SAR — a Red Flag or a Passing Slip?
Over the last several years the total amount of AML penalties have been on the rise. While AML penalties given in 2018 were around $4 billion and doubled to about $8 billion in 2019, the first half of 2020 already estimates to approximately $6 billion total. Additionally, the recent FinCEN leaks alleging major FIs (HSBC, JP Morgan, Deutsche Bank, Standard Chartered and Barclays) in facilitating large financial transactions linked to money laundering, drug trafficking, terrorism, circumventing sanctions and a Ponzi scheme, are also not an encouragement. However, these concerning events are a good reason to start asking questions and addressing the challenges that are evident in the AML sector.
The Investigation
400 journalists from 88 countries have analyzed more than 2500 leaked FInCEN reports that banks sent to the US authorities between 2000 and 2017. These reports are known as SARs — suspicious activity reports that banks have to send to the Financial Crimes Enforcement Network (FinCEN) for any transaction made in US dollars regardless of where it takes place. According to BuzzFeed News journalists, who carried out the investigation along with the International Consortium of Investigative Journalists (ICIJ), the thousands of pages of SARs were challenging to read as these documents are dense, complicated and nuanced. Moreover, they are only one piece of the story. A SAR typically tells you what information the bank has on the customer, potentially some of their contact information such as an address or a telephone number, the branch where the suspicious activity occurred and a narrative explaining why this transaction was flagged. To make sense of this data, the leaked SARs were systematized by John Templeton, a BuzzFeed News data analyst, and compiled into a searchable database. This allowed investigators to notice patterns and look at the bigger picture, as one SAR on its own might make little to no sense. Yet seeing the patterns means nothing if one doesn’t know the characters of the plot, so BuzzFeed News paired with ICIJ journalists of various backgrounds from all over the world to make sense of the findings and bring the story to light.
The analysis led to the following allegations:
· Millions of dollars were moved from a known Ponzi scheme by HSBC
· A sanctioned Russian individual used Barclays bank to circumvent sanctions
· Deutsche bank moved money for money launderers connected to drug traffickers, gangsters and terrorists.
· The husband of a high profile Conservative Party donor was funded by a Russian oligarch
· JP Morgan potentially permitted a crime boss to move millions of dollars though the UK
· Standard Chartered moved money for Arab Bank, which is alleged to have links to terrorism
These findings pose a number of questions:
How and why was this even possible? Have these breaches been intentionally accommodated by financial institutions or is this the result of the AML system’s shortcomings? Who should be held accountable? And, of course, what can be done to prevent this from happening in the future?
Who’s to blame?
As Anthony Cormier at BuzzFeed News suggests, “there seems to be a kind of complicity… from the government’s side,” referring to the government not going hard on FIs as long as they file SARs, which in turn immunize them from grave consequences. The HSBC story is a good example of such. Back in 2012 the bank was accused of various wrongdoings, such as allowing transactions for laundered money and doing business with known drug lords, sanctioned countries, banks associated with terrorist groups, etc.. The bank was fined 1.9 billion dollars and an independent monitor was installed to ensure HSBC wasn’t engaging in criminal activity. The Justice Department of the United States provided the bank with a deferred prosecution agreement, thus allowing the bank to correct itself within a 5-year monitoring period in order to avoid prosecution and arrests.
While deferred prosecution agreements are a common practice in the financial industry, there are criticisms that they lack any real teeth. As in the case with HSBC, the leaked SARs suggest that during its 5-year monitoring period, the bank continued doing business with the same parties that led it to trouble in the first place.
Zoom in a little closer, and we find a peculiar sequence of events. During the monitoring period, HSBC was moving money for a client who was suspected in running a Ponzi scheme. In 2013, California regulators asked the bank for information on this individual, and four weeks later HSBC filed one of the first three SARs on the company and its owner. Next, regulators from other states raised significant concerns suggesting that the individual was running a Ponzi scheme and publicly announced that they will shut down the company. In the meantime, the bank continued filing SARs while allowing the money to flow. This type of behavior is not, in fact, particular to HSBC. The leaked documents suggest that filing SARs only when an external investigation begins is a common practice with certain financial institutions. This way “SARs, which are supposed to empower the banks to help fight money laundering and terrorist financing, can end up functioning as something more like a permission slip to bank the bad guys.”
