Deutsche Bank has uncovered shortcomings in its ability to fully identify clients and the source of their wealth, internal documents seen by Reuters show, more than a year after it was fined nearly $700 million for allowing money laundering.
In two confidential reviews, dated June 5 and July 9, Germany's biggest lender detailed the results of tests on a sample of investment bank customer files in several countries, including Russia.
Both reviews found gaps in Deutsche's screening process, which aims to meet so-called "Know Your Customer" (KYC) requirements that are a cornerstone of global anti-money laundering controls.
Regulators around the world require banks to vet customers so that criminals cannot mask their identity through complex company and ownership structures to launder money or sidestep international sanctions.
The two recent reviews show how the bank is still grappling with procedures to ensure it knows who it is dealing with, in part because of staff turnover.
In the 13-page June report, which was shared with the European Central Bank (ECB), Deutsche Bank found a pass rate of zero percent in countries such as Russia, Ireland, Spain, Italy and South Africa when it checked how client files had been processed.
The pass rate measures the percentage of files that meet the bank's own "Know Your Customer" standards. Deutsche Bank strives for 95 percent, according to the documents.
Hui Chen, a former compliance expert with the U.S. justice department, said that this target was roughly in line with other global banks.
The bank told Reuters that the reviews showed its processes were too complex, but said it was making improvements and that overall controls to prevent crimes such as money laundering were effective.
"We still need to improve in terms of internal processes," it said, when presented with the findings of the reviews.
"What the documents show is that our internal processes are still too complicated," it said. "So it is not about effectiveness, but about the efficiency of our processes."
Deutsche executives met with the ECB, the euro zone's banking supervisor, in late July, to discuss its control procedures, according to one source with knowledge of the matter. The ECB and Germany's regulator BaFin declined to comment.
Banks have been fined billions of dollars for lax oversight, including the failure to identify customers.
In January 2017, Deutsche Bank agreed to pay U.S. and UK regulators $630 million in fines over artificial trades between Moscow, London and New York that authorities said were used to launder $10 billion out of Russia.
The U.S. Federal Reserve fined the bank an additional $41 million for failing to ensure its systems would detect money laundering in May 2017.
Deutsche Bank is under pressure after three consecutive years of losses, and it agreed to pay a $7.2 billion settlement with U.S. authorities last year over its sale of toxic mortgage securities in the run-up to the 2008 financial crisis.
The bank has also undergone management changes and a recent strategic overhaul that includes thousands of job cuts and scaling back its global investment bank.
In Russia, the June report outlined problems including a "lack of verification of client address and existence" and a "lack of verification to be able to make an assessment of the client's source of funds".
It also identified a lack of investigation into whether a client was a "politically exposed person" (PEP).
Rules to fight financial crime require banks to identify such people because they present a higher risk of bribery or corruption by virtue of their position. These political figures could also be the target of international sanctions.
In their 2017 ruling against Deutsche Bank for 'mirror' trades, New York financial regulators criticized the lender for "widespread and well-known weaknesses in its KYC processes," singling out its Russia operations for shoddy standards.
The issue remains sensitive because an investigation by the U.S. Department of Justice into the case is ongoing.
In a written response to Reuters, Deutsche Bank said: "We are not struggling with procedures designed to help prevent criminals from money laundering and other criminal action.
"Our procedures to identify potential anti-money laundering and KYC risks are very effective," it said of group-wide controls.
The bank has multiple layers of defense to spot crime, such as monitoring fund movements for suspicious transactions, a person close to the matter said.
Christian Sewing, who became the bank's chief executive in April after a management shake-up, has vowed to address weaknesses in the bank's controls.
In June, he said the weaknesses had "arisen over many years ... We're not yet where we want to be, but we're steadily getting there."
Deutsche plans to work with regulators on deadlines for improving its procedures, the person with direct knowledge of the matter said.
The internal documents show the scale of the challenge and highlight practical difficulties that arise as a result of staff changes in the United States and Ireland.
"This is a new team," the June report said, referring to Spain. For the U.S., it wrote: "U.S. has experienced high attrition rates and teams are still maturing in terms of capability against a backdrop of backlogs."
Deutsche said it was "not constrained by headcount", that it had increased the number of staff involved in KYC and that staff turnover was not above average.
It has also made improvements. The July report showed the pass rate in Russia improving to 67 percent after it hired auditors to help with customer checks.
But additional shortcomings emerged elsewhere. Reviews of the KYC procedures in the document resulted in lower pass rates in six of 14 locations highlighted, including in the Netherlands and the United States.