September's FinCEN leak exposed fundamental flaws in AML compliance. Add this to the risk of financial crime posed by COVID-19 and compliance managers have their work cut out. This commentary from a risk specialist examines the response from regulators and banks to the leaked SARs and "what's next" for compliance managers.
The leak of thousands of Suspicious Activity Reports last month thrust attention once again on what banks are doing to stem dirty money flows. (It also raised questions about the ethics of leaking such information; the filing of a SAR does not in itself mean a person has committed an offence.) Aside from the lurid headlines, Guy Harrison, general manager at Dow Jones Risk & Compliance, says what can be learned from the leaks is rather more nuanced than the media narrative suggests. "A closer examination of the SARs in question suggests that the FinCEN Files actually expose flaws in the system rather than the actions of the banks," Harrison (pictured) says. "Also 'tipping off' or informing a potential money launderer that their suspicious activities have been noted is not only unhelpful but also illegal," he adds, highlighting that SAR investigations require considerable cooperation between authorities and banks over months even years to nail suspects. His piece below looks at where rules are being tightened on the back of the exposé and what is in store for compliance managers. The editors welcome such commentary, where the usual editorial disclaimers apply, and invite feedback to firstname.lastname@example.org and email@example.com.
“Global banks defy US crackdowns by serving oligarchs, criminals and terrorists,” the International Consortium of Investigative Journalists (ICIJ) reported on the day it leaked the FinCEN Files in partnership with Buzzfeed News back in September. The leak took the world by storm, generating some sensational headlines - and understandably so. The investigation uncovered $2 trillion in suspicious transactions on 2,000 Suspicious Activity Reports (SARs), which represent just 0.02 per cent of the total SARs filed through the period.
However, these headlines don’t necessarily capture the crux of the matter. While the media narrative has focused on the banks processing the transactions, a closer examination of the SARs in question suggests that the FinCEN Files actually expose flaws in the system rather than the actions of the banks. And though the attention generated could facilitate real reform in the fight against financial crime, publicly leaking these documents could be considered irresponsible by putting ongoing investigations at risk. So, what are the implications for financial institutions and their regulators? And what fallout can we expect to see?
Don’t shoot the messenger
As anybody working in the financial industry will be aware, SARs are reports filed by financial institutions to alert the regulators to any transactions with possible links to money laundering, fraud, terrorism financing or other crimes. The banks are legally obligated to file SARs when they detect any suspicious activity; they face civil and criminal penalties for failing to file a report in a timely manner.
Analysis of SAR filing trends from 2014 to 2019 shows that almost 29 million reports were submitted in total, with steady growth each year. This shows that the banks are doing what they are required by law to do, ie identify suspicious activity and make the proper filings. If anything, the growth indicates that financial institutions are becoming better at identifying suspected financial criminal activity which, by nature, is complex and difficult to detect.
US Treasury SAR Filing Trend Data for years 2014 through 2019.
Filing a SAR is not evidence of any actual wrongdoing; it simply provides information that otherwise would not be visible to law enforcement, helping investigators follow the money, uncover the source of the illicit funds and identify potential accomplices. Regulators or law enforcement agencies may therefore request that customer relationships on which SARs were filed be left undisturbed, so that the investigation can continue until completion.
An irresponsible leak
The general public will find it shocking that although thousands of suspicious transactions are being detected, widespread criminal activity continues. However, unauthorised disclosure of an SAR filing is in fact a federal criminal offence once the suspicious activity has been flagged. “Tipping off” or informing a potential money launderer that their suspicious activities have been noted, for example by stopping a transaction, is not only unhelpful but is also illegal.
Anti-money laundering investigations take time to complete and document properly. For example, HSBC wrote three of the six filings made public in regard to a single client, over five months. The October 2013 filing covered a pattern of activity from July to October of that year and was updated in February 2014 with continuing activity. For this reason, regulators often issue a directive to financial firms to not close account relationships, in order to aid investigation.
It is therefore understandable that FinCEN referred the matter to the US Department of Justice before the leak even went public. In a statement, FinCEN said that the unauthorised disclosure of the SARs in question would compromise law enforcement investigations, threaten the safety and security of the institutions and individuals who file such reports, and potentially even impact the national security of the United States.
So, not only could this leak be deemed irresponsible, but also illegal. And if compliance officers are concerned about potential future SAR leaks, there is even a risk that they might be less willing to flag suspicious activity, if they think that their reports could be used in allegations against them.
Compliance officers should be prepared for a busy period of change ahead. The FinCEN Files documents leak, coupled with the heightened risk of financial crime posed by COVID-19, has highlighted fundamental flaws in AML compliance that need to be addressed.
FinCEN has already announced plans to overhaul anti-money laundering rules, and the UK also unveiled a proposal to reform its register of company information. It is likely that there will be a further tightening of controls, such as visibility of ownership, use of adverse media checks alongside watchlist screening and increased scrutiny of correspondent banking relationships.
This does not mean that we should let financial institutions off the hook completely. The ICIJ report exposes serious shortcomings in the way in which SARs are currently filed. Firstly, response time: the median time lag is 166 days from the time a suspicious transaction took place, and when it was flagged to FinCEN (significantly longer than the 30 or 60-day timeframe instructed by the regulator). Secondly, the information contained in the reports was often inconclusive, which has knock-on effects when it comes to the investigation. We may see regulators put more pressure on banks to identify trends or patterns within their SARs to help them deal with the volume of reports filed.
This leak has been a wake-up call for financial institutions and their regulators. Despite the efforts by law enforcement authorities and financial institutions to crack down on financial crime, criminals will always be attempting to move and launder illicit funds through the banking system. Looking ahead, we can expect to see governments and the financial sector working more closely together in the fight against financial crime to ensure that suspicious activities, such as those reported in this investigation, stop slipping through the net.
Guy Harrison is the general manager of Dow Jones’ Risk and Compliance business and is responsible for leading the strategic vision and growth plan for the business.