Banks Frown Over Another ICIJ Data Leak, Say Industry Has Moved On

Tom Burroughes Group Editor September 21, 2020


The 1999-2017 period covered by filings of suspicious activity reports (SARs) has already been largely addressed by banks' compliance changes, or via remediation and settlements with regulators, they said. The lenders also said that SARs weren't proof of criminal activity, a point that the journalist consortium also acknowledged.

A raft of global banks have hit back at a report claiming that JP Morgan, HSBC, Bank of New York Mellon and others handled more than $2 trillion of money even after being warned that they would face penalties.

In several cases, the lenders said that much of the data, covering a period from 1999 to 2017, had already been addressed via remediation and regulatory actions, and that banks had spent heavily to monitor and thwart dirty money. They said filing a suspicious activity report, aka SAR, was not proof of wrongdoing.

Regulators around the world, such as in Singapore, the US and Denmark, have continued to punish lenders for compliance failings.

A report dated Sept 20 on the website of the Washington DC-based International Consortium of Investigative Journalists said documents obtained by US news platform Buzzfeed, and shared with ICIJ, showed that thousands of transactions were flagged over an 18-year period by financial institutions’ compliance officers as possible money laundering or other suspicious activity. The leaked documents are known as the FiniCEN Files, and include more than 2,100 suspicious activity reports filed by banks and other financial groups with the US Department of Treasury’s Financial Crimes Enforcement Network, the ICIJ said.

As the ICIJ report stated, “suspicious activity reports reflect the concerns of watchdogs within banks and are not necessarily evidence of criminal conduct or other wrongdoing”. And yet in the first paragraph of its report, the Consortium declares: "Secret US government documents reveal that JP Morgan Chase, HSBC and other big banks have defied money laundering crackdowns by moving staggering sums of illicit cash for shadowy characters and criminal networks that have spread chaos and undermined democracy around the world."

And that caveat about wrongdoing is crucial because, as with previous “leaks” of data known as the Panama Papers and Paradise Papers – about offshore accounts – the ICIJ did not claim that any crimes were necessarily committed by the banks. In the past, this has led to criticisms that such data leaks are political stunts and threaten legitimate privacy. On the other hand, it also has fueled continued demand for KYC and AML compliance work and technology to ensure that banks stay within the law.

US criminal law bans unauthorized disclosure of SARs or information about SARs, so banks are not able to say if a SAR has been filed or what it contains.

The bank reported as having the greatest number of SARs with the US was Deutsche Bank, the ICIJ said, pegging the figure at more than $1.3 trillion. Next in line is JP Morgan ($504 billion); Standard Chartered ($166 billion); BNY Mellon ($64.1 billion); Barclays ($21 billion), Societe Generale ($8.5 billion) and HSBC, at $4.48 billion). A number of other players, including Denmark’s Danske Bank and Citibank, were also mentioned in the report.

One concern that banks may have – and this publication is examining this matter – is that if banks are made embarrassed about SAR leaks, they might be paradoxically less willing to comply if they think their reports will be used in allegations against them. 

The Institute of International Finance said the report underlined the need for private firms and governments to co-operate more fully in weeding out dirty money.

“The findings of today’s reports once again emphasize the need to pursue intelligence-led changes for financial crime risk management - driven by meaningful improvements to public-private sector cooperation and cross-border information sharing, coupled with the use of technology - to enhance the global anti-financial crime framework,” Tim Adams, IIF President and chief executive, said. “I hope these findings spur urgent action from policymakers to enact needed reforms. As noted in today’s reports, the impacts of financial crime are felt beyond just the financial sector – it poses grave threats to society as a whole.”

“The ICIJ has reported on a number of historic issues. Those relating to Deutsche Bank are well known to our regulators,” Deutsche Bank said in a statement. “The issues have already been investigated and led to regulatory resolutions in which the bank’s cooperation and remediation was publicly recognized. Where necessary and appropriate, consequence management was applied. To the extent that information referenced by the ICIJ is derived from SARs, it should be noted that this is information that is pro-actively identified and submitted by banks to governments pursuant to the law. SARs are alerts of potential issues, not proven facts.”

“The fight against financial crime, money laundering and capital flight has been a priority for investigating authorities and financial institutions alike. The world’s leading financial institutions, including Deutsche Bank, have invested billions of dollars to more effectively support authorities in this effort. Naturally, this leads to increased detection levels,” Deutsche continued. “We have devoted significant resources to strengthening our controls and we are very focused on meeting our responsibilities and obligations. This also includes implementing risk mitigants and, where appropriate, off-boarding customers and correspondent banking relationships.

JP Morgan told this publication in a statement: “We report suspicious activity to the government so that law enforcement can combat financial crime, and have thousands of people and hundreds of millions of dollars dedicated to this important work. We have played a leadership role in anti-money laundering reform that will modernize how the government and law enforcement combat money laundering, terrorism financing and other financial crimes.”

In Standard Chartered’s case, it said: “We file SARs when circumstances warrant and that means our screening and monitoring systems are working as intended. A SAR filing does not mean there has been criminal activity.”

“We file a SAR when we have identified something suspicious or irregular in a transaction that meets the filing requirements in the local market. We report these matters to law enforcement so they can investigate and, if they see fit, take further action.  We seek to work actively with law enforcement on priority areas, and in higher risk cases have restricted or exited clients,” a spokesperson said from the UK/Hong Kong-listed bank. 

