BuzzFeed News, in collaboration with more than 100 news organizations around the globe, released a story and investigation Sunday into a treasure trove of 2,100 suspicious activity reports (SARs) filed by the world’s largest banks.

BuzzFeed is not supposed to have these SARs, which were filed by banks with the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN).

SARs are not designed to stop financial crime from happening. They are like someone calling 911 to report a crime. But if that caller takes action when the police don’t show up, that’s vigilantism. This is what BuzzFeed is arguing banks should do. 

SARs are supposed to remain secret, and releasing them is a crime, FinCEN said in a statement three weeks before the story was released.

But kudos to BuzzFeed. It got the documents, analyzed them, published them in the face of potential criminal prosecution, and reached its conclusions: that the world’s banking system is rotten to the core, fraud is rampant, and that every day bankers wake up and facilitate more transactions that aid terrorists, dictators, oligarchs, corrupt politicians, criminals, and schemers.

It’s appalling, really, that the 2,100 SARs in BuzzFeed’s possession captured $2 trillion worth of potentially fraudulent activity. FinCEN says 2 million SARs are filed every year. There is a mind-boggling amount of fraud cycling through the world banking system every single day.

Taken at face value, the BuzzFeed investigation uncovered evidence of a catastrophic, international collapse of internal controls within the world banking system. Bank compliance officers kept filing SARs with FinCEN but didn’t shut down the fraudulent activity themselves, BuzzFeed said.

“So long as a bank files a notice that it may be facilitating criminal activity, it all but immunizes itself and its executives from criminal prosecution. The suspicious activity alert effectively gives them a free pass to keep moving the money and collecting the fees,” the BuzzFeed story said.

But that argument is misleading, to the point of being disingenuous.

SARs do not represent evidence, nor do they indicate a criminal investigation is underway. SARs are meant to alert investigators to potential financial crimes, then guide and inform any criminal investigation. The legal evidence against the fraudsters is the transaction itself, coupled with investigators piecing together the source of the illicit funds and the activities that generated them.

SARs are not designed to stop financial crime from happening. They are like someone calling 911 to report a crime. But if that caller takes action when the police don’t show up, that’s vigilantism. This is what BuzzFeed is arguing banks should do.

But here’s the rub: Bank compliance officers are not deputized agents of law enforcement. The way the system works is they alert law enforcement and let law enforcement investigate. BuzzFeed has accused bank compliance officers filing SARs but not shutting down fraud as being complicit with the potential crimes being committed—rather than as witnesses to the crime.

Can you imagine the howls of complaint from the public if banks shut down customer accounts based on the suspicions of its compliance department? Does BuzzFeed want banks to aggressively root out and halt fraudulent transactions without involving law enforcement?

Hey, we filed that SAR six months ago, FinCEN, and as far as we know you didn’t do anything. So, we’ll go ahead and shut this account down. Fraud eliminated. Nice work.

A system that allows 2 million SARs to be filed in one year is a system set up to fail. It took BuzzFeed a year to analyze 2,100 SARs. How long do you think it takes FinCEN to analyze 2 million?

This avalanche of SARs may be one reason FinCEN is seeking to revamp the SARs reporting system so that U.S. law enforcement priorities are not lost among all these SARs.

And while few people will rush to the defense of the world’s banks, BuzzFeed’s argument leaves these institutions in an incredibly awkward position. They cannot legally comment on SARs, or even acknowledge they exist, something they said repeatedly in their responses to questions from BuzzFeed reporters.

“It does not make sense that the basis for media allegations that banks knowingly hid illegal activity consisted solely of Suspicious Activity Reports that those banks filed alerting law enforcement to that very activity,” said Bank Policy Institute, a trade organization representing banks, in a statement to BuzzFeed. “Clearly, there is more to this story, but unfortunately the reporting failed to unearth it, and the banks are legally prohibited from telling their side.”

Sometimes investigators ask banks to keep accounts open, so they can continue to monitor illegal activity as part of an open investigation, the institute added.

If you want to say banks should more actively partner with law enforcement, then say that, BuzzFeed. But don’t tell them to start acting like law enforcement.

BoA compliance investigates … Deutsche Bank?

The BuzzFeed investigation uncovered one extraordinary compliance tale about Bank of America and Deutsche Bank, told in detail in a nine-page SAR.

The SAR was filed in 2016 by Bank of America (BoA) compliance officers regarding suspicious Russian and Baltic state transactions flowing through Deutsche Bank to BoA customers, according to the BuzzFeed report. BoA had filed numerous SARs with FinCEN regarding these transactions, complaining that Deutsche Bank was not doing enough to identify potential sanctions violations, money laundering, and fraud.

According to the SAR, members of BoA’s Global Financial Crimes Compliance Team, having already met with Deutsche Bank compliance officials in New York, flew to London and Frankfurt, Germany, “with a plan to conduct due diligence on Deutsche Bank’s financial crimes control environment.”

Upon arriving at Deutsche Bank’s offices in London, the BoA officials discovered they were not expected. A meeting with one Deutsche Bank executive was interrupted by another, who told the BoA team that no one in Deutsche Bank’s London office was authorized to speak with them. He asked them “to leave the premises, which they did immediately,” the SAR said, according to BuzzFeed.

BoA executives pressed for another in-person meeting, reaching as far up as Deutsche Bank’s CEO. Instead, they engaged in a long phone call with Deutsche Bank’s new head of compliance, who did not provide them with the answers they sought.

“Although due diligence is pending, in the interim, Bank of America does not have sufficient information to assess the adequacy of Deutsche Bank’s current control environment,” the SAR said. The SAR then listed the numerous issues BoA had with the transactions.

For its part, Deutsche Bank told BuzzFeed that “our review of the situation indicates that the events did not take place as implied.”