Between 2016 and 2019, as described in the Clifford Chance report, Swedbank offboarded a high number of high risk customers.

In 2019, Swedbank established a team to review customers identified by Clifford Chance for possible offboarding or enhanced risk mitigation measures. This process has lead to additional offboardings.

Clifford Chance hired to conduct a comprehensive investigation.

• Swedbank established the Anti-Financial Crime unit (AFC).
• External legal advisor connected to ongoing investigations engaged.
• Annual General Meeting 2019: appointment of new board member Kerstin Hermansson. Extra General Meeting 2019: appointment of new board members Göran Persson (new Chair), Bo Magnusson and Josefin Lindstrand.

• During 2019-2020, Swedbank hired a new CEO, Chief Compliance Officer, Head of Baltic Banking, Chief Risk Officer, Chief Legal Officer, Head of Group Communication and Sustainability, and CEO of Swedbank Estonia.
• During 2019 and 2020, and as a result of Clifford Chance's comprehensive investigation, a number of Swedbank employees left the company.
• At the end of 2019, the Board established a Governance Committee to help it fulfill its supervisory responsibility as part of the overarching corporate governance strategy.

• In 2020, Group Legal managed a "Governance review" to ensure that the Bank has a sound and satisfactory corporate governance steering model. The review included assessments of Swedbank's managing boards, supervisory councils and committee structure.
• Hired Boston Consulting Group to review Swedbank's compliance processes as well as roles and responsibilities.
• Hired Oliver Wyman to assess and advice on improvements to the culture of Swedbank.

• Release of the Clifford Chance report.
• Hired the consultancy firm AML Analytics to assess the transaction monitoring system.

• Annual General Meeting 2020: appointment of new board members Bo Bengtsson, Göran Bengtsson, Hans Eckerström, Bengt-Erik Lindgren and Biljana Pehrsson.
• Hired Oliver Wyman to conduct an independent assessment of Swedbank's AML/CTF and sanctions capabilities. This is a three-year assignment with periodic reviews.

• Opened up "Whistle B", the internal whistle-blower system for external reporting.
• As of 31 October, the remediation plan consists of 244 action items. Key action items include the following: (1) revising and updating the AML framework; (2) updating policies and procedures; (3) defining assessment standards; and (4) implementing reporting procedures and responsibilities.
• Swedbank realigned roles and responsibilities between the AFC unit in the first line of defense ("LOD") and Group Compliance in the second LOD.
• Revised Group Compliance Policy adopted by the Board of Directors.

• The CEO has established a new Group Executive Committee ("GEC") with weekly GEC meetings.
• Across 2019 and 2020, there have been several personnel changes at the senior management level (incl. Board of Directors).

• Added qualified resources to the Board of Directors, committees, and senior management, including recruitment of new individuals to key roles. 
• Added extensive resources across the Compliance function.
• Established the Group Financial Crime Committee and the Business Area Financial Crime Committee - to ensure effective governance and management of sanctions risk.
• Established a Special Task Force to manage the day-to-day operations related to ongoing investigations of historical shortcomings withing the AML area.
• Updated Group risk management framework, including by developing Key Risk Indicators in accordance with legal and industry best practices. Revised Enterprise Risk Management policy with more in-depth and clearer definitions and descriptions of Swedbank's risk strategy and risk appetite.
• Updated Group AML/CTF (Anti Money Laundering/Counter Terrorist Financing) and sanctions standards, including policies, procedures and controls, by incorporating international best practices.
• Developed and implemented a new risk classification model.
• Reviewed and improved risk scoring, media screening and customer flagging processes.
• The risk assessment process has been centralized including the introduction of a group-wide process which also includes creating a Group risk assessment repository.
• Improved KYC policies and procedures across the Group.
• Defined due diligence policies and procedures specifically for risk clients.
• Implemented new onboarding procedures that require the risk assessment results to be assessed and reviewed by senior management.

• Updated tool for monitoring transactions, process management with new technology and policy requirements.
• Included sanctions-related components to the customer risk rating.
• Implemented automated filters used to screen transaction data.
• Upgraded the AML detection algorithm and improved the alert management process and annual model validation.
• Created a sanctions governance structure.
• Revised and updated policies and procedures related to sanctions to clearly define assessment standards, reporting procedures and responsibilities.
• Updated sanctions screening system to improve efficiency.
• Tasked dedicated Financial Sanctions Officers with reviewing transactions and relationships that might involve, directly or indirectly, exposure to sanctions risk.
• Updated policies to ensure that annual sanctions risk assessments are completed.

• Extensive cooperation with a range of authorities (civil, criminal and regulatory) in various jurisdictions pertaining to legacy issues.
• Updated and improved process for periodic reporting to local regulators.

• Implemented a sanctions training programme that includes mandatory online sanctions-related training for all employees.
• Increased frequency of enhanced AML training for all employees.
• Work is underway to implement a mandatory training programme on Corporate Governance rules.