December 3, 2020
IntelBrief: FinCEN Files Leak Exposes Flaws In System Designed To Fight Criminal And Terrorist Finance
In September 2020, a trove of leaked documents from the United States Financial Intelligence Unit (FIU), known as the Financial Crimes and Enforcement Network (FinCEN), exposed a wide array of financial misdeeds, many of which were facilitated by the largest banks in the world. The leaked FinCEN documents featured more than 2,000 reports, known as suspicious activity reports (SARs), that would become the subject of multiple investigative feature stories from journalists associated with the International Consortium of Investigative Journalists (ICIJ). Various ICIJ stories exposed how post-9/11 financial intelligence efforts have failed to prevent malicious actors from abusing the international system of finance. ICIJ exposés documented how dirty money was laundered to give it the appearance of seeming legitimate and how major banks apparently allowed it to happen, despite numerous red flags. In one scheme, North Korea, which is listed as a U.S. State Sponsor of Terrorism, laundered at least $174 million over a period of several years through U.S. banks via shell companies. In another example, the leaked SARs and an ICIJ report indicate that Germany’s largest bank was used by organized criminal, terrorist, and drug trafficking networks to launder the proceeds of ill-gotten cash.
With the 2016 Panama Papers scandal in recent memory illustrating significant vulnerabilities in the formal financial system, the so-called FinCEN files leak again emphasizes the glaring need for a re-examination of the way banks and governments tackle financial crime. However, one flagged concern from the FinCEN files—that multiple banks allowed for account holders to continue engaging in transactions post-SAR filing—could have several explanations. For instance, law enforcement agencies may have requested banks to allow for future transactions to occur for investigative purposes. Regardless, the FinCEN files demonstrate a need for reform. The system of filing SARs is decades old, and the failings exposed in the leak are not solely attributable to the behavior of banks. In fact, the SAR leak illustrates that banks are filing concerns based on the system’s current design. Another concern regarding the federal government leak is that it may create apprehension within financial institutions to file SARs because the process is insecure. A key element of the SAR filing system is that the information sent to FIUs, like FinCEN, is kept confidential and private information is not publicly exposed.
There are a number of regulatory and systematic adjustments that could be pursued in response to the FinCEN leak. In the United States, tweaking the SAR process to improve the system could include new requirements related to encouraging the filing of secondary ‘structuring’ specific SARs. Doing so could better highlight concerns to examiners and regulators regarding possible money laundering. ICIJ reporting on the FinCEN files illuminate that structuring—the second stage of money laundering, where transactions are layered in a manner to obscure the source of the funds—was rampant. U.S. regulators may also want to consider adjusting thresholds related to SAR filing that are consistent with updated real-time FinCEN updates; this system could focus private sector attention on new priorities consistent with SAR trends and other intelligence reporting. Banks, however, should consider unilateral options for improving their ability to detect money laundering operations. In Belgium, it was recently reported by the ICIJ that ING Belgium, KBC Bank, Belfius Bank and Insurance, and BNP Paribas Fortis jointly requested that the Belgian government create a law for them to establish a secure system to share information with one another regarding suspicious activity. Sharing information between financial institutions can be difficult given privacy rights and laws associated with banking in many jurisdictions, since banks possess important bio-identification information of their customers.
The SAR system creates a natural tension between privacy and national security. Yet, some countries, like the United Kingdom, have straddled the line better than others and have successfully created an atmosphere for interbank cooperation on money laundering issues. In the United States, a number of financial regulatory reforms have been folded into the 2021 National Defense Authorization Act (NDAA). For instance, the 2019 Corporate Transparency Act and the Banking Transparency for Sanctioned Persons Act appear to be in the U.S. House of Representatives version of the NDAA. The former, for example would improve reporting requirements surrounding beneficial owners of entities. The FinCEN files may have prompted greater analysis of who actually derives economic benefit from shadowy corporations or offshore companies, which may improve the fight against such financial crimes; yet, these steps are insufficient. Larger systemic reform is necessary, especially given the split-second speed in which financial transfers can now happen with one-touch over a smartphone—speeds never envisaged by the Banking Secrecy Act or PATRIOT Act.