What the FinCEN leaks reveal about the ongoing war on dirty money

Website of The Financial Crimes Enforcement Network or FinCEN, a bureau of the U.S. Department of the Treasury.

Are global banks helping facilitate crime and corruption throughout the world? Over the weekend, those concerns seemed validated when journalists at Buzzfeed and the International Consortium of Investigative Journalists (ICIJ) announced they had obtained a large cache of financial records that showed some of the biggest banks in the world have been hosting Ponzi schemes, moving money around for billionaire friends of Vladimir Putin, and providing services to known terrorist financiers and arms traffickers.

Since then, the newspapers have been abuzz with stories of wrongdoing, the stocks of several international banks have tanked, and even former presidential contenders Elizabeth Warren and Bernie Sanders have weighed in. And the stories are likely to keep coming.

The leaks provide a small snapshot of the US government’s attempts to keep tabs on financial crime

The files in question were reports collected from banks by the Financial Crimes Enforcement Network (FinCEN), the arm of the U.S. Treasury tasked with keeping tabs on and combating money laundering.

In the U.S., when a bank spots a client or a transaction that raises suspicion, they are required to file a suspicious activity report (SAR) and submit it to FinCEN. A SAR usually contains basic information about the client and transaction, as well as a short narrative written by those at the bank in charge of worrying about financial crime. There are no hard rules on what constitutes a suspicious transaction and so banks may rely on a number of criteria. One common sign of suspicion is one in which a client attempts to avoid attention from the authorities by making several deposits below $10,000, which is an automatic reporting threshold. Banks might also be more likely to report on transactions involving unclear sources and beneficiaries, or those connected to jurisdictions with a history of financial crime.

Banks and a few other regulated industries file roughly 2.2 million of these every single year. SARs are one of the primary means through which “financial intelligence units” such as FinCEN monitor the financial system, relying on the private sector to sound the alarm when something is amiss.

The cache of 2,100 reports that reporters got their hands on is just a small sliver of the roughly 12 million SARs FinCEN has received since 2011. By the media’s account, it is a list of reports assembled during congressional investigations into Russia’s efforts to interfere in the 2016 election, as well as several other law enforcement investigations. The small sample means that it is hard to infer much about the overall state of money laundering from what was released, and because these were SARs that had already piqued the authorities’ attention, it is not surprising that they detail some pretty bad behavior.

These leaks also differ from previous bank leaks such as the Panama Papers in a crucial way: They are a snapshot into financial crime that banks are openly reporting to the authorities. This means, on a basic level, the reporting system is functioning. But the same leaks also show that banks frequently filed a SAR months after the transaction had taken place, and sometimes multiple times on the same client without anyone seemingly taking any action.

This is frustrating because there has been a seismic shift in anti-money laundering (AML) enforcement in the past two decades. In the years following both 9/11 and the Great Recession, pressure on banks to be on the lookout for dirty money swelled. Since 2008, U.S. regulators have handed out nearly $30 billion in fines to those found to have facilitated money laundering, sanctions evasion, or terrorist financing. But the presence of many of the accounts in the FinCEN SARs leak, even after banks were slapped with large fines and deferred prosecution agreements, suggests that banks have yet to truly rehabilitate, that the international financial system is still rife with dirty cash.

It is also possible that, in some ways, recent efforts to clamp down on money laundering might have made FinCEN’s job a lot harder than it used to be.

US authorities are receiving too many useless suspicious activity reports

In response to a surge in regulatory pressure, banks and other financial institutions responded not only by investing more in their compliance departments: They also began sending in more SARs to FinCEN. This behavior made sense because banks will get into serious trouble with the authorities if they fail to file a SAR on a client who later ends up getting caught laundering money, but there are no repercussions to filing a report that ends up being a false alarm. This leads banks to file “defensively,” issuing a SAR on a client if there is even a whiff of suspicion, shunting the investigation over to FinCEN employees to deal with.

Figure 1. The number of SARs that lands on each FinCEN employee’s desk is skyrocketing

Figure 1. The number of SARs that lands on each FinCEN employee’s desk is skyrocketing

This wouldn’t be a problem if FinCEN’s resources were rising commensurate with the increase in its paperwork. But that’s not what is happening: Since 2001, FinCEN’s staffing has increased by only about 70 percent, from 178 people to an estimated 300 or so this year. But since 2003, SARs from banks have quadrupled. The average FinCEN employee now has 4,000 SARs a year to investigate from banks alone. At those levels, there is no way for an investigator to reliably separate the signal from the noise.

What little evidence we have on defensive filing suggests it makes for a less effective anti-money laundering system. A study by economists Brigitte Unger and Frans van Waarden found that in the late 2000s, SARs filed by banks in the Netherlands were falling at the same time they were skyrocketing in the United States. Despite this, conviction rates for money laundering-related offenses in the Netherlands actually increased over this period, while they remained relatively flat in the U.S., suggesting it is the quality, not the quantity of the reports that matters.

