Files submitted to compliance workers from overseas often lacked detail about who was transmitting money, according to former workers and legal filings in the 2016 lawsuit. Specialists hired to advise the bank on gaps in its monitoring systems were instead assigned to review individual transactions that those systems had flagged. They were often rebuffed by New York executives or supervisors in New Jersey if they singled out particular customers for deeper scrutiny.

In such cases, staff members were directed to file routine “suspicious activity reports,” or SARs, a basic legal requirement in cases where bank employees consider a source of funds to be questionable. Such filings record potentially problematic activity but don’t trigger government reviews on their own. Often, they simply languish at the Treasury Department.

Customers’ Clients
Deutsche executives’ public responses to the Danske case tend to sidestep concerns about “know your customer” efforts. Because their bank had a correspondent relationship with Danske, they’ve argued that the Danish bank was the only customer they were required to know -- not clients who were banking with Danske.

“The primary duties rest with the bank that has the immediate contact with the client,” said Karl von Rohr, Deutsche Bank’s co-deputy CEO and legal head, on Feb. 1.

As Douglas Sloan, then a financial crimes investigative chief for Deutsche’s U.S. unit, said in testimony in December 2017: “We don’t know our customers’ customer on the other side of the planet.”

But it’s not that simple. U.S. banking laws require correspondent banks to make sure their customers are policing their own clients -- especially on big transactions. Another bank clearly had qualms about Danske; JPMorgan Chase & Co. ended its correspondent relationship with Danske’s Estonian branch in 2013. Bank of America Corp. cut off its relationship with the unit in May 2015. Deutsche Bank was the last to break with Danske later that year.

Why? Stephan Wilken, who runs Deutsche’s anti-money-laundering operations, told the European Parliament that he couldn’t speculate on what other banks saw, but a decision to break off business must be organized and planned.

‘Excellence Award’
Still, some aspects of the bank’s approach raise questions. Like other correspondent banks, it relies on a largely automated system called “straight-through processing,” or STP. That system checks names and places against government risk lists and other factors. For years, executives have bestowed an “STP Excellence Award” on customers that successfully move money through Deutsche’s system while raising the fewest red flags. The awards have sometimes gone to questionable recipients.

Cyprus-based FBME Bank Ltd. won eight of them through 2013, according to news releases. The Treasury Department later accused that bank of having weak money-laundering controls that allowed customers to conduct more than $1 billion in suspicious transactions through various correspondent accounts, including one with Deutsche Bank’s U.S. unit, from 2006 to 2014. Treasury officials said FBME helped organized crime and terror groups move money, evade sanctions and develop banned weapons. Deutsche Bank wasn’t accused of wrongdoing in the case.

The “mirror trades” scandal surfaced another issue: Warning bells sounded at the U.S. investigations unit after another European bank questioned some of the transactions, but the unit failed to follow up, according to an internal Deutsche report and a 2017 consent order issued against the bank by New York’s Department of Financial Services. Beyond that, the German bank didn’t even deem Russia to be at high risk for financial crime until late 2014 -- much later than its peers -- according to that 2017 order.