An anniversary to forget: one year on from the FinCEN files leak

Documents from the US Financial Crimes Enforcement Network (FinCEN) were leaked to the press and published globally in September 2020. It exposed over 2,100 documents and around $2trn in transactions and showed how some of the world’s largest banks enabled criminals to move dirty money around the globe. A year on, has the industry been able to clean up its act?

The FinCEN files, which was revealed by the International Consortium of Investigative Journalists (ICIJ) in collaboration with BuzzFeed New, included secret reports filed by banks to FinCEN, an agency that is tasked with fighting financial crime such as money laundering and terrorism financing. The investigation involved 400 journalists across 88 countries.

JP Morgan Chase, Standard Chartered, HSBC, Deutsche Bank and Bank of New York Mellon, were just some of the big players linked with money laundering practices. Staggeringly, 62% of the leaked filings involved Deutsche Bank.

A year later, has much changed with the financial sector to stop a similar rot occurring again? Response from the financial services industry has been mixed.

Fenergo global director of financial crime Rachel Woolley said, “The anniversary of the FinCEN Files investigation is a reminder that organised criminals continue to exploit legal loopholes and weak AML regimes across the globe. The leak exposed the volume of illicit funds in circulation and the sheer scale of the problem.

“It’s not just an issue within financial institutions; criminals cast the net very widely in order to evade detection by authorities. The question now is, has any progress been made towards enhancing our response to financial crime?”

On the question, Woolley believes some effort is being made, but the response has been sluggish compared to the severity of the issue. “There is evidence that authorities and regulators are making efforts to close the net by holding firms such as virtual asset services, gambling firms and luxury goods providers accountable, but this reactive approach is barely a drop in the ocean compared to the scale of the problem and does little to prevent financial crime,” Wooley said. “Another emerging threat is the rise of cryptocurrency, which is creating a breeding ground for criminals, yet the industry is largely unregulated.

“If we’ve learned anything from the FinCEN Files, it’s that governments, law enforcement, business and financial institutions must act fast and work together while sharing timely information to intercept crime at the source.” Adopting a collaborative approach, which leverages technology and data, that informs and can be acted upon, will create a “solid foundation for detecting and, crucially, preventing financial crime industry-wide.”

Has the industry seen any change?

Alongside the need for more collaboration between these players, there are calls for governments to implement big anti-money laundering (AML) reforms. While some governmental organisations have attempted to make important changes, many see it as a  lacklustre approach. Earlier this month, the ICIJ reported that FinCEN itself was now ‘working overtime’ to implement major AML reforms, while the European Union has since proposed creating a new financial crimes watchdog that would oversee transactions across the bloc and seek to close loopholes that have been exploited by money launderers.

Despite this, some believe the reforms do not go far enough. There is even a view the FinCEN files haven’t really changed anything in the industry. Acuminor CEO Martin Nordh said, “The FinCEN files probably hasn’t contributed that much to any changes in the anti-financial crime space. We already knew for a fact that the financial industry was being used to launder money and finance terrorism – that’s the reason we have the anti-financial crime regulations and FinCEN in the first place – so the fact that banks report such cases to the authorities was actually just a sign of that the industry was doing what it was supposed to.”

While the industry might not have seen big changes, there may have been some alterations in the general approach to anti-fraud in the sector. Nordh translates this as the industry moving away from ‘tick-in-a-box compliance’ towards a more risk-based approach.

He added, “What that means in plain English is that people are moving away from just shuffling paper forms with little to no real impact on the financial crime threat. Instead, more and more companies are moving towards really understanding their risks and then target their tools and processes to help them find, stop and report the bad guys trying to misuse them for financial crime purposes. This might sound trivial, but in fact it can be a massively complex thing to accomplish.”

The FinCEN files leak may have also hyper-driven another transition – a move away from manual anti-financial crime processes as the industry continues to grow ever more complex. Nordh said, “The threat from financial crime contains everything from human trafficking to terrorist attacks. Not only is it extremely complex, it’s also constantly evolving. As a result, more and more companies have come to realise that manual anti-financial crime processes are bound to fail. That’s just how it is.

“We’ve seen so many cases where everything from the business-wide risk assessment to know-your-customer and transaction monitoring is being performed in Word and Excel. That way of working is not only very expensive given the limited output you get, but also static and not very fun to do. This realisation has created a boom in the number of RegTech companies that helps to solve different challenges across the anti-financial crime space.”

FinCEN commonly gathers suspicious activity reports, (SARs) which are reports that financial institutions are required to file when they suspect some of their clients are committing a financial crime. While SARs themselves do not constitute evidence of a crime, FinCEN has previously claimed that they offer vital information necessary to investigate crimes.

Compliance Solutions Strategies (CSS) director of private funds and broker dealer services John Gentile commented on this topic, stating that companies have always maintained the ‘strictest confidentiality’ regarding SAR filings – but that ‘at the end of the day, any leak of FinCEN list data reflects badly on the organisation and on the industry’.

He added, “That being said, at CSS, we have not observed any material changes to SAR filing practices since the leak. There is not really anything firms can do about a security gap at FinCEN.  Bottomline, firms continue to have a requirement to file SARs, it’s not an elective.  Perhaps, on the upside, the publicity will drive home the need for better internal data controls at FinCEN.”

Copyright © 2021 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.