, including tax havens.
  • The beneficial owners of companies that were customers of the branch were not known by the bank or were known but not registered in the relevant systems of the branch.
  • Branch management stated that the reason for the lack of identification of the beneficial owners was that the customers could experience problems if Russian authorities requested information.
  • The branch cooperated with nine unregulated Russian intermediaries on customers’ payments out of Russia. In this connection, as part of the transactions, the branch bought Russian bonds and entered into foreign exchange transactions with the intermediaries.

According to the Danish FSA, “In the period after the whistleblower report, there were several indications that members of the management and/or employees of the bank were colluding with non-resident customers in criminal activities or, at least, knew of such activities. The bank did not, however, investigate this, and there were no managers or employees who were dismissed or relocated because of such a suspicion.”

The Danish FSA never contacted Wilkinson during its investigations, which a European Parliament report described as “grossly negligent.”

Subsequently, Danske Bank internally investigated itself in fits and starts with various work groups, and often reluctantly cooperated with the Danish FSA, according to the FSA. The Estonian FSA also conducted AML inspections at the Estonia branch and was “very critical in its reporting,” according to the memo.

We now have a newly heightened awareness of money-laundering risks in several European countries that seemed to have regarded themselves as exempt.

You would think that there would be significant criminal sanction after such flagrant disregard for international standards at such a prestigious bank. But not yet.

Learning Whistleblowing – The Outcomes so far.

The CEO of the Estonian operation for Danske Bank committed suicide in 2019.

Danske CEO, Thomas F. Borgen, resigned.

The Danish FSA ordered Danske’s “Board of Directors and the Executive Board to ensure that when there is suspicion of the bank’s managers or employees colluding with customers in criminal activities or knowing of customers’ criminal activities, the bank conducts adequate investigations and takes the suspicion into consideration on an ongoing basis when allocating tasks to these managers or employees,” among many other orders and reprimands.

A Danish law firm employed by Danske released a report into Danske’s Estonia branch. “The Bank has clearly failed to live up to its responsibility in this matter,” said Ole Anderson, chairman of the bank’s board of directors after the law firm released the report. “The findings of the investigations point to some very unacceptable and unpleasant matters at our Estonian branch, and they also point to the fact that a number of controls at the Group level were inadequate in relation to Estonia.”

In December 2022, Danske Bank pled guilty and agreed to a $2 billion fine in a case from the United States Department of Justice.

Ten people from the Estonian branch were arrested. Estonia arrests ten in Danske Bank money laundering inquiry | Reuters

Dankse paid $671 million to Danish Authorities.

Danske setteld with the US Securities Exchange Commission for $400 million

Estonian regulators ordered Danske to close its operations in Estonia.

Danske also closed its activities in Latvia, Lithuania and Russia.

Conclusion

It seems that despite regulations and recommendations existing on a global scale internationally recognised and respected financial institutions repeatedly get caught up in scandals. Scandals so large it makes the regulators look at tightening the regulations. Yet, the regulations, policies and processes to restrict money laundering are already in place.

It isn’t the regulations that are the problem.

It is criminals operating within banks and institutes and totally incompetent AML operations that are to blame. Until we get executives held to account, and significantly held to account, for failings that can’t be anything other than criminal activity within their organisations, we will see scandals repeated.

The rewards are just too great and the likelihood of criminal sanction of employees so unlikely the equilibrium of change just isn’t there.

This is why HX5 Encrypted built Aranea. Because what is abundantly clear to us, is the complete failure of the financial sector and the regulators to effectively and efficiently manage international criminal gangs and their money.

We believe the route to change, aided by our small company, is to give those brave enough to speak out, a channel to do so completely anonymously and through encryption so that appropriate action and cash seizures can bring those guilty to justice. You can view the whistleblower version of our offer at this website. The website you are reading, is our offer to organisations that want to run effective and efficient whistleblowing platforms. The two sites target the two sides of the equation, the whistleblower and his employer.

It seems, in this report, there were at least 20 people involved inside Danske bank directly aware of what was going on. And there will no doubt be more that aren’t highlighted within the reports of what happened. A wise old detective once told me, “Leaders should double check on the performance of those that get results at the top of their game.” And this is in the field of policing. It seems that when ‘good’ cops out perform their peers so much, you should look to see from where they get the intelligence to act on operations.

My view is this is even more relevant in the financial sector.

Because money is involved. When we have surveys of Bankers earning more than $500,000 per annum showing those respondents believe to ‘get to the top’ you have to at least dip your toe in criminality, it is obvious where the scrutiny should start.

If you know something that isn’t right in your organisation you can download the app below and alert us to it. We will help you to uncover criminality and protect your reputation and identity above all else. And, by the way, protect your organisations reputation by helping them to fix whatever it is you have found.


Contact us to use this article or get an interview with the author

Andy Parr – Managing Director HX5 Encrypted.

Andy’s Bio:

Andy served in the UK military before joining the Police in 1992. He rose through the ranks and became a criminal detective in 2001. He led investigations into the most serious and organised crime including violent crime and murder, money laundering and the proceeds of crime, drug trafficking, fraud and serious sexual offences. In 2015 Andy deployed to Afghanistan where he worked mentoring senior Afghan police in how to manage criminal intelligence and infiltration operations. He blew the whistle on illegal killings in Afghanistan and subsequently retired from the police. In 2018 he went to work in the Cayman Islands where he worked in Anti-money laundering compliance, writing policy and procedures, training and guidance manuals. Andy holds an MBA from Bradford University, is a qualified anti-money laundering specialist with ACAMS and is a chartered manager. He founded HX5 Encrypted in 2023 and aims to help whistleblowers get the support and help they need to report wrongdoing effectively without compromising their identity.


Download the app and report what you know today.

Apple aranea whistleblowing app download - intelligence & risk solutions
Android aranea whistleblowing app - intelligence & risk solutions

Credit to Fraud Magazine for the interview with Howard Wilkinson.