top of page

The FinCEN leaks reveal a failing system, not failing banks.

Banks and bankers’ reputations are currently at an all time low with outcry over the FinCEN file leak. However, to what extent are banks actually responsible for facilitating money laundering? Or is the media, attracted by big figures, merely capitalising off the already tarnished image of banks to sell stories?

When you read what’s in the media, it doesn’t look good for banks. The BBC, with its main article on the matter, leads with ‘how some of the world’s biggest banks have allowed criminals to move dirty money around the world’. This includes some of the biggest banks hosting Ponzi schemes, moving money for Russian oligarchs under sanction and terrorist financing. But before we analyse the extent to which this is true, some context would be useful.

The United States Financial Crime Enforcement Network, or FinCEN, is a bureau of the U.S. Department of Treasury with a mission to safeguard the financial system and promote national security through the collection and analysis of financial information in order to combat domestic and international money laundering, terrorist financing, and other financial crimes. To perform its duty, FinCEN receives and maintains financial transactions data, analysing and disseminating it, for law enforcement purposes. Any concerns about transactions made through financial institutions in US dollars need to be sent to FinCEN, even if the transaction occurred outside of the United States.

One of the key ways of aggregating such data is through a Suspicious Activity Report (SAR). The FinCEN files refer to the 2,647 documents leaked in September 2020 involving $2 trillion in transactions by some of the world’s leading financial institutions between 2000 and 2017. Initially obtained by BuzzFeed News, 2,121 of the leaked files were SARs. A SAR is a document that financial institutions, and those associated with their business, must file with FinCEN whenever there is a suspected case of money laundering or fraud. SARs however are not proof of any crime or admission of any wrongdoing or guilt on the part of the financial institution.

One of the issues with SARs is the vagueness of the criteria for when one is required. The criteria varies from country to country and also financial institution to financial institution. In the U.S., SARs are a tool provided by the Bank Secrecy Act (BSA) which require financial institutions to assist U.S. agencies in detecting and preventing money laundering.

According to FinCEN, reportable transactions include those deriving from potential illegal activity, transactions designed to evade the requirements of the BSA and those that appear to serve no business or apparent lawful purpose. The rule further includes two different dollar thresholds depending on the stage and type of transaction involved. Financial institutions are then given 30 days after becoming aware of a suspicious transaction to complete a SAR.

If a financial institution fails to report suspicious transactions, they and their employees could face civil and criminal penalties. Data from consultancy Duff & Phelps revealed that AML fines in the first six months of 2020 reached US$706 million, compared to US$444 million in the entirety of 2019. More poignantly, however, SARs that are not followed up by FinCEN do not receive a penalty.

Therefore, with the threat of criminal prosecution in failing to report a SAR, and the inconsequence of a false alarm, banks have been steadily increasing the number of SARs filed with FinCEN. In 2019, FinCEN received more than 2 million SARs, with the number filed having almost doubled over the past decade. Over the same period, FinCEN’s staff shrunk by more than 10% resulting in 3,800 reports per FinCEN employee in 2019.

The question then remains as to whether the allegations surfacing in the FinCEN files reveal a form of cooperation between money launderers and banks, or does it rather reveal a lack of interest by political and law enforcement leadership?

Buzzfeed, who first received the FinCEN files, describes the use of SARs by banks as ‘a get out of jail free card’ but ultimately, it is their legal duty. Rather, stricter criteria for what constitutes the need for a SAR should be laid out by the regulator. Yes, banks should realise they have a moral obligation to prevent money laundering however it is not their sole purpose. That is the sole purpose of FinCEN, so surely the burden is on the regulator to have stricter and more clear requirements.

Ultimately, a bank can have the best safeguards in place, with rigorous compliance procedures but money-launderers will slip through the net in what will perpetually be a game of cat and mouse. Regulators must be clearer with what they desire in terms of procedures and reporting from banks. If the current system is not working, that fault does not lay totally on financial institutions alone but with those tasked with regulating it too.

Buzzfeed reports that the SAR system makes a mockery out of anti-money laundering rules, explaining that ultimately banks must refuse the custom of clients that constantly flag as suspicious. Furthermore, they point to a lack of know-your-customer controls where the owners of companies who have moved billions through banks such as HSBC were unidentifiable.

Resultantly, at least 18 banks have received deferred prosecution agreements for anti-money laundering, however, at least 4 of those banks broke the law again and received fines. On two occasions the repeat offence was only punished by renewing the deferred prosecution agreement. This is irrefutable evidence that, although banks may not be 'squeaky clean', governments must also take responsibility for not having the correct controls and punishments in place to prevent and deter irresponsible behaviour.

