Some bank compliance officers would like to know who leaked the more than 2,000 highly confidential bank filings, known as suspicious activity reports, that led to a flurry of so-called "FinCEN Files" news articles.
Those compliance officers also would like to see the person responsible criminally prosecuted, they said during a recent online panel that was part of the by the Association of Certified Anti-Money Laundering Specialists (ACAMS) annual meeting last month.
The U.S. fight against illicit transactions such as money laundering or terrorism financing depends on the submission of suspicious activity reports (SARs), and the system only works if financial institutions are confident that the documents they file with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) are secure, compliance professionals said.
“My biggest concern, which is not getting a lot of coverage, is ‘How did all this stuff get out there?’” asked Rick Small, director of the financial crimes program at Truist Financial Corp. “I mean we are supposed to be [part of] a closed system where this is all protected. This is not a bank leaking anything; so, is this a government issue? It appears that a lot of it may be from some congressional reviews.”
Small said banks’ trust in the system is crucial to its success. “And can we as banks be comfortable going forward that we are protected? That to me is the bigger question around what we file and how we file because we were supposed to be protected in all of this,” he said.
On September 20, BuzzFeed News, the International Consortium of Investigative Journalists (ICIJ) and other media organizations began publishing articles partly based on more than 2,000 SARs that financial institutions had filed with FinCEN between 1999 and 2017. The articles suggested that banks moved fortunes around the world despite having concerns about the legitimacy of their customers’ transactions.
On a thumb drive?
Both during anti-money laundering (AML) event and private conversations with a Thomson Reuters Financial Intelligence reporter, some compliance officers speculated that the SARs in question may have left FinCEN on the computer thumb drive of Natalie Edwards, a former senior official with Treasury who in January pleaded guilty to leaking SARs to BuzzFeed that were related to Russia and President Donald Trump’s associates. She has defended her actions by stating she saw it as her civic duty.
Edwards pleaded guilty to a single criminal count of conspiring to unlawfully disclose SARs; however, prosecutors said she smuggled some 24,000 of the documents out of FinCEN between October 2017 and the time of her arrest in October 2018. Authorities have never said how many SARs ended up in the hands of reporters.
When releasing the first tranche of articles, however, the ICIJ said BuzzFeed reported that “some of the secret records were requested as part of U.S. congressional investigations into Russian interference in the 2016 U.S. presidential election” and added that “others were gathered by FinCEN following requests from law enforcement agencies.”
The SARs, which reflect bank suspicions but are not evidence of a crime, are highly sensitive documents and leaking them is a crime under the Bank Secrecy Act, the primary U.S. AML law. Bank compliance officials who file them have historically been considered vulnerable to retribution from criminals if their identities and the contents of their reports become public.
Some bank compliance officers who “were impacted by this” are “already re-evaluating what they include in their SAR narratives,” said Lauren Kohr, chief risk officer at Old Dominion National Bank, during the ACAMS event.
“The concern is ‘Are we writing our next SAR narrative in consideration that it might be on the front page at Buzzfeed?’ I think that’s going to end up being extremely detrimental to our public-private partnerships with law enforcement because a lot of times we draft SARs that include additional information that isn’t necessarily suspicious but it provides some contextual awareness about the overall customer relationship or transaction that can be key in building that picture for law enforcement,” Kohr said.
“But… as far as identifying ‘Were these the SARs that Natalie (Edwards) leaked? Or were there additional SARs… that were leaked? Either way I think we need to identify who it was and ensure they are prosecuted in the way that they should be, because if we dilute or lose that safe harbor feeling between banks and law enforcement, it’s going to be incredibly detrimental for any initiatives that we do now or in the future,” she explained.
On September 1, FinCEN said it has referred the matter to the U.S. Department of Justice and the U.S. Treasury’s Office of Inspector General.
Kieran Beer, chief analyst and editorial contact director at ACAMS who moderated the panel, said the FinCEN Files news reports suggest banks “should close more accounts more quickly” and “call into question the efficacy of the whole SARs regime.” The news reports also raised questions about whether law enforcement authorities can make effective use of the millions of SARs being filed each year, he added.
News articles that take SARs out of context is “discrediting” to the work that financial institutions do to combat criminal activity, Kohr said, adding that the SARs reported via the FinCEN Files were five or ten years old.
“We’re regulated differently now. A lot of these financial institutions… have revised and enhanced their programs and now are at the forefront of working with law enforcement and doing what they can to combat illicit activity,” she said.
“In the end, we need to focus on ‘How did this leak happen?’ and ‘How can we in the future make this (SAR reporting regime) more effective?’”