The FinCen Files – implications for financial institutions and their AML/CFT supervisors

Over the last two months, there have been a number of media reports relating to the unlawful disclosure of suspicious transaction reports (STRs) that were submitted to the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCen) between 1999 and 2017 – the so-called FinCen Files. FinCen is the US Financial Intelligence Unit (FIU) responsible for collecting and analysing reports from obliged entities, including financial institutions, that have reasonable grounds to know or suspect that money laundering or terrorist financing (ML/TF) has been committed or is being attempted. An STR is not evidence of ML/TF and it is up to the FIU to decide, based on its own analysis, whether to disseminate the information to law enforcement agencies.

As with other reports from multiple mainstream media that relate to ML/TF, and in line with the risk-based approach set out in Directive (EU) 2015/849 (AMLD), financial institutions and competent authorities responsible for supervising these institutions’ compliance with their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations in the EU should consider the impact of information contained in these reports on their work and take steps to address any ML/TF risks they have identified.

The information published thus far in connection with the FinCen Files highlights the importance of:

1. Financial institutions putting in place and maintaining effective anti-money laundering and countering the financing of terrorism (AML/CFT) systems and controls to identify suspicious transactions and behaviours, and report these suspicions to FIUs in a timely manner.

Many of the reports published by journalists refer to suspicious transactions that occurred in the correspondent banking context.

Correspondent banking means the provision of banking services by one bank (the correspondent) to another bank (the respondent). It allows respondents to access financial services in different parts of the world, and to provide cross-border payment services to their customers. The correspondent does not normally have a business relationship with the respondent’s customer or know their identity, or the nature and purpose of the underlying transaction. This means that the ML/TF risk associated with correspondent banking can be increased.

Correspondent banks are legally obliged to carry out CDD checks on the respondent, who is the correspondent’s customer. Where the respondent is based in a third country, these CDD measures have to be enhanced. CDD checks include, for example, measures to understand the respondent’s business, the types of customers they service, and the resulting ML/TF risks, as well as measures to mitigate these risks. Enhanced CDD measures go further and require correspondents to take additional specific steps to identify and manage ML/TF risks including, for example, an assessment of the respondent’s AML/CFT controls. In very high risk situations, this may involve sample-checks but contrary to some reports, sample checks are not mandatory and there is no obligation on correspondents to know, or apply CDD measures to, their respondent’s customers.

The EBA has issued guidance to financial institutions on the effective management of ML/TF risk in the correspondent banking context. 

2. Competent authorities and FIUs cooperating effectively because FIUs have access to information that enables supervisors to discharge their functions in a targeted and risk-sensitive way.      

Competent authorities do not investigate individual cases of ML/TF but instead work to ensure that financial institutions have in place, maintain and implement adequate systems and controls to identity, assess and manage ML/TF risk.

Cooperation and information exchange with FIUs helps competent authorities to:

a) intervene in a timely and effective manner where an FIU has ground for concern that a financial institution may be falling short of their AML/CFT obligations, for example because STRs are reported late, because the quality of STRs is inadequate, because STRs reveal serious deficiencies in the reporting institution’s AML/CFT systems and controls, or because the institution is involved in transactions that other obliged entities have flagged as suspicious; and

b) keep their ML/TF risk assessments and approaches to AML/CFT supervision up to date and relevant, for example by incorporating information from the FIU on ML/TF trends and typologies.

The Risk-based supervision guidelines have further information on this point.

The EBA has also issued guidelines on cooperation and information exchange for AML/CFT supervisory purposes that set out the steps competent authorities can take to cooperate with different stakeholders, including FIUs, under the current legal framework. 

3. Information exchange between all public authorities involved in the fight against ML/TF, between public authorities and financial institutions, and between financial institutions, because access to relevant information is the prerequisite for an effective, risk-based approach to tackling ML/TF. 

The EBA in its response to the Commission’s call for advice on the future AML/CFT legal framework has drawn the Commission’s attention to the need to enshrine in EU law a duty to cooperate and exchange information among all public authorities, and asked the Commission to consider allowing financial institutions to exchange information amongst themselves, subject to adequate safeguards.

The EBA will continue to liaise closely with competent authorities in respect of their actions and possible findings in this case, including by facilitating and monitoring discussion on these actions in Colleges of supervisors to ensure information is shared amongst relevant authorities across the single market. A conference for EU FIUs and AML/CFT competent authorities to foster synergies and cooperation within their respective competencies and tasks will be organised next year as part of the EBA’s new legal duty to lead, coordinate and monitor the EU financial sector’s fight against ML/TF.