More than 2,000 suspicious transaction reports filed by nearly 90 financial institutions were leaked. We go through what are SARs, discuss the broader implications, analyse a sample dataset made public and share our thoughts on what it takes to fix the problem.
Cylynx
September 24, 2020 · 5 min read
The leak of more than 2,000 suspicious transaction reports (SAR) filed by nearly 90 financial institutions to the US’s Financial Crimes Enforcement Network (FinCEN) made headlines over the past week. The reports by BuzzFeed News and the International Consortium of Investigative Journalist (ICIJ) offer an unprecedented view of the scale of global money laundering and highlight the roles that banks play in facilitating such transfers.
In this article, we explain SARs, the significance of the data leak and analyse a sample of the dataset made available by the ICIJ.
Banks and other financial institutions are required to file suspicious transaction reports when they spot suspicious activities that might be indicative of money laundering or other fraudulent activities. Characteristic signs of activities might include moving large amounts of money to foreign accounts or circular movements of money between individuals or companies.
Importantly, SARs by themselves are not evidence of a crime but are financial footprints of possible suspicious activities that can help law enforcement agencies relate the flow of money with other criminal activities such as terrorist financing, cyber crimes or human trafficking activities.
The news reports indicate that the FinCEN received more than 2 million SARs in 2019 in part due to regulatory pressure to file and the rise in international trade financing.
BuzzFeed news gives concrete examples of how large financial institutions from HSBC to JPMorgan Chase and Standard Chartered superficially comply with the requirements to file SARs but continued to facilitate transactions with suspicious entities.
The capability of regulators to deal with such a high volume of SARs also calls into question the relevance of such reports in such a day and age. The BuzzFeed team along with the ICIJ took about a year to sort through the reports covering more than 22,000 pages and spanning around 3 million words in data tables and long-form narratives.
The dataset released by the ICIJ is a small but cleaned sample of the FinCEN files. It does not contain any textual information of the SARs, only information on the sender bank, receiving bank and bank which filed the report, as well as the value of transactions flagged. According to the ICIJ:
The data ... only includes cases where sufficient details about both the originator and beneficiary banks were available in the FinCEN Files, amounting to more than $35 billion in transactions dated from 2000-2017
Bearing in mind that the leak and also the release might not be a representative sample of SARs filed with the FinCEN, we conducted an exploratory analysis on the dataset.
From the graph, it is clear that the volume of the reported leaked cases peaked in 2013. This coincides with media reports indicating that 2013 was the start of the year where well-known and large financial institutions such as JP Morgan, Credit Suisse, ING were implicated and fined for series of money laundering and market manipulation cases. Of course, whether the spike in filings was due to higher compliance standards, or just as a demonstration of compliance is another question which cannot be deduced by this dataset alone (though a textual analysis could potentially answer this question).
First, we aggregate transactions between banks and examine the role of the filer bank, which usually functions as the correspondent bank in the dataset. For example, in the 2nd row, an account belonging to Rigensis Bank (Latvia) is transferring money to an ING Bank (Netherlands) account. Since this is a cross country transfer, banks rely on other banks to hold their money in the desired currency and transfer/receive on behalf of them. In the example, Deutsche Bank filed a SAR on the transaction. In the dataset, Bank of New York Mellon Corp., Deutsche Bank AG, JP Morgan Chase and Standard Chartered are the top filers in both transaction amount and number of suspicious transactions reported.
Next, we aggregated total transactions based on the name of the incoming or receiving bank and analyzed the flow of funds at the overall bank group level. Expobank, Deutsche Bank, ING Netherlands and JP Morgan Chase were the sending banks with the largest transaction value flagged with Rosbank, Credit Suisse, Rigensis and Deutsche Bank the most suspicious recipients.
The above 2 tables show the top countries by sending and receiving volume as captured in the dataset. Russia and Latvia top both tables. These cases are likely to be part of Russian Laundromat, a scheme to manoeuvre $20-80 billion out of Russia from 2010 to 2014 through various international banks mostly in Eastern Europe countries.
Looking deeper into the relationship between the sending and receiving country, the above table shows the top country pairs by volume. Latvia, Russia, Switzerland and Cayman Islands came up as the top destinations being listed in the top 12 of the 15 country pairs, either as sender or receiver. The latter 2 countries are considered to be tax havens and are popular choices for people to store wealth, whereas the former 2 are also regarded as more risky countries.
As a company building tools for monitoring and audit on the blockchain, this incident strongly resonates with us in two aspects.
First, it highlights the scope that blockchain technology and other artificial intelligence could play in transforming the current industry.
The private nature of current banking practices makes it hard for the public or even regulators to scrutinize transaction trails. Despite all the attention on virtual assets as a potential avenue for money laundering activities, the fact that every transaction is fully visible contributes to greater public accountability and transparency.
The potential of machine learning to revolutionize the industry cannot be overstated. Having to pour through 2 million SARs is no joke and a waste of human time. Natural language processing can help ease the burden on regulators. In fact, we should aim even higher by leveraging technology to cut down on unnecessary noise and focus on truly risky activities. Automated know your customer services combined with smart transaction risk scoring systems can point out red flags that are worth examining.
Second, as much as technology could come in useful, compliance (or the lack of it) is ultimately a human problem. Most of the lapses highlighted are not complicated scams but straightforward incidents where red flags were simply ignored. To build a well functioning compliance regime across the financial sector, each party needs to play its part in the entire process. The cooperation between banks, financial institutions and regulators remain paramount in creating a well-functioning compliance regime.
Back to the question posed - can the system be fixed? Financial crime experts are of the view that yes it can. Leveraging technology, strengthening policies and creating the right incentive system will go a long way in safeguarding the financial system. The elephant in the room remains - do we want to fix it?
