On a warm Monday morning in June 2014, two auditors from Estonia’s financial regulator stepped into the Tallinn office of Danske Bank, armed with a single piece of graph paper handwritten with the names of 18 of its clients, and demanded to see their records.