How SAR Leaks Helped Bring About the FinCEN Final Rule

On September 16th, 2020, the FinCEN Final Rule became effective. The word, ‘final’ is very terminal. But in the financial sector, regulators have needed to take a hard line against the onslaught of financial crime. Being able to simply identify individuals associated with financial fraud has become increasingly complex. Beneficial ownership is often obfuscated and being able to identify individuals behind web-like organizations is a challenge.

The case of the ‘FinCEN Files’ is perhaps one of the most infamous stories of money laundering that have resulted in a hard line by financial regulators. Here is a run-down of the FinCEN Files event, what these files mean, and what can be done to prevent the fraud the leaked files reveal, from happening again.

FinCEN Files - the big leak

The “FinCEN Files” describes a leak of thousands of financial transaction-related files to the media, including BuzzFeed. The files were a subset of compliance data sent by banks to FinCEN during a period from 2011 to 2017, some describing transactions going back to 1999. The FinCEN files include 2,121Suspicious Activity Reports (SAR). These SARs covered over 170 countries and represented transactions valued at over $2 trillion.

A SAR is a vital part of the anti-fraud process and is issued when certain criteria are identified, e.g. a person of interest performs a suspicious transaction. The collaboration between the private sector and the authorities, in this case, FinCEN, keeps the wheels of commerce clean and well-oiled. The leak shows that the collaborative process is working. However, it also indicates that some pretty dubious and illegal activity is happening without any redress. For example, SARs were, it seems, often sent to FinCEN after the fraudulent transaction took place with no follow-up action.

In total, 90 financial institutions were named in the leak. However, 85% of the leaked SARs are represented by a handful of banks. The banks involved in the top six FinCEN files leaks were:

  • Deutsche Bank (982, $1.3 trillion)
  • Bank of New York Mellon (325, $64 billion)
  • Standard Chartered Bank (232, $166 billion)
  • JP Morgan Chase (107, $154 billion)
  • Barclays (104, $21 billion)
  • HSBC Bank (73, $4.4 billion)

(number of SAR files, amount flagged)

The timing of the SARs and lack of indicative action is a concern. The FinCEN leak shows that some banks continued to process transactions even after a transaction was flagged, sending in a SAR sometimes years later. Other issues that came out of the FinCEN files leak included banks knowingly processing money for organizations formerly accused of money laundering and no due diligence performed on owners of company accounts in offshore locations, such as the British Virgin Islands.

What is the FinCEN Final Rule?

After the 2008 financial crash, there was increasing pressure on banks to ensure clean operations. The result of this was the enforcement of AML and other anti-fraud checks through fines. There were 58 AML fines issued in 2019 totaling over $8 billion, double the 2018 figures. Yet, still, the evidence from the leaked SARs shows that dirty money persists. In effect, the FinCEN files leak shows evidence that a SAR is not, in and of itself, a way to prevent fraud. Because of the overwhelming numbers of SARs involved, FinCEN is likely to have ended up with ‘SAR fatigue’. If the FinCEN leak shows the industry anything, it is that anti-money laundering is a challenge that paperwork alone can't fix.

The FinCEN Final Rule has come about as a way to attempt to change this situation. There is a noticeable shift in focus from SAR to a financial institution (FI) as a means to ‘nip the fraud in the bud’. The onus has moved onto the FI to ensure that customer due diligence is performed robustly and that the bank itself has the proper channels in place to meet regulatory requirements.

The rule specifies a minimum set of standards, significant in these areas:

A requirement for AML programs for banks lacking a Federal functional regulator
A bank without a Federal functional regulator is currently required to comply with certain Bank Secrecy Act (BSA) obligations, including filing SAR and CTR. A FI that does not have a Federal functional regulator will be able to leverage existing policies, procedures, and internal controls required by other statutory and regulatory requirements to fulfill the obligations set out in the final rule. Any bank without a Federal functional regulator will have 180 days to comply with the rule from the effective date of the 16th September 2020.

Extension of a customer identification program
Financial institutions require risk-based procedures for conducting ongoing customer due diligence (CDD). The CDD requirements include:

  • Verify the identity of any person seeking to open an account,
  • Maintain records of the information used to verify identity, and
  • Develop and follow procedures for determining whether the person appears on certain lists of known or suspected terrorists or terrorist organizations.

The FI must also have in place BSA reporting and recordkeeping requirements.

Extension to cover beneficial ownership requirements

The final rule requires that an FI establishes and maintains written procedures to identify and verify beneficial owners of legal entity customers.

The types of bank affected by the FinCEN Final Rule are:

  • State-chartered non-depository trust companies;
  • Non-federally insured credit unions;
  • Private banks;
  • Non-federally insured state banks and savings associations; and
  • International banking entities.

How to work with the Final Rule

The burden of compliance, as well as the need to maintain the good name of a financial institution, puts additional strain on banks. The FinCEN Final Rule has generated a need for robust, automated, and reliable transaction monitoring, sanction screening, and KYC/CDD.

The shift from a dependency on SARs is being felt keenly by the financial institution itself. Technology can level the playing field. Banks can effectively block dirty money using a real-time smart AML platform. A real-time AML solution offers a measured and intelligent approach to the SAR fatigue issue. In a report by McKinsey looking at ‘The New Frontier in Anti-Money Laundering’, the researchers state that “Filing of SARs with regulators is another area that presents high potential for automation”. AML platforms that provide the ability to automate SARs also offer a way to make these SARs relevant and remove SAR fatigue.

Smart, real-time AML platforms are powerful ways of ensuring compliance with the FinCEN Final Rule. In doing so, money laundering is prevented at an early stage and, importantly, bankers and the bank avoid prosecution and fines.


Contact us today to speak to one of our financial crime experts. 


Related Posts

Subscribe to Newsletter!