FinCEN Files: Should Banks Be Expected to Police Financial Crime?
The recent furore around the perceived lack of action on suspicious activity reports (SARs) filed by banks with the Financial Crimes Enforcement Network (FinCEN) raises questions about their role in supporting regulation and detecting financial crime.
Perhaps a question the media should be asking, however, following the release of the ‘FinCEN files’, is not whether the banks are corrupt, but how they can be better supported in playing their part in the fight against fincrime.
What is the purpose of SARs?
Suspicious activity reports are, by their very nature, intended to be confidential. Since 1996 they have been the accepted method for financial institutions (FIs) to communicate concerns to FinCEN. This report should produce meaningful dialogue, and in certain instances may result in a legal case. In simple terms, it is a means for banks to alert the appropriate authorities that they have witnessed a transaction (or a series of transactions) that are not in keeping with their knowledge of their client.
And here lies the problem since, clearly, simply ‘knowing’ one’s client is no longer adequate, if indeed it ever was. A solid understanding of your client, and very often their clients as well, is the ‘new normal’ requirement and expectation in terms of anti-money laundering (AML) regulation. What appears to be suspicious can often be easily explained, and what appears on the face of it to be legitimate is often not fully understood. Consider the question, ‘How well do I know my supply chain?’ and an idea of the complexities involved becomes apparent.
The information in the FinCEN files relates to SARs raised between 2000 and 2017, so it is somewhat historic. It is reasonable to suggest that the current quality of SAR completion, while still needing improvement, is significantly better than it was 20 years ago and many positive things have happened in this field in the intervening years. Many banks have made huge strides towards gaining a better knowledge and understanding of their customers, including identifying their source of funds and that of their wealth.
Could, and should, regulators and governments do more? Absolutely. However, they appear to be drastically under-resourced and lacking in cohesion. Data protection laws, while understandably seen by many as a fundamental protection of civil liberties, can mean that FIs are often unable to legitimately share information on mutual clients, which could help to prevent financial crime.
That said, there are numerous public-private partnerships that exist to share information, as well as instances of banks joining forces to review transaction data, such as the Nordic KYC Utility. This is the way forward, and it is reasonable to expect that there will be more collaborations in future, especially as AML fines show no sign of abating for FIs.
What do the regulators do with SARs?
While reports have raised questions about what action FinCEN may or may not have been planning, publicly disclosing the FinCEN files could prejudice existing or pending legal action because of what they reveal.
SARs are not always totally accurate and do not necessarily imply guilt. Fortunately there are numerous tools that can aid and support the process of screening. Anti-financial crime training has developed and improved significantly and would be considered vital by many FIs.
There have also been major improvements in technology in recent years that facilitate comprehensive background checks on clients. Today’s technology can provide ownership and ‘control’ data as well as risk-relevant information. When properly combined and configured, this technology is a powerful tool to help FIs to make better decisions. Imagine how useful it would be to know in advance who owns and controls a company that you want to do business with, and that their key principles have a clear track record?
Banking on the banks
Those who have worked in or with a retail or investment bank ‘know your customer’ (KYC) function in recent years may well refer to a ‘culture of fear’ surrounding the reporting of suspicious activity. Given the potential consequences of getting it wrong, that is somewhat understandable. FIs have been crying out for guidance on SARs from the very people who process them.
Banks operate, within a ‘control environment’ and are continually under regulators’ scrutiny. Yet a recent Wolfsberg Group publication spoke about the effectiveness of FIs’ AML activity and programmes for countering the financing of terrorism and the necessity for FIs to review their current practices.
There is a heavy, but justifiable, burden of expectation upon FIs, both at the point of onboarding of clients and throughout the client lifecycle. Technology can come to their aid here, and demand is driving its development. ’Straight through processing’ is now prevalent thanks to the new wave of ‘FinTechs’. Managing the client lifecycle by exception is another relatively new concept, that of ‘perpetual KYC’, and this is gathering momentum in banking circles.
Ultimately, it is clear that the authorities must work closely with banks to obtain meaningful, actionable data that can result in successful prosecutions for financial wrongdoing. The responsibility rests with the banks to identify suspicious transactions – and it is then up to law enforcers to arrest, charge and convict people or organisations who commit financial crimes.
Find out more about what’s available to support financial institutions in playing their role fighting fincrime by speaking with Bureau van Dijk and RDC about their comprehensive entity data and advanced screening technology.