The FinCEN Files, as they have been dubbed by the good folks over at BuzzFeed News and the International Consortium of Investigative Journalists (ICIJ), are certainly headline-grabbing stories and they raise a lot of questions about the efficacy of anti-money laundering (AML) compliance around the globe. Seeing that the Suspicious Activity Reports (SARs) involved in the reporting represents a tiny fraction of the annual volume of SARs filed in the United States, though, and recognizing the changes in AML compliance during the period of the SAR filings, are those the right questions?

Let us ask a few questions of our own to find out if we are drawing the right conclusions from the reporting…

The FinCEN Files Data

The ICIJ website contains no raw SAR data, and BuzzFeed News’ site contains redacted (for obvious reasons) versions of only six of the 2,100 or so SARs. Of those, three relate to the same pattern of conduct reported by HSBC over a period of five months. Such “continuing activity reports” are not rare, especially when the activity is detected within a correspondent banking relationship, which is the way by which banks gain access to foreign financial systems and currencies for themselves and their customers. HSBC could not inform its bank customer of the suspicious activity, under the same “tipping off” prohibition that exists for any of its direct customer relationships.

Question 1: Were the transaction counts and total amounts cited in these reports reconciled so that the same items were not counted more than once?

Question 2: Of the SARs involved in the reporting, how many constituted “continuing activity reports”? And how many related sets of suspicious activity do those make up?

Here are the number of SARs filed each year during the period of the reporting (noting that the FinCEN Files may not encompass all of 1999 and 2017):

* 1999: 120,505

* 2000: 162,720

* 2001: 203,538

* 2002: 281,383

* 2003: 507,217

* 2004: 689,414

* 2005: 919,230

* 2006: 1,078,894

* 2007: 1,250,439

* 2008: 1,290,590

* 2009: 1,281,305

* 2010: 1,326,372*

* 2011: 1,517,520*

* 2012: 1,587,763*

* 2013: 1,640,391

* 2014: 1,659,123

* 2015: 1,812,665

* 2016: 1,975,638

* 2017: 2,034,406

Question 3: How do the SARs cited by journalists break down by the year in which they were filed?

Question 4: Did BuzzFeed News and ICIJ receive more than the approximately 2,100 SARs? If so, what was the total number of SARs and the apparent sum of transactions documented in the excluded ones? Additionally, what was the criteria used for focusing on these specific filings?

It is important to note that a former ICIJ reporter informed an industry convention some years back that only 0.1% of the Panama Papers data was released, and that ICIJ intentionally focused on well-known parties such as politicians and other public persons. Similarly, one should take note of significant discrepancies between the banks identified in the reporting, and those in a potentially broader set of data. Such differences may identify firms for which these episodes were more of an aberration, and others for which this may have been part of their DNA, if not their business model.

Question 5: If SARs were excluded from the reporting, how do the set of involved financial institutions in the excluded SARs compare to the ones included in the reporting as a percentage of the total number of SARs and the percentage of the total amount of laundering transactions?

The Relevance of the Data

When the earliest SAR investigated by the journalists was filed, the Second EU Money Laundering Directive had not yet been passed. Meanwhile, the Fourth Directive’s deadline for being transposed into law by the EU’s 28 member-states (at the time) was June 16, 2017 (having been passed in 2015), toward the end of the period covered in the FinCEN Files.

Question 6: How many patterns of conduct outlined in the FinCEN Files started in each year covered by the filings? And what was the state of AML regulation and enforcement in each country at the time, compared to their current state?

Question 7: Of the patterns of conduct outlined in the reporting, how many may not have been identified in part because the lower regulatory requirements at the time? Of those, how many of them, in theory, would be identified under current regulatory standards?

What the Data Doesn’t Capture

The FinCEN Files capture the regulatory filings made in the United States, but not elsewhere. Nor do they capture any subsequent investigations, prosecutions or regulatory enforcement actions occurring either in the U.S. or abroad.

Question 8: For each pattern of conduct in the FinCEN Files, were similar regulatory filings made in countries involved in the financial activity outside of the U.S.? If regulatory filings were made, were there regulatory and/or law enforcement follow-up actions?

Question 9: Of the conduct outlined in the investigative reporting, which elements have resulted in further regulatory or law enforcement action in the United States? If any elements were subject to U.S. jurisdiction but did not result in further action, why?

“Tipping off” is the undesired, and often illegal, informing a potential money launderer that their suspicious activities have been noted. Should a party be notified, they could terminate their customer relationship and take their assets to other institutions to continue their criminal activity. Similarly, when a financial institution closes an account on which they have filed SARs (or their equivalent outside the U.S.), that action may disrupt active investigations into the pattern of conduct, its underlying predicate crimes or other parties involved in the activity. Regulators and/or law enforcement may, therefore, request that customer relationships on which SARs were filed be left undisturbed so that the investigation can continue to completion.

Question 10: For the patterns of money laundering identified in the FinCEN Files, were directives issued to any of the financial firms to not close account relationships or deter patterns of conduct in order to aid investigation of the laundering or its underlying criminal conduct?

Financial crime, while it may ultimately rely on the involvement of individual parties at regulated firms or their blindness to the activities happening in their institutions, can also result from a known lack of regulation and/or oversight. To be effective, both sets of inadequacies must be identified and addressed.

Question 11: For all the countries involved in the SAR filings, including the United States, does the then-current Mutual Evaluation Report (MER) made by Financial Action Task Force (FATF) member representatives, or those of one of the FATF-style Regional Bodies (FSRBs), identify systemic weaknesses that may have aided the commission of the patterns of conduct identified in the filings? And have those deficiencies since been addressed, according to the latest MER, or other public-source reporting?

The Ultimate Question

Financial crime will never be eliminated; there will always be parties willing to collude with money launderers as long as the reward is large enough. Even when the risk of being caught and punished is high, there will be people who will take the chance.

However, if we answer the questions above with some reasonable accuracy, we can better identify what aspects of the SARs obtained by the journalists represent true areas of concern – areas that have not been addressed over the years by improved regulatory standards and oversight, and/or by improved regulatory enforcement or criminal prosecution.

Once we have identified those remaining blemishes on AML compliance, we can start to address the biggest, most important question of them all: how do we address these known deficiencies in such a way that their frequency and severity are reduced going forward?