The FinCEN Files: Were Banks Complacent or Doing Their Job?

In September, Buzzfeed News and the International Consortium of Investigative Journalists (“ICIJ”) reported on documents leaked from the Financial Crimes Enforcement Network (“FinCEN”), which is the Department of the Treasury's bureau tasked to: “safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities.”[1] This reporting, known as the “FinCEN Files” sent shockwaves across the financial services industry, and it portrayed both FinCEN and financial institutions (“FI”) as complacent in monitoring suspicious activity.

While some FIs may have been complacent, largely FIs have fulfilled their compliance duties in regard to FinCEN, but FinCEN and law enforcement agencies have historically lacked sufficient funding, resources and information-sharing capabilities to effectively pursue and root out illicit use of the financial system. According to their own records, FinCEN receives an average of 2 million Suspicious Activity Reports (“SAR”) a year and yet employs only about 300 employees. How can one government agency so small possibly review and analyze 2 million SARs a year looking for bad actors?

Coincidentally, in September, FinCEN published an advanced notice of proposed rulemaking requesting public comment on potential regulatory amendments that would “explicitly define an effective and reasonably designed anti-money laundering (“AML”) program”. If implemented these changes could place an additional burden on FIs and their AML programs.

 

What the Current Rules State

The preparation and filing of a SAR with FinCEN is not optional, and FIs are held accountable for failing to file SARs and not meeting the filing deadlines. The law states that a FI is required to file a SAR no later than 30 calendar days after the date of the initial detection of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of detection of the incident requiring the filing, the bank may delay filing for an additional 30 days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction.[2] 

The Currency and Foreign Transactions Reporting Act of 1970, commonly referred to as the Bank Secrecy Act (“BSA”), goes even further by requiring U.S. FIs to assist U.S. government agencies to detect and prevent money laundering. Specifically, one area of the act requires FIs to report suspicious activity that might signify money laundering, tax evasion or other criminal activities. FinCEN has instructed FIs that they must file SARs when certain circumstances occur. 

The USA Patriot Act has also expanded SAR requirements to help combat domestic and global terrorism. The act expanded the immunity from liability for reporting suspicious activities and expands prohibition against notification by the FI to any individual involved in the transaction, that the transaction was reported.  

Due to the information contained in a SAR, confidentiality of the SAR and any information that would reveal the existence of a SAR is required. As such, there are criminal penalties for disclosure of a SAR. Under the BSA, willful disclosure of a SAR or its contents by government employees or agents is a felony unless necessary to fulfill official duties.

 

The Role of FIs in Monitoring Suspicious Activity

The ICIJ reports have painted banks as complacent, suggesting they turned a blind eye to the suspicious activity and, instead, were more focused on the fees they could collect on the accounts. While this may be true in some instances, many of the banks were doing precisely what was required of them by filing SARs when they detected suspicious activity. FIs are required by law to maintain an effective compliance program which must include at a minimum the designation of a compliance officer, development of internal policies, procedures and controls, ongoing employee training and an independent audit function to test the program. In an adequately designed compliance program FIs would be alerted to unusual activity to review and investigate. If the activity was deemed suspicious and meeting the criteria for reporting, a SAR would be filed. There are also instances where historical reviews are conducted on transactions due to a FIs own review or at the request of a regulator. If suspicious activity is revealed during this “lookback” a SAR will be filed. This type of delayed reporting was also highlighted by the ICIJ as a FI failure, although it is actually the FI remediating any prior lapse in their identification and reporting of suspicious activity.

FIs must have a strong defense system in place to identify and report suspicious activity. If your compliance department needs to be enhanced, now is the perfect time to request additional funding. 

 

 

How FIs Can Prepare for Changes Ahead Themselves

It’s important that FIs prepare and stay up to date with changes to the AML regulatory framework. They should outline steps to take now to enhance their AML programs.
 
In BDO’s work as the third line of defense, the independent reviewer, here are some best practices we have seen in the industry:  

  • Building a culture of compliance from the top down, along with strengthened BSA/AML training 

  • Installing robust internal controls, quality review processes and effective policies in line with updated regulatory guidance and best practices

  • Ensuring sufficient funding and expertise for the compliance department and BSA Officer

  • Having clear communication to the Board of Directors about BSA reporting

  • Creating an open system for employees to make referrals without fear of reprisal (i.e., anonymous hotline)

  • Outlining an exit strategy to close accounts when activity in the accounts poses a risk

  • Clarifying the process to deal with law enforcement requests for additional information on SARs, tracking subpoenas and National Security Letters


Learn more about how BDO can help address your organization’s questions and concerns about AML and compliance programs.

 

 

 

[1] www.FinCEN.gov
[2] 12 CFR Ch. 1. 21.11

Related Resources

mic_none
Podcast

BDO's Legal Tech Talk Podcast - Episode 25: AI and Data Collection

April 16, 2024
Podcast

BDO's Legal Tech Talk Podcast - Episode 25: AI and Data Collection

April 16, 2024

In the 25th episode of BDO’s Legal Tech Talk Podcast, Emil Bartkowicz, Litigation Support Manager at Akerman, shares how AI could help with data collection. She’s joined at Legal Week by hosts Jared Crafton, BDO’s Forensic Technology Practice Leader, and Daniel Gold, BDO’s E-Discovery Managed Services Leader.

Read More

Article

Third Part Risk Management in Supply Chain Security

April 12, 2024
Article

Third Part Risk Management in Supply Chain Security

April 12, 2024

We invite you to read this Q&A article published by Risk and Compliance. In this Q&A, BDO’s Corey Dunbar and James MacDonnell provide an overview of the key risks facing today’s supply chains and share the extent companies are exposed to vulnerabilities from their third-party relationships.

Read More

Article

Corporate Fraud & Corruption 2024

April 11, 2024
Article

Corporate Fraud & Corruption 2024

April 11, 2024

This in-depth Q&A feature published by Financier Worldwide highlighting BDO US and global professionals provides an overview on current trends in corporate fraud and corruption in Canada, Columbia, Republic of Ireland, Switzerland, and India.

Read More

Article

Addressing Potential Fraud and Corruption Risks in Your Public Housing Authority

April 5, 2024
Article

Addressing Potential Fraud and Corruption Risks in Your Public Housing Authority

April 5, 2024

Public Housing Authorities (PHAs) have a mandate to provide safe, habitable spaces to their residents but face challenges like lack of access to funding for subsidies and staffing that help maintain public and affordable housing stock.

Read More