Regulatory Alerts2026-04-27
Report on the Inspection of the Compliance Function at Danske Bank A/S
The Danish Financial Supervisory Authority (Finanstilsynet), together with Norwegian and Swedish regulators, issued an inspection report mandating Danske Bank A/S to rectify critical deficiencies in its Group Compliance and risk management functions. The report requires the bank to promptly update its MiFID investor protection risk assessments, ensure thorough monitoring of business unit compliance, and establish adequate guidelines and oversight for credit risk-related compliance monitoring. Furthermore, the bank must strengthen the risk management function's procedures for evaluating the effectiveness of remedial measures, although the inspection did not alter the institution's solvency requirements.
Inspection Report 27-04-2026 The Danish Financial Supervisory Authority (Finanstilsynet) conducted, together with the Norwegian and Swedish financial supervisory authorities, an inspection of Danske Bank's compliance function (Group Compliance) in February-April 2025.
Deposit-taking and mortgage credit institutions must have methods and procedures suitable for detecting and mitigating the risk of non-compliance with legislation, market standards, and internal rules (compliance risks).
To this end, they must have an independent compliance function that monitors and assesses whether these methods and procedures, as well as the measures taken to remedy any deficiencies, are effective.
The purpose of the inspection was to assess whether the compliance function operates appropriately and effectively and complies with the Management Order and ESMA’s guidelines on certain aspects of the requirements for the compliance function under MiFID II.
The inspection was based on compliance risks related to MiFID regulation on investor protection and the credit risk area.
The Danish Financial Supervisory Authority's observations are based, among other things, on a review of Group Compliance's internal guidelines, selected risk assessments, investigation reports, and management reporting.
The Authority also reviewed materials from the risk management function when assessing the bank's monitoring of compliance risks in the credit risk area.
Summary and Risk Assessment
The compliance function must conduct a risk assessment and carry out thorough monitoring of MiFID regulation. This is stated in ESMA’s guidelines [1].
Group Compliance organizes its compliance activities based on risk assessments.
The inspection revealed that they do not ensure sufficient focus on monitoring and assessing the business units' compliance with MiFID rules specifically.
The risk assessment of MiFID's investor protection rules was from 2020.
Group Compliance therefore lacked current insight into the business units' compliance with the rules.
The risk assessment is supplemented by other processes, but these cannot offset the risks arising from the failure to update the risk assessment.
The bank has therefore been ordered to ensure a timely and comprehensive risk assessment of the MiFID rules.
The same applies to other significant rules that Group Compliance is responsible for monitoring. [2]
The monitoring of compliance risks within the financial risk area is handled by the risk management function.
The risk management function does not prepare risk assessments and has no plans for how it will monitor compliance risks in relation to credit risk-related rules.
Furthermore, it lacks sufficient guidelines describing its tasks, roles, and responsibilities regarding compliance risks.
The risk management function does not sufficiently monitor and assess whether methods, procedures, and measures taken to remedy any deficiencies are effective.
Group Compliance has the overall responsibility for monitoring the group's compliance risks.
Group Compliance therefore conducts regular assessments of risk areas covered by the risk management function, including the credit risk area, to ensure that the framework for handling compliance risks in the risk management function is adequate.
Group Compliance has not detected the deficiencies in the monitoring of compliance risks within the credit risk area.
The bank has therefore been ordered to ensure adequate monitoring of compliance risks within the financial risk areas as well as the non-financial risk areas where the risk management function is responsible for monitoring. [3]
The inspection did not lead to any changes to the bank's solvency requirements.
[1] ESMA’s guidelines on certain aspects of the requirements for the compliance function under MiFID (ESMA35-36-152).
[2] Cf. Order on the Management and Control of Credit Institutions and Others (the Management Order), Section 17, Paragraph 1.
[3] Cf. Order on the Management and Control of Credit Institutions and Others (the Management Order), Section 17, Paragraph 1.
You control your data
This website uses third-party cookies for visit statistics. If you select "Accept all", you consent to third-party services storing information about your visit.
Read more about cookies