To evidence this point, if banks were trying to circumvent regulators, they wouldn't be filing the SARs in the first place, and are in fact evidence of them working within the regulatory system. One cannot refer to the filing of SARs as merely "backside covering" when it is the very vehicle the government uses to attempt to prevent money laundering.

The rise of regulatory technology is also evidence of the seriousness with which banks approach their compliance obligations. The global RegTech market is expected to grow from USD 6.3 billion in 2020 to USD 16 billion by 2025 at a Compound Annual Growth Rate of 20.3%. Although RegTech solutions can be applied to any regulated industry, it has seen the most deployment in financial services given the ever tightening regulations and increase in penalties for breaking such regulation.

For example, companies such as ComplyAdvantage use an Anti-Money Laundering data feed which creates profiles, automates customer monitoring with KYC and due diligence tools and screens payments in real time. Within 24 hours, it can screen 5 million articles and update 30,000 KYC profiles.

The technologies that are being invested in by the financial services industry are reaping their rewards too. AI and machine learning, robotics, blockchain and biometrics are all helping to automate compliance processes which help concentrate attention on the more serious AML cases. Financial institutions in the U.S have seen a 30% reduction in annual labour costs and a 25% reduction in false positives through the use of advanced analytics.

A reduction in labour costs helps to free up more of the compliance budget that can then be reallocated to other tasks, or to investigate the most serious breaches. Furthermore a reduction in false positives returns more concentrated effort on serious breaches as compliance officers spend less time chasing red flags. Digital transformation also helps the regulator. Advanced analytics helps to better understand financial institution's data and also reduces the manual burden of FinCEN's staff. Therefore, those SAR reports that were not acted upon, that should have been when genuine breaches of AML activity occurred, can now be seriously investigated thanks to the time-saving efficiencies of regulatory technology.

Ultimately, the FinCEN leak has once again tarnished the reputation of banks. Previous leaks including LuxLeaks (2014), Swiss Leaks (2015), Panama Papers (2016) and Paradise Papers (2017) have publicised the underground and shady aspects of Financial Services. The FinCEN leaks differ in that they expose multiple banks and a broader range of suspicious activities.

However, in filing a SAR, it could be said that the banks have already done their part and fulfilled their legal duty. Regulators do not specify whether a bank should or should not continue with a client once an SAR has been filed, but rather leave it to the bank’s discretion based on individual circumstances. Therefore, while it may be easy to wholly point the finger at banks given their reputation, regulators must also be held accountable to some extent. If the current regulatory system is failing to prevent money laundering, terrorist financing and fraud, then it is the regulatory system that should be changed - not necessarily the banks themselves alone.

Regarding this system change, not only should regulators look to tighten regulation and set more specific criteria in terms of what is, and what is not 'suspicious'. Given the advent of RegTech and the multiple ways it can help both the regulator and the regulated, wouldn’t regulatory frameworks that allow for such technology make more sense? Moving to a more digital framework frees up significant time for regulators to focus on the most serious breaches and reduce the flagrant increase in SAR reports.

In other words, it makes sense that the future of financial services regulation becomes more digital and manual, cumbersome vague criteria processes become the past.

References: 2020. Financial Crime Analytics Utility | Accenture. [online] Available at: <> [Accessed 30 September 2020].

BBC News. 2020. All You Need To Know About Fincen Documents Leak. [online] Available at: <> [Accessed 30 September 2020]. 2020. Fincen Files Show Criminals Moved Billions As Banks Watched. [online] Available at: <> [Accessed 30 September 2020].

Duff & Phelps. 2020. 2020 AML Fine Values Already Surpass 2019 As Firms Are Repeatedly Sanctioned For The Same Failings Says Duff & Phelps. [online] Available at: <> [Accessed 30 September 2020]. 2020. Fact Sheet For The Industry On MSB Suspicious Activity Reporting Rule | Fincen.Gov. [online] Available at: <> [Accessed 30 September 2020]. 2020. SAR Stats | Fincen.Gov. [online] Available at: <> [Accessed 30 September 2020].

Kumar, M. and Mukherjee, S., 2020. REGTECH THE NEW WAR CRY AGAINST FINANCIAL CRIME. [online] Available at: <> [Accessed 30 September 2020]. 2020. What Is A Suspicious Activity Report?. [online] Available at: <,of%20money%20laundering%20or%20fraud.> [Accessed 30 September 2020].


bottom of page