What are the FinCEN files?

The Financial Crimes Enforcement Network (“FinCEN”) is a branch of the US treasury that aims to combat financial crime. The ‘FinCEN files’ refers to an apparent leak of 2,657 documents sent to US authorities between 2000 - 2017, the majority of which are reported to be suspicious activity reports (“SARs”). Different countries have different requirements in respect of submitting SARs, but in general SARs are reports that banks send to authorities when they suspect that a customer may be involved in money laundering, terrorist financing or other criminal activity. A key purpose of these reports is to assist authorities in gathering intelligence of potential criminality and money laundering. The leaked documents led to a 16-month investigation by the International Consortium of Investigative Journalists involving 400 journalists in 88 countries which shared the results with Buzzfeed.

What do the FinCEN Files show?

Based on the FinCEN Files, a number of banks are being accused of allowing criminals to move ‘dirty money’ across the globe. The files have painted the UK as being weaker than many other jurisdictions in the financial system, being described as a “high risk jurisdiction” by FinCEN. However, the existence of the SARs contained in the files arguably demonstrates that, contrary to the attention-grabbing headlines, banks have, for the most part, complied with their duties under the relevant anti-money laundering regulations and laws in identifying and then reporting suspicious activity to the relevant authorities. To date there appear to have been no revelations which suggest that banks continued to allow ‘dirty’ funds to flow through accounts once they had been told to prevent such movement by FinCEN.

What are a bank’s duties when it suspects money laundering?

The FinCEN files relate to documents shared with the US authorities, but a similar system applies in the UK. Banks in the UK (and in most other established and trusted jurisdictions) are required to comply with anti-money laundering (“AML”) laws and ‘Know your Customer’ (“KYC”) requirements, both when onboarding a potential customer and on an ongoing basis throughout that customer relationship. In the UK, some of these requirements are supported by regulation and some carry criminal penalties for non-compliance. In addition, active involvement in any transaction suspected of involving criminal property can amount to a money laundering offence where permission has not previously been sought and obtained (expressly or through deemed consent) through the SAR regime.

The Proceeds of Crime Act 2002 (“POCA”) requires banks (and other businesses and advisers involved in the financial system) to submit a SAR to the National Crime Agency (the “NCA”) if they know, suspect or have reasonable grounds for suspecting that a person is engaged in, money laundering. Banks must not inform or “tip off” the relevant customer or potential customer whilst the NCA is considering a SAR, where this risks harming any investigation. POCA highlights three offences relating to failure to report money laundering suspicions in connection with regulated sector activities, namely: (1) failure to disclose; (2) failure to disclose (nominated officers); and (3) tipping off. Banks can avoid liability by disclosing any information that gave rise to its suspicion or knowledge of money laundering offences, and by ensuring that the customer concerned isn’t informed about the SAR or any ongoing investigation.

Whilst the banks have clear AML duties and obligations which they must continue to adhere to, it is perhaps unfair to expect that they should be able to determine absolutely whether money laundering is in fact taking place or make judgments about their own customers, which may conflict with their duties to those same customers. This is particularly problematic where the bank’s concerns relate to a transfer of funds that they are being asked to process, as this can entail a money laundering offence by the bank. In Shah and another v HSBC Private Bank (UK) Ltd [2012] EWHC 1283 (QB), the High Court addressed the conflicting scenario that a bank faces when pausing a customer’s banking activity in light of suspicions reported to the NCA, as failing to comply with a customer’s instructions may constitute a breach of contract and attract civil liability.

The court in Shah confirmed that:

  1. Suspicion must be "a possibility, which is more than fanciful, that the relevant facts exist. A vague feeling of unease would not suffice" (as first set out in R v Da Silva [2006] EWCA Crim 1654);
  2. In the case of a SAR seeking consent to proceed (as was the case in Shah), the suspicion need not be objectively reasonable – different people will have different tolerances for when they may be suspicious. If a report is made in good faith, there will be no liability for losses incurred; and
  3. The contractual relationship between banks and customers can contain the following implied terms:
    • Banks can refuse to carry out instructions without customer consent when there is a suspicion of money laundering; and
    • Banks will not provide certain information where there is a possibility of tipping off.

When a disclosure to the NCA is made in good faith, civil liability will not arise.

So, is this really the next financial scandal it’s made out to be?

At this stage, it is too early to say as each example from the leaked documents would need to be considered on its own facts. However, the attention-grabbing headlines in the media suggesting that banks are to blame are likely to be wide of the mark.

There is clearly a major ongoing issue with global money laundering and financial institutions are necessarily used as vehicles within this process. The bigger question is how this criminal activity can be identified and stopped and whether current laws and regulations do enough, particularly where some jurisdictions support secretive and non-transparent business ownership and practices. In a global economy, where monies can be transferred around the world almost instantly through electronic means, weaknesses in the global regulatory system make combatting money laundering more difficult.

On the one hand, the leaked documents generally show that the banks involved were complying with their reporting requirements by filing SARs. However, reports suggest that some SARs may have lacked sufficient detail and were being filed as a protective measure to allow banks to process transactions and collect fees. Clearly, where the contents of SARs have been deficient it is important that banks learn from that and seek to improve.

However, once a SAR is filed, the relevant authorities are on notice of potentially suspicious behaviour and they have the ability to take further action. In the UK, where a SAR is filed seeking consent to process a transaction, the authorities can delay that transaction for over a month while they investigate and, if that is not sufficient, recent law changes mean they can obtain orders to extend the period for up to a total of six months.

Perhaps more importantly, the FinCEN Files demonstrate that the AML reporting systems currently in place in many jurisdictions require improvement in order to actually reduce the scale of money laundering, and that the relevant authorities (in this case FinCEN, but the lesson may apply equally to other financial crime units across the world) will need to significantly boost resources to be able to effectively process and act upon the SARs they receive. In this regard, FinCEN announced on 16 September 2020 that it intended to enhance the effectiveness of its AML program.

In recent years, the UK Government has taken steps to enhance its approach to uncover and tackle money laundering, including through the creation of the National Economic Crime Centre and enhanced powers for law enforcement, such as Unexplained Wealth Orders and Account Freezing Orders. It has also engaged in dedicated public-private initiatives such as the Joint Money Laundering Intelligence Taskforce aimed at joining the dots in the knowledge held by different parties at different levels. While some of these initiatives have yielded (occasionally headline-grabbing results), there is no doubt that a lot more needs to be done.

In July, the government published an Economic Crime Plan, which focuses on the value of public-private partnership to tackle economic crime. Key elements of this plan are the introduction of a modernised and effective SAR regime with a properly resourced Financial Intelligence Unit capable of dealing with SARs (some 500,000 of which are submitted annually) appropriately and effectively. These improvements will require funding and the Government is currently consulting on the nature and form of a proposed levy on the financial “regulated sector” to help pay for these reforms.

Following on from the identification of the UK in the FinCEN files as a ‘weak link’ in the global AML chain, it is expected that the UK’s response will be closely monitored by the international financial community and that current AML procedures in the UK will face ever closer scrutiny. In addition to its Economic Crime Plan, the UK has announced plans to reform its company register information so that directors cannot be appointed until their identify has been verified in order to assist with clamping down on fraud and money laundering. This is one small, but positive step.

As far as the banks are concerned, it remains to be seen whether this latest leak will lead to an overhaul of internal bank AML systems, or whether this leak (as seen in previous so-called ‘financial scandals’) will result in claims being pursued against the banks. In any case, at the very least this should serve as a reminder to banks of the importance of including sufficient and clear detail in SARs, and will perhaps lead the industry to question whether banks should be taking a more pro-active role in the fight against money laundering, even if that risks conflicts with its contractual duties to its customers.