Ripjar Strategic Advisor – Financial Crime
Banks will be waking up this morning to a new world in which the previous sanctity of their Suspicious Activity Reports (SARs) has been lost.
With the publication yesterday of the first batch of stories emanating from the massive FinCEN data leak, the world has changed and will not be able to return to the status quo ante.
For many, this will be the first time they have read in any detail about SARs which are the centre of the furore.
Hitherto, they have been a little-known tool used by the banks to report suspicious activity identified within their operations. And today, depending on who you believe, their release has opened up a previously hidden world in which government departments leap into robust, but unseen, action working to rid the world of some of its most corrupt or criminal actors or it has unmasked the process as simply a useful way for banks to report issues after the fact in an effort to avoid regulatory censure, fines or worse. And often only in response to stories they have read in the newspapers, having previously failed to identify anything suspicious at all.
The truth, as so often, lies somewhere between the two although it is clear from the scale of the leaks and the lack of any obvious corrective action having been taken against the underlying activity identified, that the system isn’t working.
The most compelling question is this. Do we try to refurbish the existing edifice or knock the house down and rebuild it from scratch?
To find an answer, it is necessary to understand the current process.
There are, essentially, two types of SAR. One where you report a transaction which is “in progress” (known here in the UK as a “Defence against Money Laundering SAR or DAML) and the other where you report after the fact. About 1 in 14 SARs filed are DAMLs.
Inevitably, this means that, even where suspicion is identified (which we know to be an exceedingly small percentage of the true criminal funds flowing through the system) overwhelmingly, the identification happens after the fact.
“What’s the point then?” you might reasonably ask.
Post facto SARs are designed to give the NCA (or equivalent) a huge trove of financial intelligence from which to identify organised criminality or grand corruption. Except, from the evidence we see daily, they don’t.
There are still enormous inflows, for example, into London property purchased on behalf of individuals who have no obvious source of income or capital commensurate with the value of the assets they are buying. And often, these people occupy positions of influence in countries with recently emergent economies and high levels of poverty amongst their indigent populations.
The contrast is stark.
Which brings you to an obvious follow up question.
Why doesn’t all this intelligence make any difference?
In the year to March 2019, the NCA received 478,437 SARs of which 34,151 were DAML SARs. That’s close on 2,000 SARs every working day. In March 2019 there were 118 staff (up from 80 the year before) which simply isn’t enough to process so many SARs, especially as the DAMLs have to take priority because of the need to respond within 7 working days.
If we look specifically at some of the cases currently being reported, we see almost instantly that the actors identified in the SARs are massively multi-jurisdictional. The SAR might identify, for example, a Russian national, with a business that is being run via a UK corporate vehicle, which is controlled by corporate directors based in the Marshal Islands and with a bank account in Estonia.
Just what is a UK based NCA operative supposed to do with such a SAR? They have no jurisdiction over any element of the report save the UK registered address of the company. Which is often just a high street provider of mailboxes.
And that issue, which is replicated the world over, is at the heart of why this is such an important story and why the current system is more to do with banks filing SARs to be compliant and not to help in the fight against financial crime.
How much better would it be if they could file to some form of global centre of excellence (at least for those SARs which have an international flavour) which DID have jurisdiction in at least some of the affected countries?
If we truly are serious about tackling this plague of criminality, these revelations ought to prompt us to act, and not just bemoan the lax security which allowed the leak in the first place.