What Have We Learned from the FinCEN Files?

What Have We Learned from the FinCEN Files?

This year, the Financial Crimes Enforcement Network (FinCEN) was the victim of a massive leak of thousands of highly confidential financial documents that ultimately ended up in the hands of over 400 journalists across the globe. Originally released by BuzzFeed News, these documents contained telling information about the current state of top financial institutions with respect to their compliance with the U.S. Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance in general dependent upon their respective region of incorporation. In what has come to be known as the “FinCEN Files”, journalists uncovered widespread negligence on behalf of global banks in maintaining adequate checks and balances, allowing themselves to be used as a medium by which financial criminals, foreign diplomats, politically exposed persons (PEPs) and a variety of other parties could move millions upon millions of dollars in laundered cash in spite of a number of easily identifiable red flags being present. The leak also exposed the obvious abuse of current suspicious activity reporting (SARs) standards, with banks using these tools – originally intended to improve the documentation and monitoring of suspicious activity observed in client accounts – as a makeshift shield by which they could better protect themselves from potential regulatory penalties. Needless to say, the release of the aforementioned documents sent shockwaves across the global financial realm. Lawmakers and legal experts have since been weighing in on reform options for a seemingly broken system, offering possible solutions to these issues in the process.

Shortly after news of the leak reached the international airwaves in mid-September, a bipartisan group of U.S. Congressmen came together in support of a new law with the power to completely overhaul the way financial institutions survey illegal activity. According to a Reuters report, “the proposed legislation would make it easier for banks to share information to identify bad actors, let them use technology to help detect suspicious activity more efficiently without breaching privacy laws and require companies to disclose who actually owns them.”5 If enacted, the act would effectively ease much of the regulatory burden placed on U.S. financial firms that have collectively spent hundreds of billions of dollars to improve their current risk management protocols and fortify their AML framework to avoid costly penalties and other repercussions from federal regulators. Regulators have also contributed to the idea that moving forward, banks would only face strict penalties if their anti-money laundering failures are considered “pervasive”, rather than for isolated incidents or lapses as is the current status quo. In a statement released on the updated policy, Senator Sherrod Brown, the top Democrat on the Senate Banking Committee, said “The Buzzfeed story makes clear we need to strengthen, reform and update our nation’s anti-money laundering laws,” noting that “this action is long overdue.”5 With financial service providers, law enforcement agencies and human rights organizations all in support of such a measure, the legislation seems like a welcomed change for all parties involved in the fight against illicit financial activity. Unfortunately, due to the COVID-19 pandemic, the bill has stalled in Congress, taking a backseat to more pressing issues including the November Presidential Election. The bright side of this waiting period however is that it does provide more time for the analysis of key issues that can ultimately lead to systemic AML/counter-terrorism financing (CFT) failures.

A recent report from the International Consortium of Investigative Journalists (ICIJ) also laid out several steps that can be taken by federal regulators to bring about lasting money-laundering reform. Their investigation notes that one of the biggest problems in holding financial institutions accountable is the improper use of deferred prosecution agreements (DPAs) for penalizing non-compliant firms. A DPA functions as follows: a government body (i.e. the Department of Justice, Securities and Exchange Commission, etc.) will bring charges against a defendant but will agree to not to move forward on those charges in exchange for the defendant(s) agreeing to abide by certain requirements or conditions set forth by the plaintiff. If the defendant satisfies its end of the bargain, the government agrees to drop the charges, but if the defendant is found to have violated the conditions of the DPA, the government can then move forward with prosecution.6 In the financial sphere, DPAs give banks multiple chances to avoid criminal charges by agreeing to pay fines and enter probationary periods. The problem with this practice is that many banks, specifically larger firms, often do not mind paying these fines because they have the means to take them in stride.

The financial component of the DPA has essentially become nothing more than a simple cost of doing business as opposed to it being an actual punishment. Many of the financial institutions involved in AML/sanctions-breach scandals over the past two decades (including notable names like HSBC, JPMorgan Chase, Deutsche Bank, Standard Chartered Bank, and Bank of New York Mellon) have signed DPAs and managed to continue being profitable institutions in spite of the multi-million dollars fines they have been levied.3 Several of these firms even faced repeat fines for violating current laws after their initial offense, directly demonstrating the lack of effectiveness of such measures. Many have argued that perhaps the only way to bring about real change to the system is by holding company executives more accountable and making them face prosecution for the non-compliance of their respective institution’s. In today’s world, senior officials rarely ever face criminal prosecution for money laundering failures. Many believe that if they did however, priorities would likely change – and quickly.

Other pressing areas of reform include shoring up suspicious transaction reporting requirements for firms large and small. To prevent being subject to fines and penalties for missing something, institutions have begun basically mass-flagging transactions and accounts to help cover protect themselves from regulatory action. This renders the whole concept of SARs as ineffective because this practice creates an abundance of false-positives that require significant manpower to sift through, effectively crippling the workflow and budgets of smaller institutions. Communication within banks is also a huge problem. Compliance officers often have difficulty getting useful information from their colleagues in client-facing banking divisions. Ross Delston, a Washington attorney specializing in anti-money laundering systems, claims that a possible solution would be centralizing data. If regulators would require data to be stored on a central database within the bank, compliance division staff could access it at anytime without having to deal with employees outside of the compliance department that on many occasions are relatively unfamiliar with regulatory procedures.3 Arguably the most important point brought forward in the ICIJ’s article is the fact that compliance officers need to be empowered. They need direct lines to those in the bank that can close accounts immediately when they deem particular activities as suspicious, rather than having to file a SAR and wait for nothing to be done. This also falls upon regulators to make sure banks do not have broken or obstructed links in their chain of command.

