Big banks processed transactions on the behalf of Ponzi schemes, businesses accused of money laundering and a family of an individual for whom Interpol had issued a notice for his arrest — all while diligently filing suspicious activity reports, or SARs.
That’s the findings from a cache of 2,000 leaked SARs filed by banks such as JPMorgan Chase & Co, Bank of America Corp., Citibank and American Express Co. to the U.S. Treasury Department’s Financial Crimes Enforcement Network, or FinCEN. These files, which media outlets dubbed the “FinCEN Files,” encompassed more than $2 trillion in transactions between 1999 and 2017.
Community banks, which are also required to file SARs as part of Bank Secrecy Act/anti-money laundering laws, may think they are exempt from the scrutiny and revelations applied to the biggest banks in the FinCEN Files. Not so. Bank Director spoke with two attorneys that work with banks on BSA/AML issues for what community banks should take away from the FinCEN Files.
Community banks should exercise curiosity about transaction trends in their own SARs that may add up to a red flag — whether that’s transaction history, circumstances and similarities to other cases that proved nefarious. Banks should ask themselves if these SARs contain details that indicated the bank should’ve done something more, such as not complete the transaction.
“That is probably the biggest go-forward lesson for banks: Make sure that your policies and procedures are such that — when someone is looking at this in hindsight and evaluating whether you should have done something more — you can demonstrate that you had the proper policies and procedures in place to identify when something more needed to be done,” says James Stevens, a partner at Troutman Pepper.
Although it may be obvious, Stevens says banks should be “vigilantly evaluating” transactions not just for whether they merit a SAR, but whether they should be completed at all.
Size Doesn’t Matter
When it comes to BSA/AML risk profiles and capabilities, Stevens says size doesn’t matter. Technology has leveled the playing field for many banks, allowing smaller banks to license and access the capabilities that were once the domain of larger banks. It doesn’t make a difference in a bank’s risk profile; customers are its biggest determinant of a bank’s BSA/AML risk. Higher-risk customers, whether through business line or geography, will pose more risk for a bank, no matter its size.
But banks should know they may always be caught in between serving customers and regulatory activity. Carleton Goss, counsel at Hunton Andrews Kurth, points out that changing state laws mean some financial institutions can serve cannabis businesses that are legal in the state but still need to file SARs at the federal level. Banks may even find themselves being asked by law enforcement agencies to keep a suspicious account open to facilitate greater monitoring and reporting.
“There’s definitely a tension between serving customers and preventing criminal activity,” he says. “You don’t always know the extent of the activities that you’ve reported — the way the SAR reporting obligation is worded, you don’t even have to be definitively sure that a crime has occurred.”
“Front Page of the Newspaper” Test
Reporting in recent years continues to cast a spotlight on BSA/AML laws. Before the FinCEN Files, there was the 2016 Panama Papers. Stevens says that while banks have assumed that SARs would remain confidential and posed only legal or compliance risk, they should still be sensitive to the potential reputational risks of doing business with certain customers — even if the transactions they complete for them are technically compliant with existing law.
“Like everything else we do, you have to be prepared for it to be on the front page of the newspaper,” he says.
Media reports mean that regulatory pressure and public outrage could continue to build, which could heighten regulatory expectations.
“Whenever you see a large event like the FinCEN files, there tends to be pressure on the regulators to ‘up their game’ to avoid giving people the perception that they were somehow asleep at the wheel or missed something,” Goss says. “It would be fair for the industry to expect a little bit more scrutiny than they otherwise would on their next BSA exam.”