The FinCEN Files have shocked many across the world. The leaked documents show banks moved more than $2 trillion between 1999 and 2017 in payments even though they believed them to be suspicious. So how was this allowed to happen?

Were banks lax in their due diligence or did they simply not care enough about the source of funds?

One senior global financial crime investigator with many years experiencing of banking told FinCrime Report that media reporting of the case perhaps shows a lack of understanding about how multinationals operate and what they are actually allowed to reveal on a jurisdiction by jurisdiction basis.

Specifically, he is referring to the very strict rules that govern with whom banks can share suspicious activity reports (SARs).

The investigator, speaking under condition of anonymity, said: “My memory of the time tells me that the US bit of one bank would not be allowed to tell a United Kingdom (UK) or a Hong Kong (HK) bit of the same bank that a SAR had been filed on a particular customer, even if that customer banked in the UK or HK.

“You could say that a customer had been subject to an investigation, if I recall, but not the outcome.”

In the US, banks are prohibited from disclosing a SAR, or a SAR’s existence, except to certain federal, state and local law enforcement agencies. This is largely to prevent financial institutions from “tipping off” persons who may later become subject to a law enforcement investigation. It also has the benefit, of course, of preventing innocent people from being defamed by incorrect SARs.

US banks are allowed to share details of SARs with other US banks which are subject to the same reporting requirements as the Bank Secrecy Act, as long as it is in pursuance of anti-money laundering or to counter the financing of terrorism.

Since 2006, banks in the US have been permitted to share details of SARs with another financial institution’s head office, even if it is in another country. Crucially, however, the company’s head office is not then allowed to share the information around its own group.  

“So that might explain in the HSBC case why the HK bit of the bank didn’t act on the US bit of the bank’s concerns, because they might not have been communicated”, said the investigator. “AML investigators investigate alerts, issue SARs or file a ‘no return’ and possibly send a message on to someone else in compliance about an issue if necessary. In this case, the investigators have fulfilled their legal duty – filed the returns – and done what their job description requires.”

He said a “really good investigator” would follow up with the other office but, in reality, there are many cases a day to deal with.

He also said that some banks have been cautious in the past about sharing information widely in case it ends up being subject to a subpoena outside the US.

Our anonymous investigator is far from the only person to have flagged this issue. In a blog post in 2015 called Global banking’s blind spot: SARS, Alaina Gimbert, vice president of the Clearing House payments company, raised concerns pointing out that even though FinCEN guidance in 2010 allowed for further information sharing, this only applies to banks subject to the filing requirements of the BSA, i.e., those in the US. Gimbert wrote: “FinCEN should issue guidance allowing US banks and US branches of foreign banks to share SARs with foreign branches and affiliates.”

While the extent to which the specific issue of SARs information-sharing as a prominent factor in the high-profile FinCEN files cases is difficult to determine, few can deny that there is work to do with ensuring information is shared across jurisdictions – and acted on.

As Graham Barrow, director at the Dark Money Files, wrote this week, “Filing a SAR with the Financial Intelligence Unit (FIU) in one country when all the action relates to two or three (or more) other countries over which the FIU has no jurisdiction whatsoever, isn’t very helpful.” As FinCEN consults on changes to its AML rules, the public spotlight is now on the organisation. But whether the “blind spot” of SARs can be fixed remains to be seen.

Find out more about US regulation at FinCrime World Forum on 1 December. Click here for more