First a disclosure – I used to be a Nominated Officer at a big bank, and so was 'nominated' to receive internal suspicious activity reports (SARs) under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000. I discharged these responsibilities by conducting investigations into the substance of the suspicions reported to me (my team dealt with 'complex' cases only).
Referrals came to us from inside the business, by way of internal SARs, or via colleagues in legal teams, or in the form of intelligence provided by law enforcement and other external agencies (or following a large data leak or money laundering scandal hitting the press). I was then responsible for determining whether there was an obligation to file a SAR with the UK's Financial Intelligence Unit (FIU), within the National Crime Agency (the UK's equivalent to FinCEN). In this capacity, we investigated complex high-end money laundering and conducted proactive investigations into a range of threats. We also engaged with law enforcement in relation to financial crime disruption activities.
What are the 'FinCEN files'?
'The FinCEN files' is the name given to an investigation by the International Consortium of Investigative Journalists (ICIJ), resulting from a 'whistleblower' obtaining and sharing 'secret' SARs submitted to FinCEN by financial institutions with Buzzfeed. Buzzfeed then shared the data with the ICIJ, and ultimately over 400 investigative journalists in 100 countries worked on the associated investigation for nearly two years.
The total data set includes 12 million SARs filed with FinCEN between 2011 and 2017, but the exposé relates to 2,100 SARs or 0.02% of the total SARs filed in the period. As I will come to, we don't know what criteria were used to pick the smaller population of SARs, or what the whistle-blower's motivations were.
Going beyond the headlines
Let's start by setting the scene – According to the ICIJ's website, one of their 'Key findings' is:
"Global banks moved more than $2 Trillion between 1999 and 2017 in payments they believed to be suspicious"
A massive amount, and a shocking headline. But I'd like to make four observations:
1. The threshold for filing SARs in the US is very low:
often an analyst working a massive volume of alerts will identify one or two red flags, and with incomplete information and without having time to conduct a thorough investigation, will nevertheless decide to submit a SAR. Known as 'defensive filing', it results in a lot of noise and is of little value to law enforcement. So, while this headline would have you believe that all the funds referenced in the SARs are suspicious, it simply does not stand up to scrutiny and is misleading (to put it politely). Civil and criminal evidential thresholds (balance of probabilities; beyond reasonable doubt) do not apply to a SAR filing. Nevertheless, the fact a SAR has been filed is being misrepresented as proof that a transaction and the associated funds are tainted. Extrapolate that across the entire set of SARs submitted in the period and you get eyewatering headlines, but it is arguably very misleading.
2. Why are banks being blamed for complying with their legal and regulatory obligations by filing SARs? I Is there a massive global problem with serious organised crime? Yes. Are banks and other financial institutions used to launder the proceeds of crime? Yes. However, banks aren't prosecuting authorities, they aren't responsible for assessing, developing or building criminal cases against possible money launderers, nor are they responsible for conducting investigations into the underlying criminality - that's what law enforcement is there for. Which segues into the role of national FIUs and law enforcement, and what I believe ought to be the focus of debate.
3. Do FIUs and law enforcement agencies have sufficient capacity, capabilities and tools to combat serious organised economic crime effectively? No - in our experience of working in various jurisdictions around the world, FIUs and law enforcement agencies are often underfunded, under-resourced and lack the technical tools to process, interrogate and sift through the intelligence and information available to them (including the SARs their FIUs receive from financial institutions). They also lack the frameworks to share intelligence cross border and are often hamstrung by ineffective legislation and poor coordination between stakeholders.
4. How was 'public interest' assessed? Those involved in the exposé have said they've carefully assessed what is in the public interest and have not released stories that do not meet this test. We haven't heard what criteria were used (why these SARs, related to these particular banks...), or how these self-appointed arbiters were in a position to know whether any live investigations or operations may be prejudiced by the leak, or whether people's safety may have been threatened. When you work in a financial institutions' financial crime investigations team, you are trained not to 'tip-off' anyone to the fact that a SAR has been submitted. Their job is now considerably harder, and riskier, because further scrutiny will be placed on what SARs are submitted, given the risk that they may be disclosed in public; some very hardworking, talented investigators may decide that this is no longer a role they are comfortable performing.
International organised crime gangs are motivated and well-funded. They exploit weaknesses in systems and controls (and regulatory environments). The debate should be about the need to make a step-change in our approach to combatting this international problem, and about the need to invest in properly resourcing FIUs and law enforcement agencies. The FinCEN files leak is a distraction.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.