“The reality is that there will always be attempts to launder money and evade sanctions; the responsibility of banks is to build effective screening and monitoring programs to protect the global financial system. We take our responsibility to fight financial crime extremely seriously and have invested substantially in our compliance programs. Standard Chartered has nearly 2,000 staff worldwide dedicated to preventing, detecting and reporting suspicious transactions. In 2019 we monitored more than 1.2 billion transactions for potential suspicious activity and screened more than 157 million for sanctions compliance. Our monitoring and investigations work has contributed to the conviction of criminals and our efforts have been recognized by law enforcement in multiple jurisdictions,” the spokesperson added. 

Barclays told this news service: "1. Financial crime weakens financial institutions and we have a shared interest, in addition to our legal obligations, to prevent it. The potential financial, legal, regulatory and reputational damage to any institution from financial crime is intense. 

"2. Suspicious Activity Reports are a key part of the process by which law enforcement agencies gather evidence on possible financial crime matters. In common with other banks, we typically file thousands of SARs and other similar reports globally each year – this is a common and required practice in the financial services industry.

"3. Financial institutions must file SARs on any activity that appears suspicious. SARs are not, however, themselves evidence of criminal conduct and simply reflect a snapshot taken at a particular point in time of the information then available. In the majority of cases, we continue to investigate and monitor account activity after SARs are filed, at times working in conjunction with law enforcement agencies. In most cases, accounts are not closed after SARs are filed.

"4. Financial crime is, by its nature, complex and difficult to detect. We analyze information about our clients and their activities over time. Criminal activity which may seem obvious with hindsight is often only uncovered as a result of careful evidence gathering after the event in question has occurred or after a SAR has been filed.

"5. If we conclude we have financial crime concerns, we take appropriate action and have done so in numerous cases over the years. As you will appreciate, terminating client relationships is not something we take lightly. Given the filing of a SAR is not itself evidence of any actual wrongdoing, we would only terminate a client relationship after careful and objective investigation and analysis of the evidence, balancing potential financial crime suspicions with the risk of ‘de-banking’ an innocent customer and our obligation to treat customers fairly.

"6. You will be aware that there are various initiatives to improve the degree of transparency around how corporates and other structures hold money around the world. We think these are supported by the major banks and they should make the process of due diligence on clients a lot easier.

"7. US criminal law prohibits the unauthorized disclosure of SARs or information about SARs. We are therefore not permitted to comment on whether a SAR has been filed, or on the contents of any SAR that may have been filed, even when the SARs in question may have been publicly disclosed. We are also not permitted to comment on individuals or businesses, including to confirm whether they are or have been a client. We are therefore unable to comment on the specific points in your letter [referring to contact from ICIJ].

"8. But for the avoidance of doubt, we believe that we have complied with all our legal and regulatory obligations including in relation to US sanctions. We would also refer you to the report by the US Senate Permanent Subcommittee of Investigations entitled The Art Industry and US Policies that Undermine Sanctions, published on July 29, 2020. That report covers many of the issues raised in your letter and highlights the extensive investigative work undertaken by Barclays, and also our significant cooperation with relevant authorities."

BNY Mellon was quoted by Buzzfeed as saying: “BNY Mellon takes its role in protecting the integrity of the global financial system seriously, including filing Suspicious Activity Reports (SARs). As a trusted member of the international banking community, we fully comply with all applicable laws and regulations, and assist authorities in the important work they do. By law, we cannot comment on any alleged SAR we may have filed or that may have been illegally disclosed by third parties to the media.”

HSBC told FWR: “We do not comment on suspicious activity reporting. All of the information provided by the ICIJ is historic and predates the conclusion of our Deferred Prosecution Agreement (DPA) in 2017.

"Starting in 2012, HSBC embarked on a multi-year journey to overhaul its ability to combat financial crime across more than 60 jurisdictions. During that period, the Monitor fulfilled his role of identifying issues and making recommendations for improvement, and concluded that HSBC became a safer bank each year as a result of the bank’s efforts. At the end of 2017, the Justice Department, having received all of the Monitor’s reports, determined that HSBC met all of its obligations under the DPA. HSBC is a much safer institution than it was in 2012.”

“In 2012, we launched our Global Standards initiative, which focused on putting in place the most effective standards to combat financial crime across our operations globally. As part of this effort, we designed and implemented new, globally consistent policies on AML and sanctions that often extend beyond the requirements of local laws and regulations. Among other steps, we hired experienced senior personnel to lead the effort and significantly increased our financial crime compliance capabilities; we put in place a robust investigations capability; we improved and expanded our financial crime compliance training initiatives; and we upgraded or replaced key compliance IT systems, with over $1 billion spent since 2015. We also increased the number of staff in our financial crime compliance function from a few hundred in 2012 to around 5,000 in 2017. In parallel with our reforms, we dramatically reduced our financial crime risk profile, exiting jurisdictions, curtailing business in other jurisdictions and closing the accounts of existing customers.

"The goal of any financial crime compliance program is to detect and prevent financial crime. One way we do that is through transaction monitoring and sanctions screening. Each month, we screen over 689 million transactions across 236 million accounts for signs of money laundering and financial crime. In addition, we screen approximately 131 million customer records and 40 million transactions monthly for sanctions exposures. During 2019, we filed almost 50,000 suspicious activity reports to law enforcement and regulatory authorities where we identified potential financial crime,” it added. 

Register for FamilyWealthReport today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes