Leaked financial documents reveal that some of the world’s biggest banks are allowing money-laundering transactions to be carried out by criminals. And governments are aware it is happening on their watch.

The latest in a string of leaked financial documents over the last few years, the FinCEN Files case puts the spotlight on the role of big banks and governments in facilitating money laundering. The leaked documents reveal potentially suspicious financial activities involving companies and individuals, but simultaneously raise serious concerns about why banks and governments have not taken greater action to stop such transactions if they were aware that they were linked to criminals.

The FinCEN Files comprise more than 2 500 Suspicious Activity Reports (SARs) – documents that banks file with the US Financial Crimes Enforcement Network (FinCEN) when a potentially suspect financial transaction is identified. FinCEN is the division of the US Treasury that combats financial crime. Dating from 1997 to 2017, the documents, which were leaked to BuzzFeed News and examined by investigative journalists around the world, shed light on a huge number of suspicious financial transactions known to governments.

Though a SAR does not in itself indicate that a money-laundering offence has been committed, analysis of the leaked files reveals cases of substantial wrongdoing. Of the $2 trillion worth of transactions accounted for in the files, billions of dollars’ worth of transactions have been identified as illegal. Organizations and individuals from more than 170 countries are implicated, including, ironically, establishment banks operating in some of the world’s most highly regulated financial regimes.

Money laundering unimpeded – despite financial regulation

The decade following the 2008/09 financial crisis has been defined by reform and expansion of financial regulatory architecture across world markets. Although designed primarily to combat volatility in financial markets, much of this new regulation nonetheless has had consequences for institutional responses to money laundering.

The 2010 Dodd Frank Act in the US, for instance, sought to improve financial transparency by tightening requirements around institutions’ disclosure and reporting processes. And in the UK, the Financial Conduct Authority, a new financial regulator, was established in 2013. But even before the global financial crisis, the legacy of the 9/11 attacks had heightened awareness of terrorism financing, which ushered in greater investigative capacity in the financial markets as authorities around the world were given mandates to investigate suspicious financial activity. Germany’s Financial Intelligence Unit (FIU), founded in 2002, exemplifies this first stage of improved anti-money laundering (AML) initiatives.

Given that greater stringency has been introduced over the years into global financial regulatory regimes, and that the suspicious transactions among the FinCEN Files are reported to the US Treasury, which shares this information with law enforcement around the world, it begs the question, why have a greater portion of these transactions not been prosecuted or prevented?

First, limited law-enforcement capacity appears to be one underlying problem. Former prosecutors in the US believe that the US government does not possess the resources needed to identify and pursue the high number of SAR cases efficiently, a problem exacerbated by cuts in FinCEN staff over the past decade. The US is not alone in experiencing human-resource constraints. Germany, home to Deutsche Bank, which single-handedly accounts for 62 per cent of the leaked SARs, has for years understaffed its FIU, which meant that as of May of 2019, 36 000 of the suspicious transactions reported to the FIU remained unresolved.

Compounding the problem is the sheer number of SARs that are submitted. Banks’ compliance divisions have increasingly engaged in so-called defensive reporting. Their logic is that because submitting a SAR limits the legal culpability of a bank, immunizing it and its executives from prosecution relating to the reported transaction, banks are increasingly submitting SARs at a low bar of suspicion. This approach shifts an ever-greater burden of investigation onto the shoulders of the country’s law-enforcement agencies. AML regimes have therefore become hamstrung by under-funding, under-staffing and a mounting number of unresolved SAR cases, which are growing faster than capacity to investigate them.

Further, criminal-justice responses to banking misconduct tend to be lax. Cases against big banks often end in deferred prosecution agreements, resulting in fines rather than more serious punitive action. For banks, these fines usually represent little more than a slap on the wrist, doing little to motivate change in practices around suspicious transactions. Despite being fined for financial misconduct, JP Morgan Chase, HSBC, Standard Chartered, Deutsche Bank and BNY Mellon all continued to process transactions for criminals.

Another factor delaying responses is the length of time that the banks take to report suspicious activities. Although they are required to submit a SAR within 60 days of suspicious activity being detected, the median reporting time of the SARs contained in the FinCEN Files was 166 days. This latency shows how banks process suspicious transactions with impunity, only to retrospectively report the potential money laundering activity to the FinCEN when it is too late.

The shift of risk away from banks

 At the heart of the issue is a fundamental problem of moral hazard. Banks not only over-file SARs, but also use them to continue processing suspicious transactions. If a bank files a SAR, it is not obligated to delay or halt the transaction it has reported, so banks often continue to process suspicious transactions on the understanding that they have fulfilled their obligation by submitting a SAR.

The result is that banks find themselves able to choose to do little or even nothing to properly investigate or stop the flow of financial transactions once a SAR has been filed. In so doing, they divest themselves of much of the risk linked to illicit financial flows. For example, ascertaining beneficial ownership of a firm that might bear all the hallmarks of being a shell entity is not required, and therefore not necessarily carried out. But even more troubling is the fact that transactions on behalf of suspected, known and even convicted criminals often continue to be processed by banks, which are fully aware of the implications, but by merely filing a SAR, they are seen to have complied with the technical statutory requirements.

Hence, the core of the problem with the SAR regulatory regime is that regulations surrounding financial disclosure aimed at improving AML regimes ultimately provide banks with the means to continue facilitating money laundering while lowering the associated risks of doing so to the bank.

There are, however, some positive things to have emerged from the FinCEN Files leak. For a start, the FinCEN has committed to reform its programmes. There are also lessons to be learnt from the leaks, and in terms of what changes can be made to improve AML processes and practices.

First, the capacity of the FinCEN and financial intelligence units around the world must be improved. Building on this, criminal-justice responses must become more aggressive in their prosecutions. Deferred prosecution agreements for banks cannot remain the default if the incentives that motivate bad behaviour are to be challenged.

Second, the defensive reporting through which banks over-file SARs must be counteracted. FinCEN has announced that it will release new guidelines on how SARs are reported. For the SAR mechanism to work, banks must file fewer cursory SARs and become faster at reporting more obviously suspect transactions. It is vital that new guidelines recognise this.

Third, states must become more proactive in tracking beneficial ownership and clamping down on shell entities that exist on paper only. On this count, there are promising signs. In September 2020, the UK government announced plans to require compulsory identity verification of those registering as directors of companies. Days later, the government of the British Virgin Islands, a notorious haven for money laundering, announced its commitment to creating a publicly accessible register of beneficial ownership.

Finally, states could consider reforming the SAR process more fundamentally. As a legal expert at Forsters LLP, argues, the current ‘deemed consent’ paradigm (in which banks are understood to have consent to process suspicious transactions after reporting them unless they receive specific requests not to) may be rethought. Some jurisdictions, such as that of Jersey, understand there can be no consent to process a transaction once it is identified as potentially suspect. Such a shift, however, appears unfeasible at present in countries with centres of major financial activity, but may become more likely if technology can be harnessed to scan and filter transactions.

Until then, however, if banks have evidence that criminals are moving cash through the system, they should take immediate action. Despite decades of heightened financial regulation and oversight, it seems little has been done to combat the global business of money laundering.