This article provides thoughts from two Financial Crime Compliance (FCC) insiders on the impact the FinCEN Files will have on the banking sector and exploring whether a change of approach should be considered.
Background
2,121 Suspicious Activity Reports (SARs) covering more than 200,000 global transactions from multiple financial institutions, with a value of over US$2 trillion were leaked from the US Treasury‘s Financial Crimes Enforcement Network (FinCEN) to Buzzfeed News in 2019.
The documents covered the period 1999 to 2017 and were jointly investigated by Buzzfeed News and the International Consortium of Investigative Journalists (ICIJ) (who were instrumental in bringing the Panama Papers to public attention in 2016).
After more than a year of analysing leaked information, Buzzfeed News and the ICIJ published their interpretation of the findings on 20 September 2020. These documents have since became known as the FinCEN Files.
FinCEN Files in numbers
What do the leaks tell us?
The more sensationalist reporting of the FinCEN Files allege banks to have been complicit in the illegal movement and laundering of millions of dollars of ‘dirty money’ across the globe. In certain countries the leaking of the documents allowed the press of those nations to gleefully resume their “bank bashing” stories that had been prevalent since the financial crisis of 2008. Some criticism of the banks displayed a lack of understanding on what the files demonstrated, with a number of journalists confusing the purpose of a SAR and the role of the financial institutions.
However, the leaks did include high value suspicious activity that would lead many observers, and a number of insiders, to ask why certain activities with particular clients were allowed to continue.
In time, high profile legal actions may be brought as a direct result of the FinCEN Files whilst many of the financial institutions will be carrying out post mortems of their own to see if they were involved in the movement of illicit funds and what preventative action they should have taken.
The five major banks detailed in these documents are Deutsche Bank, Bank of New York Mellon, Standard Chartered, JPMorgan and Barclays. It is important to note the 2,121 SARS reviewed is an incredibly small percentage of the estimated 12 million SARs filed during this period.
Throughout the last decade, many of the major financial institutions have spent time, effort and resource on hugely expensive financial crime remediation programmes in answer to multi-billion dollar fines and business restrictions placed on them by the financial regulators for breaching Anti Money Laundering (AML) legislation.
But, even if we exclude leaked documents before say, 2012 (when a majority of institutions started to overhaul their AML and Know Your Client (KYC) processes and implementing enhanced monitoring and screening systems), there is still enough information now in the public domain to be of concern and make us question whether, despite all the money that has been and continues to be spent, the current global AML regime is fit for purpose?
Is the current global AML regime fit for purpose?
The Financial Action Task Force (FATF), the global money laundering and terrorist financing organisation that sets the international standards which aim to prevent Money Laundering and other illicit financing with which financial institutions should comply, have made convincing cases that doing something is better than doing nothing. And it is hard to argue that even if you are stopping just 1% of financial crime, it is effort well spent: Surely, we can do more?
Although some commentators have been quick to point the finger at the banks, the fact all of the information that has been leaked and can be comprehensively reviewed as a result of the detail included in the SAR, conversely suggests that banks have been correctly following the procedures from an AML perspective (although individual cases highlighted may well have broken other banking rules – either legally or ethically).
Banks employ thousands of people in their AML and transaction monitoring teams but the average false positive rate (i.e. cases detailing transactions that need to be investigated by a human which will not result in a SAR) across the industry is estimated around 95%. That is a lot of resource, time and expense on throwaway work. And perhaps another indicator that something fundamental in the roles and responsibilities between regulator and banks need to change.
The sheer volume of SARs filed and the apparent lack of action highlights another challenge – FinCEN (and equivalent bodies worldwide) do not have the funding or resources to investigate every filing. Banks, keen to avoid fines for not submitting SARs may be inclined to defensively file a report even though there is no clear match at the time. When this activity takes place across thousands of financial institutions, and most parties use more than one bank, it’s easy to see how quickly the system can get clogged.
The FinCEN files highlighted multiple SARS recorded for the same parties by the same banks over a number of years. Large financial organisations have generally grown by making multiple acquisitions and giving autonomy to high performing divisions. As they have evolved they have become increasingly complex and occasionally disjointed. This can contribute to challenges faced with the feedback loop, where a ‘bad actor’ may be suspected in illicit funding in one part of the organisation but appropriate action is not taken across the whole.
Many of the banks’ global AML procedures have a policy to offboard a client if a defined number of SARs are submitted against them. However, this process is not always straightforward, especially for global banks due to:
- Data privacy restrictions between divisions, entities and branches of the same organisation
- Restrictions in certain countries of sharing that a SAR has been filed, even internally
- Regulations in certain countries that prevent the exiting of a client by the bank (we have personally seen examples of this, even when the client is a PEP)
- A reluctance to offboard a high revenue generating client without explicit proof of criminal activity (remember a SAR is just a suspicion). There is certainly some evidence suggesting this practice on occasion within the FinCEN Files.
The feedback loop from regulators and law enforcement to financial institutions is another area of concern; it is unusual for success stories to be shared and understood; however this is improving with the emergence of successful Public Private Partnerships (PPPs) such as the AML/CFT Industry Partnership (ACIP) in Singapore and the Joint Money Laundering Intelligence Taskforce (JMLIT) in the UK.
What can be done?
This article highlights just some of the challenges facing the current AML regime and ones which the authors have first-hand experience of. The guidelines developed by FATF and other regulators are sound and help make the banking system safer, but when we look at the efficacy of the AML culture holistically there is clearly a long way to go.
There should be more collaboration between banks and regulators. Currently regulators impose guidelines, banks implement them, regulators sign them off but then fine the banks when errors are made. This can create an Us v Them culture which is not conducive to effective crime fighting.
Many organisations have spent a lot of time reviewing their processes to reduce the ‘waste’ and attempt to become more efficient. We believe most participants recognise the need to change, but regulators should allow more flexibility within their guidelines allowing a streamlining of process whilst demonstrating controls can be maintained.
Regulators also need to be more open to new ideas around procedures, new technologies (including analytics and AI methods) and new ways of working. Financial criminal methods are continuously evolving so it is bizarre that in many banks, AML process and systems have not moved on significantly over the last 15 years; we have witnessed a growth in team size and processes becoming more cumbersome.
Overcoming data privacy challenges and being able to share intelligence appropriately, encouraging more PPPs increasing their remit and ensuring they have the appropriate backing and resources to be effective would be another step in the right direction.
As experienced between 2001 (when FATF’s mandate included Terrorist Financing) and 2012 (when huge investments were seen by the banks in AML), procedures and tools change can be slow in this area. It is almost certain that the FinCEN Files will trigger changes in guidelines and regulations and perhaps even an overhaul of the regime.
How we can help
We are keen to speak with organizations wanting to explore a proactive approach to AML and KYC whilst ensuring their current regulatory requirements are adhered to. We can help ensure you stay ahead of the change curve by working with you, understanding your risk framework and client needs, and preparing your organisation for any upcoming reform thus placing you in a stronger position to adapt to industry challenges.
About the authors
Maya Deering of Maven Diligence has over 17 years banking experience with 7 years specialised in KYC and AML. Passionate about the ‘Fight against Financial Crime’. Maya runs a boutique consultancy providing KYC, AML and CFT expertise directly to clients enabling them to thrive within their regulatory environment.
Damian Buckley has over 25 years banking experience with 15+ years managing global transformation projects. For the last 7 years Damian has been responsible for the implementation and delivery of AML and CDD programmes and initiatives across numerous countries at 2 major banks. Damian is presently Head of Business Development at Menrva Group providing bespoke recruitment and consulting solutions in the regulatory, technology and change management arena.
