We take a detailed look at claims about banks continuing to handle client money after filing Suspicious Activity Reports. The article points out that leaking SAR details could be breaking US law, and arguably undermines the use of these SARs.
An earlier version of this article originally appeared in Compliance Matters, a sister news service, and is written by its editor, Chris Hamblin. We intend to continue examining implications of this saga, not least because the issues are far more complex than the initial coverage has suggested. To contact the team, email firstname.lastname@example.org, email@example.com and firstname.lastname@example.org
The International Consortium of Investigative Journalists in Washington DC seems to have suffered no consequences so far from an unprecedented act - the printing in public of information gleaned from thousands of suspicious activity reports or SARs. There is evidence, however, that the main US federal anti-money-laundering agency believes that the consortium is contravening the Bank Secrecy Act 1970.
As readers know, US financial institutions are obliged to send information about any suspicions that they might harbor about their customers laundering money to the Internal Revenue Service's database in Detroit. One of the agencies that has access to the data is the Financial Crimes Enforcement Network or FinCEN, the federal anti-money-laundering (AML) regulator. The SARs are confidential and nobody is allowed to disclose them to the public without the government’s say-so. Nevertheless, the ICIJ’s website invites readers to “explore the confidential data at the heart of the FinCEN Files.”
Breaking the law?
The unauthorized disclosure of the contents of a suspicious activity report is a federal criminal offense. The Bank Secrecy Act Advisory Group, set up by Congress in the 1990s, has written: "[The] Group is committed to continuing to work with the Financial Crimes Enforcement Network...to ensure that the information contained in SARs is safeguarded and that anyone who makes an intentional, unauthorized disclosure of a SAR is brought to justice, whether that person is inside or outside of the government."
The occasional vague disclosure of the existence and some of the contents of a SAR has occurred in the American press before, notably when the New York Times wrote in 2008 regarding a SAR that New York Governor and ex-prosecutor Elliot Spitzer's private banker filed about the politician’s payment to a sex business - an illegal act in the US. The New York Times being an 'establishment' newspaper and Spitzer being an "establishment" man, the government never openly spoke of prosecuting them under the Bank Secrecy Act, even though the Times had mentioned a SAR and Spitzer had made obvious efforts to stop his bank from sending off proper currency transaction reports for the withdrawals that he was making.
The ICIJ has gone much farther than the mention of one SAR, however. It has published a database entitled "Explore the FinCEN Files data." Some might therefore conclude that the US government thinks of the ICIJ as 'establishment' as well, if it declines to prosecute. The ICIJ is based in Washington DC and, when it published the Panama Papers in 2016, it mentioned the assets of no American politicians, to the satisfaction of the US government.
On Sept 1, FinCEN published a mysterious press release on its website which said: "FinCEN is aware that various media outlets intend to publish a series of articles based on unlawfully disclosed SARs...from several years ago. The unauthorized disclosure of SARs is a crime...FinCEN has referred this matter to the US Department of Justice." Now that the ICIJ has released its cache of information, it appears evident that this is the reason for the press release. At least one federal agency, it seems, wants a prosecution to go ahead under the BSA.
Enter Deutsche Bank
The searchable database of SAR information on the ICIJ's website is extensive. It says of Deutsche Bank, for example, that "According to FinCEN Files data, this bank facilitated transactions with banks in at least: 124 Countries." The reader is invited to press a button entitled "show me the banks."
The ICIJ says that Deutsche's suspicious dealings – or, more accurately, dealings that some American bankers thought were suspicious enough to put into SARs – often involved transactions with names familiar to the world of wealth management.
The ICIJ says that the data on a map of Deutsche Bank’s allegedly suspicious dealings contains information on more than $35 billion in transactions (made between 2000 and 2017) that financial institutions told the US authorities were suspicious.
In response to this, Deutsche Bank sent Compliance Matters a prepared statement, which echoed some of the things that other banks connected to the story are telling the press.
“The fight against financial crime, money laundering and capital flight has been a priority for investigating authorities and financial institutions alike. The world’s leading financial institutions, including Deutsche Bank, have invested billions of dollars to more effectively support authorities in this effort. Naturally, this leads to increased detection levels. At Deutsche Bank we have devoted significant resources to strengthening our controls and we are very focused on meeting our responsibilities and obligations. This also includes implementing risk mitigants and, where appropriate, off-boarding customers and correspondent banking relationships.
“The ICIJ has reported on a number of historic issues. Those relating to Deutsche Bank are well known to our regulators. The issues have already been investigated and led to regulatory resolutions in which the bank’s cooperation and remediation was publicly recognized. Where necessary and appropriate, consequence management was applied. To the extent that information referenced by the ICIJ is derived from SARs, it should be noted that this is information that is pro-actively identified and submitted by banks to governments pursuant to the law. SARs are alerts of potential issues, not proven facts.”
The so-called ‘FinCEN files’ identify $2 trillion in suspicious transactions, although the entire cache contains less than 0.02 per cent of the 12 million or more SARs that financial institutions sent off to Detroit between 2011 and 2017. Several agencies of the United Nations (UNODC, UNCTAD and the UN Secretary Generalship, among others) have estimated that the global illegal economy steals between $2-4 trillion annually - the equivalent of nearly 2.7 per cent of all goods and services produced in the world - but that governments detect less than 1 per cent of the world’s dirty money and actually confiscate 0.02 per cent.
The amount that the SARs mentioned in respect of Deutsche Bank totaled $1.3 trillion. The next largest figure was $514 billion. The leaked documents originally found their way into the hands of Buzzfeed News, which passed them on to the ICIJ and its media partners. These bodies then augmented the cache with other leaked documents, court records, freedom-of-information requests and so on.
Two famous faces
The SAR information is detailed. When it comes to Jho Low, the fugitive friend of Malaysian ex-premier and 1MDB embezzler Najib Razak, the FinCEN files state (rightly or wrongly) that 27 banks generated eight SARs spanning 103 transactions to the value of $2.53 billion in 2009-2016. Banks intensified their reporting after the US government sued Jho Low in July 2016. In January 2017, the papers say, one named bank wrote SARs regarding more than a dozen wire transfers from Low’s companies for the acquisition of a stake in the Park Lane hotel and a penthouse in New York City. A SAR referred to $30.5 million used to buy paintings by Vincent van Gogh and Claude Monet. Low is on the run - the ICIJ states laconically that it "could not reach Low for comment."
Last year, as readers know, Swedbank was accused of having let Paul Manafort (Donald Trump’s US presidential campaign manager) receive suspicious payments and misled the Americans about transactions by customers linked to Mossack Fonseca. He was convicted of fraud and tax evasion in 2018. The FinCEN files say that 44 (named) banks generated 33 SARs about 620 of his transactions totaling $109.5 million in 2003-2017. The ICIJ writes: "Banks began flagging suspicious transactions involving Manafort’s accounts as far back as 2012, but some continued moving his money even as he became a central figure in a major American political scandal."
This last comment cuts to the crux of the ICIJ's criticism of the banks in its sprawling report. The consortium is outraged that when they knew of allegations that a customer might have been implicated in a scandal, they went on servicing him regardless. Its other oft-made criticism of the banks is about their recidivism; they often signed agreements with their regulators to stop their staff from turning a blind eye to money laundering, only to relapse afterwards on a grand scale.
Some might think of this last as a criticism too far. Banks encounter trouble with regulators all the time and are forced to update their AML systems, but regulation is always evolving and catching them out all over again in new ways. As a senior member of the Joint Money Laundering Steering Group in the UK once told this writer, “if you were to visit a bank and check it for every infraction, it would be bound to fall down somewhere – there is no total compliance.”