Skip to content
Compliance & Risk

U.S. FinCEN leaks to have ‘chilling effect’ on fight against financial crime, say AML experts

This article was authored by Nathan Lynch and Brett Wolf, both of Thomson Reuters Regulatory Intelligence

Leaks from the U.S. financial intelligence unit will have a devastating effect on the trust and confidentiality that underpins the anti-money laundering (AML) profession, financial crime experts said. Businesses that file suspicious activity reports (SARs) will be deeply concerned about the exposure of their compulsory and legally protected filings, said sources with experience in both the private sector and law enforcement.

The U.S. Treasury’s anti-money laundering agency, the Financial Crimes Enforcement Network (FinCEN), has suffered a major security breach, with media outlets preparing to publish a raft of articles based on its sensitive data holdings. The work is being coordinated by the International Consortium of Investigative Journalists (ICIJ), which was behind the Panama Papers and a number of other “data leak” projects.

FinCEN has said in a statement it was “aware that various media outlets intend to publish a series of articles based on unlawfully disclosed SARs, as well as other sensitive government documents, from several years ago”. ICIJ has not responded to requests for comment.

Leaking financial intelligence unit (FIU) data or revealing the details of a SAR filing is a criminal offense under the Bank Secrecy Act 1970 (BSA) and other federal government laws and regulations. The criminal penalties under the BSA include a fine of up to $250,000 and five-year jail term for each offense.

Bill Majcher, a former undercover operative with the Royal Canadian Mounted Police, said on Friday that the leak of FinCEN’s data was a highly irresponsible and dangerous act, regardless of the motives. The release of confidential information such as SARs could compromise legitimate law enforcement operations as well as putting the reporting entities themselves at risk, he said.

It is unclear whether the “leaks” occurred due to an internal compromise or an external hack. Based on the history of data breaches at FinCEN, sources said it was most likely to be the result of an “inside job.”

The motivation was likely to be malice, geopolitical influence, or a misguided sense of public duty, Majcher said. “Sometimes governments have to work and deal with bad people to catch even worse people. As a result, there are money flows and activities that take place. All this data has to be collected but the FIUs don’t necessarily collate the whole story. That’s done by other agencies. Incomplete data getting out there in the public domain can compromise much more serious matters that are in the public interest to keep confidential,” he added.

During his work with covert cases including Operation Bermuda Short — a 2002 U.S.-Canadian sting operation, Majcher was required to launder money for major drug cartels and criminal organizations as they built up evidence. Entities that leaked confidential information under the guise of “blowing the whistle” were playing a dangerous game, he said.

The leak that spilled across the world

The data compromise at FinCEN is likely to reverberate beyond the United States, as SARs filed with U.S. authorities often involve international banks with cross-border business activities. In addition, FIUs share intelligence on cases of mutual interest under their formal information-sharing agreements. FIUs and banks have been fielding inquiries in recent weeks, as the ICIJ consortium prepares to publish the first batch of stories later this month.

Gavin Coles, a financial crime consultant, said the FinCEN leaks would come as a huge blow to law enforcement agencies and reporting entities. Coles has worked for the UK National Criminal Intelligence Service (NCIS), a predecessor to the National Crime Agency (NCA), as well as at major consulting firms and international banks. Trust and confidentiality were fundamental to the effective operation of the AML and Combating the Financing of Terrorism (CFT) regime, he said.

“Having worked on both sides of the fence — in a national and as an AML officer — I know that the preservation of secrecy around SARs is critical for the effective functioning of the disclosure regime. If AML officers think they may be publicly identified as the source of information, the incentive to under-report grows, not least due to issues of personal safety,” Coles said.

Agencies such as FinCEN hold significant financial intelligence on countries where bank staff could be put at risk for filing SARs, such as in Central and South America, Majcher said. Leaks could have a “chilling effect” on AML/CTF compliance teams and front-line bank staff, he said. “If you’re in a country with a failed judicial system or a population under threat like Mexico, you’re really exposing people to great harm and threats. So, this could have a chilling effect on the future flow of financial intelligence. People need to know that their reports are strictly confidential,” Majcher said.

It is common for bank tellers in some Latin American countries to receive threats, against both themselves and their families, from launderers with links to the major drug cartels, sources said.

Keeping staff safe

Representatives of the anti-financial crime profession have also expressed concern that confidential reports filed by AML practitioners could end up in the wrong hands. “The identities of individual compliance staffers at financial institutions who filed the SARs as required by law, could be made public,” a spokeswoman for the Association of Certified Anti-Money Laundering Specialists (ACAMS) told Thomson Reuters Regulatory Intelligence.

ACAMS is an international organization with a membership of more than 80,000 compliance officers and other AML experts. “It is also disturbing to think that information associated with individuals and entities named in the reports for activity that was merely singled out as suspicious, but not actually proven criminal, would be made public,” the spokeswoman said.

“The success of the FinCEN suspicious activity regime has relied on its confidential nature — a benefit to both financial institutions and the subjects of the reports.”