[A thread on those #FinCEN files you've heard about]

There's been a lot of press about this recently, but it's been quite a flurry, so here is a gif-heavy thread on what to take away from the whole debacle

First, a little primer on what was leaked:

Banks based in the USA are required to report whenever they see suspicious activity

This could be anything from transactions with an unclear/dodgy source to clients deliberately depositing small amounts of $ in order to avoid notice

Someone in the bank's compliance department then sends a suspicious activity report (SAR) to FinCEN, the arm of the US treasury in charge of sifting through those reports and figuring out what is worth following up on/passing on to other law enforcement agencies

FinCEN receives quite a lot of SARs: about 2.2 million in total last year, about half of these from banks and the rest from other institutions (e.g. remittance companies, casinos)

What appears to have been leaked is just tiny fraction of the SARs database: just over 2,100

But it wasn't a random sample: reports suggest it is a dossier collated by FinCEN at the behest of the Congressional inquiry into Russian interference with the '16 election + requests from other law enforcement agencies

This means it is a select sample of some of the worst cases

The media storm has looked pretty bad:

Some of the biggest international banks including HSBC, Standard Bank, Deutsche Bank & JP Morgan have moved money around for criminal gangs, companies with ties to terrorism, Ponzi schemes, & billionaires w/ ties to corrupt governments

This is bad, it hurts all of us. It represents tax dollars lost to corruption & the ill-gotten gains of crime and fraud

I won't go into the details of individual cases, but you can find a lot of them through Buzzfeed and the ICIJ's excellent reporting https://www.icij.org/ 

So Takeaway #1 is that things are still bad

That's despite the fact that there's been a *massive* increase in anti-money laundering regulation and penalties in recent years

Fines by US regulators to banks have been going up - in the past decade they've added up to nearly $30b

The #FinCENFiles reporting has highlighted that many banks took on dodgy clients even *after* getting slapped with a fine by the US Treasury

Either they didn't care enough to ask more questions or they didn't have the capacity to determine if the client should be let go

But here's the thing: the money laundering found in these leaks are the *result* of banks sending suspicious reports to FinCEN

These are clients that were being reported on, and in some sense surveilled

In this limited sense, banks were doing what they are obligated to do

Yet the reporting on the #FinCENFiles found that some banks sent in these reports belatedly, bc it took them too long to figure out their client was engaging in bad behavior

It also shows them unwilling to give up business with people they had already flagged, because $$$

What was FinCEN doing this whole time? Isn't it their job to follow up on these cases?

Well yes. Ideally a FinCEN agent will receive a SAR, quickly confirm it is worth following up on, spring into action and catch the bad guy

But in practice, FinCEN is overwhelmed with SARs

I looked up their employment numbers, and found that the number of SARs just from banks that they receive is about 4,000 per person per year and it is *rising*

That means it takes a very long time for anyone to spring into action

One of the reasons banks are sending so many reports is incentives!

A bank won't get in trouble if they send in a report that turns out to be bunk, but they WILL if they failed to file a SAR on Putin's best friend

So they send in lots of SARs and let FinCEN deal with it

Another reason FinCEN gets so many SARs is because a lot of banks around the globe rely on US banks to send money overseas or to transact in dollars

So when a Nigerian IT firm makes a payment to a Kenyan company in $, chances are the payment will go through a bank in NYC

As foreign payments are routed through US based banks, they are eligible to have a SAR filed on them

This is why so many stories in the #FinCENFiles involve foreign banks and payments that don't go through the US

Via the SAR system, FinCEN can see well beyond US borders

So FinCEN gets a lot of reports, which wouldn't be a problem if they had the capacity to deal with it

But their budget was only $120m this year, which is roughly the cost of the latest Jumanji film

Takeaway 2: if we want our agencies to catch dirty money, they need *resources*

Other than pushing more $$$ into FinCEN's (and its foreign equivalent's) hands to better chase down financial crime, what more could we be doing?

This whole episode has revealed that we need a fundamental rethink of government's decision to let banks police their own systems

It is a delicate balance because we want banks to:

* care enough to (accurately) identify, report on and stop doing business with financial criminals

* but not make the process so costly that they stop doing business with those who aren't doing anything wrong

Sadly these two goals are sometimes in tension

Because banks have a bottom line to meet, they are first going to drop less powerful, poorer clients who don't make them much profit

This happened in the mid-2010s when banks stopped doing business with many remittance companies

I don't have any magic solutions to suggest, but while we figure out how to force banks to *care*, the US could take a few small steps make its economy less attractive to foreign white collar crime and to make it easier for authorities around the world to track it down

These steps would include:

* making it easier for foreign governments to learn what is in the SAR database

* making it harder for people to hide behind anonymous shell companies

* automatically exchanging bank account information with foreign counterparts

I've written a little more on each of these in a new blog post: https://www.brookings.edu/blog/up-front/2020/09/25/what-the-fincen-leaks-reveal-about-the-ongoing-war-on-dirty-money/