In September of 2020, a massive leak of reports on potential financial crime filed by banks with the US government made headlines all over the world. Known as “The FinCEN Files” after the US agency that had received the original reports, they revealed a global financial system where illicit funds appeared to flow with relative impunity, despite banks’ and government awareness of the flows’ existence. To many, this suggested that the global Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) framework was not fit for purpose, and was struggling to manage money laundering and financial crime risks.
While the general public, already numbed by successive news stories of banking malfeasance, were muted in reaction, many of the U.S and European banks involved in the leak took a reputational hit nevertheless. Governments and regulatory authorities took more note, however, and as a result, it seems likely that the leaking of the files will encourage efforts at both local and international levels to strengthen the AML/CFT regime.
The FinCEN Files: What Happened?
As part of AML/CFT obligations, banks are required to monitor clients’ behaviour and report any suspicious activity, via Suspicious Activity Reports (SARs), to national Financial Intelligence Units (FIUs). The FinCEN files involved a significant number of SARs that were reported to the Financial Crimes Enforcement Network (FinCEN), the US FIU within the U.S. Treasury, but were subsequently leaked to journalists at the online media outlet Buzzfeed, and the International Consortium of Investigative Journalists (ICIJ). The data dump contained over 200,000 SARs from 1999 to 2017, covering transactions worth $2 trillion. The media reporting around the leak focused on the revelation that both the banks and governmental institutions were aware that large amounts of potentially dirty money were flowing through the international banking system, but that little was being done to impede it. Unsurprisingly, the leak garnered a variety of diverse reactions from the news outlets, regulators, and the financial and banking sector alike.
A Significant Impact in Europe
Although the SARs in question were filed in the US, they mentioned not only US banks, but several major European banks, such as Danske and Commerz, and other global banks with European bases such as HSBC, Societe Generale, Deutsche and Barclays. In particular, the ICIJ reported that over 60 percent of the SARs mention Deutsche Bank, although not necessarily exclusively in each report. Of the $2 trillion, (€1.68 trillion), in transactions that were flagged by financial institutions as suspicious, approximately $1.3 trillion (€1.09 trillion) passed through Deutsche Bank.
The reports focused on a range of financial crime risks involving European banks, especially their vulnerability to dirty money from corrupt officials and oligarchs in East and Central Europe. One example relates to the Rotenberg brothers, who have close ties with Vladimir Putin, and was placed on the US sanctions list in 2014. The Rotenbergs opened an account with Barclays in 2008, using a shell company, and continued conducting transactions through 2016, even after sanctions had been imposed. In July 2020, the US Senate accused the Rotenbergs of using this shell company to secretly purchase millions of dollars in art in an effort to evade sanctions.
Furthermore, the FinCEN files also pointed to the risk that many European banks were potentially being exploited by serious organised crime. Danske Bank’s Estonian branch, as well as Deutsche, were reported to have established relationships with networks of shell companies that were set up solely to hide the identities of organised crime leaders. The reports demonstrated the important role that shell companies played in the funneling of cash through the international system, as well as that of corporate services providers – many based in the UK – which created them.
The Response from the Financial Service Sector
Several of the European banks involved in the scandal did not issue public responses, but those that did tend to focus on the historic nature of the reports. Deutsche, for example, indicated that the reports related to previous failings within the bank, identified in conjunction with a 2016 AML/CFT enforcement action in the US that resulted in a remediation programme that addressed those weaknesses. Other expert observers suggested that the files were not especially shocking, indeed, that they demonstrated the AML/CFT system was operating expressly as designed, with banks simply reporting suspicion to the authorities, without undertaking specific actions to stop the flows.
John Cusack, formerly the Global Head of Financial Crime at Standard Chartered opined, that the banks had been “pleading for reform for the last few years, and in particular SAR Reform.” He noted that if successful this would not only help the banks but law enforcement too, reducing “the likely number of SARs filed” but also ensuring that they “would be of much higher quality…and focused on those areas that are priorities for… Law Enforcement.” Cusack argued that the majority of clients involved with SARs are not investigated, much less prosecuted and that if banks closed accounts based on SARs activity alone, many would-be closed unnecessarily causing financial exclusion to economically marginal customers.
A Call to Action for European Rule Makers
Although industry responses such as Cusack’s were common – and in terms of the obligations on banks accurate – the European political class has been generally unsympathetic to the idea that the system alone is at fault. These reactions have of course been framed in part by the ongoing fall-out from recent European banking scandals involving Nordic and Baltic banks, which have reduced goodwill towards the financial services sector The succession of scandals, culminating with the FinCEN files have reinforced desires within the European Union (EU) to take more aggressive action on AML/CFT, and in May 2020, the European Commission published proposals on creating a centralised EU AML/CFT authority and a single rulebook on regulations, rather than the existing AML directive (AMLD) approach, which was later solidified into a reform plan in October 2020 that was approved by EU ministers. and is due to be the basis of detailed proposals published in early 2021. Although the FinCEN files did not cause this development, they have at least provided additional impetus to the swift implementation of reform.
What European Financial Institutions Can Expect
The ultimate implementation of the EU AML/CFT action plan will take time. However, it embarks on a step-change in AML/CFT regulation in the EU, moving away from broadly standardised regulations, slow-moving change, and a solely national application of regulations. The overall development of the EU’s AML/CFT approaches through successive AMLDs has been to bring more sectors within the scope of obligation and to increase the depth of private-sector obligations. These promised developments within the regulatory authorities are likely to energise this approach further. The lesson of the FinCEN Files and its aftermath is that businesses will be expected to take a more intelligent and agile response to financial crime risks in the future.