Københavns Andelskasse and Payvision: Victims Left to Chase Empty Shells
Danish authorities have secured another conviction in the Københavns Andelskasse money-laundering scandal. But the case exposes a larger European failure.
The victims are not only facing AML breaches. They are facing an enforcement model that confirms wrongdoing after the operating entity has already been resolved, dissolved or phased out. Even where serious compliance failures are established, victims are left to pursue claims against weakened or empty shells, while solvent parent companies, former owners, account-holding banks and commercial beneficiaries remain largely outside the redress framework.
That is the real lesson from Københavns Andelskasse and Payvision. AML enforcement may produce convictions, fines and press releases. It still does not produce restitution.
Second former director convicted
On 30 June 2026, Denmark’s National Unit for Special Crime announced that a 45-year-old former director of the now-closed Københavns Andelskasse had been sentenced by the Copenhagen City Court to five months’ suspended imprisonment for extensive breaches of the Danish Anti-Money Laundering Act. The sentence includes 100 hours of community service. The case followed a report from the Danish Financial Supervisory Authority, Finanstilsynet. Read our story about the København Andelskasse case here.
The court found that the former director was responsible for serious failures in internal controls, customer due diligence and transaction monitoring. Between August 2017 and August 2018, more than DKK 2 billion from high-risk customers passed through the bank. These flows should have led to checks on the origin of funds and reports to Denmark’s FIU.
This was the second personal conviction in the case. In May 2025, another former director was sentenced to four months’ suspended imprisonment after admitting that serious AML breaches had occurred under his leadership. The relevant transactions amounted to approximately DKK 1.5 billion.
Personal convictions matter. They confirm that AML responsibility is not merely an abstract institutional duty. But they – for sure – do not repair victims’ losses.
The bank was already gone
When senior managers commit serious compliance failures, the misconduct is not only personal. The institution processed the transactions, onboarded the customers, maintained the accounts, earned the fees and failed to operate the required controls. It is therefore the natural first target for victim compensation
But Københavns Andelskasse (KBH) is not a functioning bank waiting to compensate victims.
On 13 September 2018, Finanstilsynet notified Finansiel Stabilitet that Københavns Andelskasse was likely to fail and that there were no alternative measures available within a reasonable timeframe to prevent its failure. Finansiel Stabilitet then took control of the institution, removed its executive board and board of directors, and placed it into resolution under the Danish resolution framework implementing the BRRD.
The practical consequence for victims is severe. EFRI has previously documented that Finansiel Stabilitet rejected claims from investment-fraud victims against Københavns Andelskasse. Even if the bank were liable for damages, such claims were treated as unsecured claims subject to bail-in and were allegedly written down to 34% of their value.
This is the part most enforcement coverage misses. It is not enough to say that AML rules were breached or that former directors were convicted. If the liable operating entity has already been resolved, liquidated or hollowed out, victim claims may be economically impaired before victims even reach court.
The DKK 794 million fine that will not be paid
The same problem appears in the institutional fine.
In January 2025, FS Finans VI A/S, the entity established by Finansiel Stabilitet to wind down Københavns Andelskasse, accepted a DKK 794,296,500 fine for extensive AML breaches committed in the bank. Danish authorities stated that high-risk customers received transactions totalling more than DKK 3.17 billion and that the bank failed to investigate more than DKK 2 billion in transactions for three major customers, despite clear suspicion indicators.
But the fine will not be paid. Because the bank was resolved under Danish resolution rules, the fine claim can be written down to zero under bail-in rules.
The result is absurd: Denmark has a formal DKK 794 million AML fine, but no DKK 794 million payment. For victims, that is not accountability. It is a press-release sanction against a dead entity.
The same pattern in Payvision
EFRI sees the same structural pattern in the Payvision case.
ING acquired a 75% stake in Payvision in early 2018 and valued the company at EUR 360 million. ING described Payvision as a fast-growing international omnichannel payment service provider and said the acquisition would strengthen ING’s footprint in merchant services and e-commerce payments.
This matters. Payvision was no longer just an isolated payment firm once ING became involved. ING became majority shareholder, later sole owner, and then decided to phase out the business – after DNB delivered a devastating report about the compliance failures of Payvision. In October 2021, ING announced that Payvision would phase out its services as a payment service provider and acquirer, with the aim of completing the phase-out by the second quarter of 2022.
ING’s public reporting states that Payvision’s activities and customer transfers were completed in 2022, that Payvision’s licence was withdrawn at Payvision’s request, and that the Dutch Public Prosecution Service closed the investigation in April 2024 without charges against Payvision – as the company was anyway under liquidation without ongoing business.
The Dutch Public Prosecution Service still found serious gatekeeper failures. It stated that Payvision had failed between 2016 and April 2020 to perform adequate customer due diligence, establish the identity and ultimate beneficial owners of customers, determine the purpose and intended nature of business relationships, and conduct ongoing monitoring. It also stated that Payvision was in a state of dissolution and no longer had a licence to provide payment services.
So the operating entity disappeared, former managers received limited personal fines, and victims must pursue complex civil claims against an entity that no longer operates as a normal payment institution.
Victim redress cannot stop at the operating shell
To close down the operating entity is evidently the preferred method to avoid accountability in Europe and evidently it is accepted and approved by the European Institutions like the National Competent Authorities.