Facilitating transactions that should have not been allowed in the first place is not a practice unique to HSBC. “Since 2010, at least 17 other banks have been similarly punished (deferred prosecution agreements) for violating anti-money laundering and sanctions laws,” yet, “there is no evidence to show that these types of punishments result in meaningful change.”
What’s the Deal?
So, what’s missing? Is the Justice Department unwilling to move against individual entities?
Perhaps. Some suggest that this could be exactly the case as banks, such as HSBC, are simply too big to fail. Let’s return to our example: while the US government was working on its deferred prosecution agreement for HSBC, an intense lobbying campaign was happening on the UK’s part. Government officials and others cautioned that serious action taken against the bank, such as prosecution and incarceration of executives, as well as anything that would jeopardize the bank’s ability to clear US dollars, would result in its global destabilization leading to grave economic consequences.
Could it be that SARs are just a passing slip and the deferred prosecution agreement is just an action for the sake of action rather than the result?
While FIs are responsible to file SARs when they surmise suspicious activity, they are not necessarily evidence of criminal conduct. Tom Keating, a scholar in the industry, suggests that “a bank is able to file a SAR to engage in “backside covering,” without worrying about whether the client is subsequently identified as having been involved in wrongdoing.” He goes on to explain that millions of SARs are filed with overseeing institutions every year, which is simply too much for the authorities to keep up with. This system, which appears to be inefficient, “was built 25 years ago, when it took five days to clear a payment.” Electronic age has changed this reality, and so the system needs updating as well.
First steps to finding solutions
As some industry players suggest, the recent uptick in the banks’ suspicious activity reports does not only not help prevent financial crime, but actually hinders the fight against it. While this trend of increased suspicious activity reporting is common all across Europe, many national financial institutions do not have the capacity to handle such volumes. A senior policy analyst at Transparency International, Laure Brillaud, suggested that instead of taking an intelligence-led approach to reporting transactions, financial institutions simply take a compliance-based approach, which deters them from contributing to the fight against corruption and allows for further involvement in scandals.
The CEO of the European Banking Federation, Wim Mijs, highlighted the need to prioritize quality vs. quantity when filing SARs. According to him, one step to achieving this is through enabling private-public partnerships to exchange and analyze information related to money-laundering. A good example of such is the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT) — a collaboration between law enforcement agencies and more than 40 financial institutions. The JMLIT initiative has led to “private-sector members identifying more than 5,000 suspect accounts linked to money-laundering activity” and has been seen as a success by Denmark’s Money-Laundering Task Force, which also recommended adopting the model in its country.
Nevertheless, Laure Brillaud pointed out that such private-public partnerships should “only be “complementary” to (a) lender’s own reporting systems” and that investment is needed to improve financial institutions’ systems and technology to increase the quality of reporting. Wim Mijs also stressed the need to harmonize reporting requirements of national financial intelligence units across member states of the European Banking Federation as they are all part of a single market.
In fact, this early November, finance ministers from EU member states supported Mijs’ proposal to harmonize anti-money laundering rules while also agreeing to create a single EU supervisory body to fight money laundering. This new unit will have direct supervision authority over certain “high-risk” institutions, and in some exceptional situations will even overpower a national unit’s authority. Implementation is planned for the first quarter of 2021. Moreover, a number of prominent Belgian banks proactively asked to create a platform that would allow them to exchange suspect transactions, therefore more actively engaging them in the fight against money laundering.
These are important and overdue steps in the effort to improve compliance processes. And with increased information sharing, cooperation and technological advancements the dilemma of whether SARs in their current form are a tool of bogged down bureaucracy or crucial keys to investigation will continue to unravel.
The AMLette is a bi-weekly newsletter with a Financial Crime and AML focus. Subscribe to The AMLette to get the latest edition in your inbox!