Altogether, it appears that a number of changes can be made to current AML/CFT processes by regulators and financial institutions alike to improve their effectiveness and allow for improved allocation of resources. Time will tell if the failures exposed by the FinCEN Files investigation will see the urgent intervention that many across the global financial sector have long been clamoring for.


Weekly Roundup


Goldman Sachs to Settle DOJ’s 1MDB Investigation

American multinational financial services firm Goldman Sachs Inc. has agreed to pay over $2 billion as part of a settlement reached with the U.S. Department of Justice (DOJ) over the bank’s role in the Malaysia 1MDB fund scandal.  The agreement will allow the bank to avoid a criminal conviction, while also partially freeing the bank from a cloud of negativity and uncertainty that had hung over the group over the last several years due to their questionable involvement in raising $6.5 billion for the 1MDB fund in the early 2010’s. Bloomberg writes that while “Goldman has long blamed rogue employees, asserting it had no idea the money it helped raise would be diverted from development projects”, the firm’s investment banking group collected approximately $600 million from bond sales on behalf of the fund.4

In July, a Malaysian court found former Prime Minister Najib Razak guilty on multiple counts of corruption, abuse of power, breach of trust and money laundering, which will see him face a 12-year prison sentence and a fine of roughly $50 million in relation to his alleged siphoning of billions of dollars from the state fund. Altogether, analysts believe that Goldman may pay up to $5 billion in total once settlements are concluded with the Malaysian government, the DOJ, and other international agencies.


FinCEN Fines Bitcoin Platform Operator for AML Failures

Last week, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a $60 million civil money penalty against the founder and primary operator of two notable virtual currency platforms for multiple violations of the Bank Secrecy Act (BSA) and failure to implement adequate AML safeguards. Larry Dean Harmon, the administrator of Helix and Coin Ninja, was arrested in February on charges of conspiring to launder funds by acting as a cryptocurrency “mixer” – allowing customers to mix their coins and subsequent transactions with those of other users in an effort to shroud their identities. This practice is often associated with money laundering or other forms of illicit financial activity. Harmon also faced charges of operating both platforms as unregistered money services businesses, failing to maintain an adequate anti-money laundering program, and willfully violating suspicious transaction reporting requirements – all direct violations of the BSA.

A FinCEN press release reads that between “June 2014 through December 2017, Helix conducted over 1,225,000 transactions for its customers and was associated with virtual currency wallet addresses that sent or received over $311 million dollars”, or 354,468 Bitcoins.2 The regulator alleges that these transactions likely facilitated the purchase of illicit narcotics, weapons and other goods found on the dark web. In addition to the financial penalty, Harmon also faces a prison sentence of upwards of 15 years if convicted.


EU Sanctions Chief Russian Military Intelligence Officials

 Last Thursday, the European Union (EU) officially imposed sanctions against the head of Russia’s military intelligence unit and a close associate. The sanctions against the director of the GRU, Igor Kostyukov, and intelligence officer Dmitry Badin come in response to a cyber-attack against the information and operating systems of German parliament in 2015. The EU writes that the attack – spearheaded by Kostyukov and carried out by Badin – culminated in a significant amount of data being stolen, while “the email accounts of several Members of Parliament (MPs) as well as of Chancellor Angela Merkel were affected.”1 The intelligence unit in question, known as military unit 26165, has also been tied to other hacking exploits in the recent past, including an attempt to hack into the wireless network of the Organization for the Prohibition of Chemical Weapons, based in the Netherlands, in 2018.1 While the Russian government has denied the validity of the accusations, the EU will impose travel bans and asset freezes on the two individuals effective immediately.



  1. “EU Slaps Sanctions on 2 Russians over Germany Cyberattack.”AP NEWS, Associated Press, 22 Oct. 2020.
  2. “First Bitcoin ‘Mixer’ Penalized by FinCEN for Violating Anti-Money Laundering Laws.” Financial Crimes Enforcement Network, U.S. Department of the Treasury, 19 Oct. 2020.
  3. Hallman, Ben, et al. “6 Money Laundering Reforms That Experts Say Need to Happen Right Now.” ICIJ, International Consortium of Investigative Journalists, 19 Oct. 2020.
  4. Natarajan, Sridhar, et al. “Goldman Poised to Pay More Than $2 Billion in DOJ’s 1MDB Probe.”com, Bloomberg, 20 Oct. 2020.
  5. Schroeder, Pete. “U.S. Policymakers Seize on FinCEN Leaks to Press for Stepped up Money-Laundering Fight.” Reuters, Thomson Reuters, 22 Sept. 2020.
  6. “What’s a Deferred Prosecution Agreement?” MoloLamken LLP (ML) Law Firm / Attorneys, 2020.

Related Posts

About Us
businessman touching tablet
Our success is derived from the success of our clients. We pride ourselves in having assisted challenged financial service providers.

Let’s Socialize

Popular Post