FinCEN files: A Failure of the System and how it might be fixed?
What is most startling about the emerging FinCEN scandal is that over 2,000 suspicious activity reports (“SARs”) were filed by banks (this number is apparently only the tip of the iceberg) whilst the practices forming the subject matter of the SARS were still permitted to continue.
This arguably isn’t so much a damning reflection on the banks (who appear to have complied with their technical obligation to file SARS), but demonstrates a systemic failure of the relevant AML regimes, and raises questions about the effectiveness of ‘deemed consent’ anti-money laundering regimes (as in England and seemingly the US) v ‘no consent’ anti-money laundering regimes (as in jurisdictions such as Jersey).
In a ‘deemed consent’ regime, an organisation such as a bank files a SAR with their regulator, and if the bank doesn’t receive a response within a specified number of days, they have deemed consent to proceed with the transaction. Whilst the intention is that each SAR should be reviewed and considered by the regulator, there is a risk (as the FinCEN scandal appears to demonstrate) that genuinely suspicious transactions will end up going ahead if the regulator is underfunded and simply too busy. ‘Deemed consent’ regimes also arguably make banks and other regulated institutions more trigger happy when it comes to filing SARs (particularly given that they discharge the heavy burden of criminal responsibility which a failure to file may cause). This further exacerbates the problem.
By contrast, in a ‘no consent’ regime, the bank must not proceed with the relevant activity / transaction once a SAR has been filed unless and until it has express consent from the regulator to proceed. This means that each SAR is reviewed by the regulator before consent is granted and any further steps are taken, and this in theory would make the current FinCEN scenario less likely to happen (as it makes the regulator think more thoroughly about each SAR before giving consent, and arguably therefore more likely to spot concerning patterns of behaviour).
No consent’ regimes are by no means perfect because arguably they make people less likely to file SARs (particularly in high pressure commercial situations where a significant transaction could fail, and / or there is a risk of losing a big client), and arguably such regimes are not scaleable in larger jurisdictions with underfunded regulators. It is noteworthy that in Jersey, for example, the AML regulations have a limited privilege exemption when it comes to filing SARs, which is not included in the equivalent English legislation. A ‘deemed consent’ regime can also slow business down (which can make jurisdictions less attractive), particularly because regulators can be hesitant to approve genuinely legitimate transactions which happen to have an element (such as a jurisdictional connection) which smells even vaguely fishy. Businesses can find themselves in the unenviable position where there is a legitimately urgent transaction which cannot proceed because of a slow or cautious regulator – some say that this gives such regulators powers to impose a controversial unofficial freezing injunction, with the only real recourse being expensive judicial review proceedings (or at least the threat thereof).
However, when reading accounts of what appears to have happened in the FinCEN files, and the fact that banks were filing SARS (which are designed to prevent exactly what happened from occurring), certain corners will no doubt question whether further large scale structural reform is needed (comprised of more than bank’s voluntarily overhauling their own AML systems), potentially calling for a move away from a ‘deemed consent’ AML regime.
Caroline Harbord is a Senior Associate in the Dispute Resolution team. Having practised both in ‘deemed consent’ and ‘no consent’ jurisdictions, Caroline also has experience acting as General Counsel of an offshore trust company.