FinCEN files raise concern on financial crime compliance

Scandal suggests banks need to do more than just report suspicious activity; there needs to be follow-up action on illicit behaviour, with banks cutting suspect business ties and authorities undertaking asset freezes, forfeitures and prosecutions

by Vincent Gaudel
FinCEN files raise concern over financial crime compliance
Image: Courtesy of the International Consortium of Investigative Journalists. (icij.org)

We have very recently seen mainstream media cover the leak of thousands of confidential documents from FinCEN, the US-based Financial Crime Enforcement Network, which were exposed by the International Consortium of Investigative Journalists. 

Known as the FinCEN Files, the journalistic investigation has raised significant concerns over the scale of suspicious financial activity that has been flowing through the international banking system. This is despite the fact that banking is the most heavily regulated industry when it comes to anti-money laundering (AML) and countering the financing of terrorism (CFT).

Delving deeper, we have noticed a number of incidents involve countries in Asia. Here, we will therefore look at what the leaked documents say about the current state of the financial crime compliance landscape.

First, what is a Suspicious Activity Report (SAR)?

Suspicious Activity Reports (SARs) are confidential records of unusual financial activity detected by financial institutions as part of their financial crime compliance obligations. SARs contain detailed information about transactions that are deemed to be suspicious, including data on the parties involved in the transaction, when the transaction took place, and why the activity is considered out of the ordinary.

SARs are submitted to a country’s Financial Intelligence Unit (FIU) and used to alert law enforcement agencies of suspected financial crimes, such as money laundering, fraud, or terrorist financing. On receipt of a SAR, the authorities can investigate the activity to expose any criminal behaviour.

Banks have been detecting and reporting huge volumes of SAR – but is it enough?

It is easy to push the blame to banks for any lapse of process or judgement when it comes to financial crime. After all, banks are the main gatekeepers of the global financial system and are obligated to detect and report any suspicious financial activity flowing through their networks. 

FinCEN received more than 12 million SARs between 2011 and 2017 – and more than two million in 2019 alone. The growth in the volume of SARs submitted during this period raises several questions. Are more reports being filed because there is more financial crime occurring? Are financial institutions becoming more effective at detecting suspicious activities? Are they increasingly prone to filing SARs defensively rather than carrying out a lengthy analysis process?

While the number of SARs has increased, closer attention needs to be paid to the quality of these reports. The FinCEN Files suggest financial institutions need to go above and beyond to report suspicious activity much more effectively. 

The fact that the leaked documents are SARs suggests that banks have been proactively detecting and taking steps to report suspicious transactions with some success. However, filing a SAR to tick a compliance box is insufficient. If the information included is not detailed or is submitted a long time after the transaction has taken place, it holds far less value to the authorities and thus rendering the process ineffective.

Additionally, for the system to be fully functional, there needs to be follow-up actions in response to any confirmed illicit behaviour, such as banks terminating suspect business relationships, and the authorities implementing asset freezes, forfeitures, and prosecutions. 

For instance, just a few years ago, Filipino remittance firms were investigated in the aftermath of the 2016 cyber-heist that siphoned off $81 million from Bangladesh’s central bank. The FinCEN Files showed that those firms had a precedent. Journalists found that years before, these remittance firms had moved millions of dollars in “suspicious” transactions, “raising the question as to why they were not stopped in their tracks much earlier”.

Former French football star and UEFA chief Michel Platini was accused of financial crimes after an investigation in mid-2019 into the awarding of the 2022 World Cup to Qatar. However, he denied wrongdoing and appears to have avoided any penalty from that and a Swiss probe into a $2-million payment he received from FIFA. AFP photo.

Compliance versus profit – the balance is still far from perfect

The FinCEN Files leak has highlighted several shortcomings in the financial crime compliance ecosystem. The retrospective filing of SARs is just one example of the “too little too late” nature of current processes for preventing financial crimes.