Despite capacity constraints, US authorities are now monitoring financial crime on a global scale

FinCEN receives suspicious activity reports only from banks operating in the U.S., but due to the country’s unique position in the global economy, that reporting goes well beyond U.S. borders.

As pointed out by my colleague Eswar Prasad, the U.S. dollar is still the most common currency used when someone makes an overseas payment. But when a bank makes a transaction in U.S. dollars, it typically is required to do so through a “correspondent” bank based in the United States. Banks maintain these correspondent relationships for precisely this purpose: To help them transact in foreign currency and to move money between banks that have no existing business relationship. But the moment a U.S.-based bank handles the transaction, it has fallen into the reach of the SAR reporting system.

Figure 2. Many countries are reliant on the United States for cross-border payments

Figure 2. Many countries are reliant on the United States for cross-border payments

Figure 3. Jurisdictions with more correspondent ties to the US had more banks appear in the leaked SARs data

Figure 3. Jurisdictions with more correspondent ties to the US had more banks appear in the leaked SARs data

Data from The Clearing House and the International Monetary Fund suggest that, on average, around 80 percent of banks in a country have a correspondent relationship with a U.S.-based bank. And those with closer ties to U.S. banks saw a much greater chance that they would end up in the leaked data: After controlling for GDP per capita and several other factors, countries where the share of banks with U.S. correspondents were 10 percentage points higher see a nearly 4 percentage point increase the share of their banks that were connected to a SAR.

The end result is that a lot of cross-border banking ends up in the purview of the SARs reporting system. Roughly 90 percent of the entries in the database released by the ICIJ involve payments between two banks outside of the U.S. There are even flagged transactions that begin and end in the same country: Payments from Nigeria’s First City Monument Bank to two other banks in the same city were reported to FinCEN by Standard Charter, the bank that facilitated the transaction.

The result is that FinCEN is privy to reports on a significant share of global transactions. But the power of a global monitoring mechanism should include a responsibility to ensure that information gleaned is used to make AML enforcement efforts more effective. This makes FinCEN’s ability to wade through and follow up on reports as well as provide their information to overseas counterparts even more crucial.

What could the US be doing better?

Aside from a terse statement issued by FinCEN, the leaks have been largely met by silence by authorities and banks. There have also been some grumblings that they will hurt the fight against financial crime because it will make it harder for banks to trust authorities with classified information in the future.

A productive way forward would be to use the momentum of the leaks to discuss real ways in which the U.S. can improve its efforts to fight money laundering at home and abroad.

First, the detection of financial crime requires resources, so better funding for FinCEN should be a no-brainer. Its budget in 2020 was $120 million, which is slightly less than the production cost of the last Jumanji movie. But budget increases have to come with more boots on the proverbial ground. Despite overtures by the U.S. Treasury to start relying on artificial intelligence to improve tracking, it is unlikely that FinCEN is going to get much better at identifying and following up on cases without lowering its report-to-human being ratio.

Second, given the expanding global nature of SARs, a more radical solution would be to better automate the process that FinCEN and its counterparts in other countries use to share information. Currently, financial intelligence units (FIUs) who are members of the Egmont Group (a bit like The Avengers but with more spreadsheets) can request and send information on a case-by-case basis by using a secure messaging platform managed by FinCEN. But that messaging system has been described by some as outdated, and it requires either a requesting FIU to know what they are looking for or FinCEN to have determined the SAR as being relevant. Moving to a system where SAR databases can be, at a minimum, pinged for hits (as European countries have experimented with) before a formal request for information is made would help speed up cross-border collaboration.

Third, FinCEN and the U.S. Treasury also need to set incentives for banks to go beyond just reporting, and when they do report, to do so accurately. After more than a decade of large fines and deferred prosecution agreements as well as costly investments by banks in their compliance departments, the FinCEN leaks have revealed that the system still isn’t working. Banks are doing their duty in reporting suspicious activity, but many haven’t shown much interest or ability in going further than that, particularly with clients that bring in a steady stream of revenue. The authorities will need to go back to the drawing board to figure out what measures would be most effective at getting banks to embrace compliance over profit.

At the same time, U.S. authorities need to find ways to incentivize more accurate reporting. FinCEN recently announced upcoming plans to issue new guidance to banks on improving their AML effectiveness and providing “useful” intelligence to regulators and law enforcement. But it is unclear that this will reduce the incentives for banks to file defensive SARs unless FinCEN develops a clear, agreed-upon metric for accuracy that it can use to push back on banks that overfile.

Finally, despite leading the charge against financial crime globally, the U.S. is woefully behind on making its own economy less hospitable to laundered assets. It is the only major economy that does not routinely and automatically share bank account information that foreign authorities need to track down tax evaders. It is also astonishingly easy in many states for foreigners to obscure their wealth by creating an anonymous shell company. A bipartisan bill requiring new companies to report the identity of the ultimate beneficiary to FinCEN recently passed in the House of Representatives, but has yet to receive a vote in the Senate. If it truly wants to improve its footprint in the war on financial crime, the U.S. will need to go further than this, but it would be a start.

The data and code used to create the figures in this piece are available for download here