Even though the “FinCEN Files” provide evidence confirming banks and regulated firms comply with legal requirements to report suspicious transactions, the individual reports themselves suggest there are a lot of faults and failings within the anti-money laundering (AML) frameworks in these banks/firms. In multiple instances, suspicious activity reports (SARs) are filed after a regulatory inquiry or upon discovery of information within media reports.
In one example from the leaks, a bank processed in excess of $1 billion of transactions for a client before closing the relationship. It was some time after the closure of the accounts that the bank came upon information suggesting the client, a corporate entity, was owned by a man who has spent more than 20 years on the FBI’s Ten Most Wanted Fugitives list. Subsequently, the bank reported it was unable to establish ownership for the client company from the “Know Your Client” records held in London and New York.
This begs a number of questions, not the least of which is, How does a major U.S. bank not know who it is processing/potentially laundering $1 billion for?
The fact is the transaction monitoring systems used by these banks/firms do not appear to have identified any unusual/suspicious transactions, which led to the filing of these SARs. As an industry we need to ask why this happened. How did these sophisticated systems fail to identify any unusual or suspicious activity for an $80 million Ponzi scheme? What lessons do we all need to learn, and what adjustments do we need to make?
To be blunt, most current transaction monitoring systems are failing to deliver effective outcomes. The analysis of transactions against rules based upon value, volume, and frequency is ineffective, and drawing upon the information within the leaks, it fails to identify significant numbers of transactions that are subsequently reported as suspicious.
What the leaks have shown everybody is that media, particularly negative media monitoring, is far more effective and, therefore, more efficient. For example, the leaks refer to an address in the United Kingdom ranking as one of the highest-risk money laundering locations in the world. This is far from unique—there are many more locations with similar track records and connections to money laundering allegations and investigations. But given the high-profile publication and broadcasting of the “FinCEN Files,” it will be foolish for a firm to continue to provide services or process payments to/from corporate entities registered at the exposed business address in a leafy suburb of North London.
As such, might it be time to move the AML transaction monitoring lens more toward text rather than numbers? The text is more specific, constant, and robust; whereas numbers are accurate, this only applies to the economic value of a transaction. Moreover, numbers constantly change, but corporate names and addresses tend to remain static.
The leaks suggest that had the banks/firms been monitoring against payer and payee names and addresses then some of the connected money laundering issues may not have arisen—banks would have blocked the transactions, rejected the business, and closed client relationships.
There is a list of high-risk money laundering addresses created by authorities in the United States, and similar lists have been created by the Organized Crime and Corruption Reporting Project. Historically, the Metropolitan Police Fraud Squad in the United Kingdom has maintained a list of known business accommodation addresses, mailbox providers, and company formation/management agents. In sum, the data is available, and when combined with data extracted from prior money laundering cases, such as the Danske Bank case, it is possible to create a powerful data set to monitor transactions against.