Home Banking “FinCEN Files”: Don’t Shoot the Messenger!

“FinCEN Files”: Don’t Shoot the Messenger!

by internationalbanker

By Laurent Liotard-Vogt, Partner of Business Management Consulting firm Chappuis Halder & Co., Hong Kong and; Florent Palayret, Director of Business Management Consulting firm Chappuis Halder & Co., New York



Banks have a key role in identifying financial crime.

While banks are easy targets to blame, the recent leaks of suspicious-activity reports—revealed by BuzzFeed News in September—instead confirmed that they are fulfilling their roles in the fight against international money laundering. Rather, it is the whole system that is on the verge of collapse and needs to be rethought.

Banks detect potential, suspicious criminal activities from clients’ operations in three ways:

First, they select clients based on their own risk assessments, supported by public information and their risk appetites.

Second, they ensure that their clients and operations do not belong to global watchlists of potential terrorists or sanctioned persons, companies or countries. Banks are obligated to perform these controls before executing a transaction and, if necessary, freeze it.

Finally, banks monitor the transactions of their clients to identify suspicious behavior, especially money-laundering schemes or tax evasion. In this last case, when blocking those transactions, banks should report them to the regulator or the specific agency in charge of investigating financial crime {Financial Crimes Enforcement Network (FinCEN) in the United States, Tracfin in France}.

The leaked FinCEN files are based on more than 2,500 documents called SARs (Suspicious Activity Reports) that banks sent to US authorities between 2000 and 2017. The banks, therefore, had fulfilled their obligations to measure and alert for possible financial crime.

SARs: the imperfect alarm bells at the heart of the FinCEN files

SARs are standardized reports completed by financial institutions about suspicious activity and are sent to FinCEN. Financial institutions are required to report suspicious activities that may be connected with criminal activity (i.e., money laundering, corruption, tax evasion). All SARs are compiled in a database, made available to US law enforcement and other global financial-intelligence agencies.

The work of the International Consortium of Investigative Journalists (ICIJ) is fascinating because it sheds light on the complexity of situations within the global market, where the skillful use of international borders becomes a strategy with an immense amount at stake.

Today, banks are among the very few entities that are actually responsible for detecting criminal activities related to money laundering. While the goal is to crack down on the sources within the organized crime network, by “following the money”, the complexity and ambiguity of these movements make the task daunting. To address this, banks have allocated an immense amount of resources and tools to create specialized departments devoted to the fight against financial crime.

The result is a colossal number of SARs, with which law-enforcement agencies are struggling to deal in a timely manner. It is important to remind both the regulators and investigation agencies that leverage the SARs to dismantle criminal organizations how the data is to be used.

A system adrift

While banks are easy to blame, is it really their fault? 

A common critique since the beginning of the affair is to blame banks because they did not block suspicious transactions and reported them afterward. However, the recommendation of regulators is to not freeze these transactions, as doing so could warn the criminals, thus jeopardizing the collection of incriminating evidence. Increasing these complications is the fact that most cases involve several banks, making it very difficult to understand the full scope of the situation. However, as the banks are not law-enforcement authorities, one can hope that justice will be met swiftly once suspicious activity is reported.

Could banks do more than just suspicious-activity reporting?

Some banks seem to warn regulators of suspicious activities or customers only when the information is already public or they are under pressure from regulators. However, their work is made difficult due to the criminals’ creativity in their actions, discrepancies between regulations in various countries, complexities of banks’ information systems that detect these alerts and potential gaps within the banks’ control frameworks. Once again, banks are not investigators, and most of the information gathered on clients comes from public information or the official sanction lists maintained by regulators.

While it may seem obvious afterward that an activity was illegal, it is often not obvious at the time it happened, and a charge without tangible evidence could expose the institution to prosecution.

Beyond banks, FinCEN files are a symptom of a system adrift.

Regulators are overwhelmed: The 2,500 files that leaked (via BuzzFeed) represent only 0.02 percent of the total number of SARs. Regulators are not equipped to deal with so many investigations needing to be conducted.

Regulations are scattered: Criminals leverage off inconsistencies between jurisdictions to find loopholes in the system, cruelly highlighting the lack of global coordination.

What will be needed to solve the issue is much more than just bank cooperation; it is an overall political and economic effort to enforce these measures and address the consequences of such actions.

Changing the prescription?

With financial crime rapidly growing as a major topic for banks during the past 10 years, this has led to an enormous increase in the number of KYC (know your customer) teams. Yet this seemingly hasn’t been enough. Instead of more regulations, four alternative solutions emerge:

Terminate all shell companies in the US and force companies’ owners to always be named. This situation requires a global standard for more transparency.

Increase the direct accountability of bankers. Some suggest incarcerating bankers accused of fraud. While fraud may be difficult to prove (few cases show actual evidence of corruption), modifying company policies to increase accountability of front-office employees may suffice (such as fines, salary penalties in cases of not complying with the rules). 

Improve data-management systems to identify patterns of fraud quicker. Banks collect a lot of data on their clients (characteristics, activity). Leveraging data management and artificial intelligence to build fraud-detection patterns that could be shared among banks and regulators may help to identify potential fraud and prompt actions to be taken faster. 

Provide greater public visibility into banks’ prosecution agreements. It may be the whole system’s logic that should be questioned. While it is based on confidentiality, it may be the time to ask for more transparency and visibility from regulators and governments, at least after the fact (such as annual public reports on SARs).


Related Articles

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.