In cases like Københavns Andelskasse and Payvision, the focus must shift to the economically real actors:
the parent company;
the controlling or substantial owners;
the banks providing payment accounts;
the entities that financed or enabled the business model;
the shareholders and managers who benefited from high-risk flows;
and the commercial infrastructure providers that allowed fraud-related money to move.
Otherwise, enforcement reaches the easiest entity to close, while the economic loss is pushed onto the weakest party: the victims.
ING’s role around Payvision requires scrutiny
EFRI’s Payvision report explains why ING’s role cannot be reduced to passive ownership.
Payvision cannot be treated as an isolated payment firm once ING entered the structure.
ING acquired a majority stake in Payvision at a EUR 360 million valuation, later became sole owner, and ultimately decided to phase out the business. ING itself stated that, after the acquisition, Payvision started offboarding customer groups that did not fit the desired risk profile, that steps were taken to align Payvision’s governance and risk profile with ING’s standards, and that Payvision made numerous reports to the Dutch Financial Intelligence Unit during that process.
EFRI’s position is that this raises a direct accountability question. If a major banking group acquires, owns, integrates, benefits from and later winds down a payment institution, it should not be treated as irrelevant to victim redress.
According to EFRI’s document review, ING also appeared in the payment-account environment around Payvision and Stichting Trusted Third Party Payvision. EFRI has documented that victim funds connected to the Lenhoff and Barak fraud structures moved through Stichting Trusted Third Party Payvision accounts, including accounts held with ING Bank N.V. and Deutsche Bank.
This does not mean that ING’s liability is automatic. But it does mean that the liability analysis cannot stop at Payvision B.V. as the operating shell. It must examine ING’s role as acquirer, majority shareholder, later sole owner, group parent and, according to EFRI’s case theory, part of the banking infrastructure around the relevant flows.
Clearhaus and Københavns Andelskasse: the owner layer matters
The same logic applies to Københavns Andelskasse.
EFRI has repeatedly argued that the case cannot be understood without looking at Clearhaus. EFRI’s earlier correspondence described Clearhaus as a former controlling and beneficial owner of Københavns Andelskasse and argued that the bank’s management and owners supported fraud-related flows by ignoring legal obligations and warning signs.
The Danish FSA later asked for a police investigation into Clearhaus Holding A/S. According to Finanstilsynet, Clearhaus Holding A/S had increased its ownership stake in Københavns Andelskasse above the approved threshold without the necessary permission. Finanstilsynet also stated that, depending on the facts, there may have been a breach of Danish financial legislation that was deliberately concealed.
EFRI’s reports further highlighted the role of the bank’s owners and referred to the destructive influence of owners on the governance structure of Københavns Andelskasse. Based on the inspection material reviewed by EFRI, persons related to the Clearhaus Group had access to the bank and high-risk payment institutions were able to use Danish bank accounts for laundering large amounts during 2016, 2017 and 2018.
This owner and infrastructure layer matters. If the operating bank is resolved and victim claims are written down, accountability must not stop at the bank’s estate.
Enforcement without restitution rewards the wrong actors
The current model creates a perverse result.
The operating entity takes the regulatory fall. It is closed, dissolved, resolved or phased out. Former managers may receive limited personal sanctions. A fine may be imposed, but it may never be paid. Victims are told to sue in ordinary courts, often across borders, against an entity with insufficient assets.
Meanwhile, the stronger actors around the structure continue.
Parent companies continue operating. Owners continue operating. Infrastructure providers continue operating. Payment businesses continue operating. The victims, not the financial sector, carry the economic loss.
This is not consumer protection. It is institutional damage control.
Europe’s real AML enforcement gap
The Københavns Andelskasse and Payvision cases show the same European pattern:
high-risk customers or merchants are onboarded;
foreign victims send money;
warning signs accumulate;
banks and payment institutions process the flows;
owners and parent companies benefit from growth, fees, valuation or market access;
the scandal becomes visible;
the operating entity is wound down, resolved, dissolved or phased out;
authorities later confirm serious AML failures;
sanctions are limited, unpaid or imposed only on individuals;
victims are left to chase entities with little or no effective recovery capacity.
That is not effective enforcement. It is post-mortem compliance theatre.
EFRI's Position
EFRI welcomes the second conviction in the Københavns Andelskasse case. Personal accountability matters. But it is not enough.
The real issue is victim redress. Victims should not be forced to pursue hollowed-out operating entities while solvent parent companies, former owners, substantial shareholders, account-holding banks and commercial beneficiaries escape serious scrutiny.
In the Payvision case, that means looking beyond Payvision B.V. and examining ING’s role as acquirer, majority shareholder, later sole owner, group parent and banking-infrastructure actor.
In the Københavns Andelskasse case, that means looking beyond the resolved bank and examining the role of former substantial owners, including Clearhaus, and the wider payment-service environment that helped turn a small Danish cooperative bank into a gateway for high-risk and fraudulent international flows.
Europe must stop treating AML enforcement as a closed conversation between prosecutors, regulators and failed financial institutions. Where regulated financial infrastructure enables investment-fraud flows, enforcement must ask five basic questions:
Who enabled the flows?
Who owned the infrastructure?
Who provided the accounts?
Who profited from the business model?
And who will compensate the victims?
Until those questions are answered, European AML enforcement will remain structurally incomplete.
The second Københavns Andelskasse conviction confirms personal responsibility. The Payvision case confirms structural gatekeeper failure. But Europe still refuses to confront the decisive question:
Why are victims left to pursue weakened operating shells while the solvent companies around the fraud infrastructure continue business as usual?