Journalists in Malaysia found that US banks did not act promptly on suspicious transactions linked to financier Jho Low and possibly connected to the looting of Malaysia’s 1MDB fund, until it was too late.

Other gaps in the system have been revealed too. Firstly, instances of clients that should never have been allowed to undertake transactions in the first place, either because the banks failed to identify beneficial ownership, or because of ineffective or lacking anti-financial crime risk policy, which would have determined that no business should be conducted with them. Secondly, clients whose relationships should have been terminated by the bank as a result of ongoing due diligence checks.

One example is banks in India, Singapore and New York that allegedly moved money for Altaf Khanani, a Pakistani money launderer, who was later revealed to have been a key financier for fugitive terrorist Dawood Ibrahim.

Adverse media and enforcement screening are key tools for flagging AML / CFT risks as they enable institutions to detect early on that the individual or organisation that they are dealing with is involved in fraud, corruption, or another financial crime. Banks are then able to refrain from opening the account and avoid the situation of having to detect and report their suspicious transactions. 

However, there are conflicts of interest within banks when deciding whether to prioritise their AML / CFT obligations or the prospect of lucrative commissions. Clearly, there is more to be done to ensure the full and timely reporting of suspicious activities in the interests of fighting crime, regardless of whether banks will take a hit to their business. 

Financial crime compliance effectiveness has never been more important

There is growing consensus in the industry that the critical shortcomings in the fight against financial crime do not lie in the lack of formal regulations, guidance, standards, or best practices, but in the fact that these compliance processes are excessively formal to the detriment of being effective. AML / CFT compliance is often described as a “box-ticking exercise” and many critics fear this hinders the end goal of disrupting the activities of financial criminals. Theoretical policies and procedures, and ambitious laws, therefore, fall short in terms of their practical implementation and enforcement.

While the Financial Action Task Force (FATF) acknowledges that the US is among the most effective AML / CFT regulatory framework globally, it is not enough. FinCEN appears to understand the need for greater effectiveness, and recently launched a consultation to enhance the effectiveness of AML / CFT programmes.

The Advance Notice of Proposed Rulemaking (ANPRM) suggests making some regulatory amendments under the Bank Secrecy Act, “to provide financial institutions greater flexibility in the allocation of resources and greater alignment of priorities across industry and government, resulting in the enhanced effectiveness and efficiency of [counter]-money laundering programmes.”

The timing of the announcement is no coincidence. FinCEN is clearly aware that the current provisions are falling short of their goal of preventing the flow of illicit funds around the world, as the leak has shown.

A call to arms

There are no winners in scandals like the FinCEN Files, except, perhaps, for the media who can profit from sensationalist headlines. Neither the banks nor the regulators come off well.

This case can, however, be used as a call to arms for positive change. One such step forward could be stronger public-private partnership, as well as collaboration in other areas, to ensure the right information is shared between institutions in a timelier manner.

The FinCEN Files have created an opportunity to shift standards, increase the emphasis placed on skills and practices, and avoid simply “box-ticking”. Ultimately, it is a chance for everyone across the industry to unite around the critical objective of effectively preventing criminals from benefiting from their ill-gotten gains.

# Vincent Gaudel, Compliance Expert at Accuity; his responsibilities involve monitoring worldwide regulatory trends to guide product development, functionality growth, and client expansions. Through his previous experiences as a compliance and risk management consultant and compliance officer, Vincent guides expertise in anti-money laundering and countering financing of terrorism.

Accuity powers compliant and assured client transactions to help build a connected and trusted financial ecosystem. Its financial crime screening, payment services and benefits compliance solutions help enable financial inclusion while identifying criminal activity and fraudulent players. With deep expertise, industry-leading data and analytics solutions from the Firco and Bankers Almanac brands, Accuity provides confidence, efficiency and compliance for customers around the world. Part of RELX, a world-leading provider of information and analytics for professional and business customers across industries, Accuity has been delivering solutions to banks and businesses worldwide for 180 years.