Last week, FinCEN “communicated,” so to speak, to private industry, law enforcement, regulators, and legislators in three very different ways:  through a FY 2022 Year In Review infographic; a first-of-its kind enforcement action against a trust company; and in statements before the U.S. House of Representatives.  This post summarizes each of these developments, which are unified by the motif of FinCEN asserting that it has an increasing role in protecting the U.S. financial system against money laundering, terrorist financing and other illicit activity; providing critical data and analytical support to law enforcement agencies pursuing these goals; and simultaneously policing and trying to collaborate with private industry regarding these goals.

FinCEN Year in Review for FY 2022

First, on April 25, FinCEN issued its Year in Review for FY 2022, an infographic touting FinCEN’s accomplishments, Bank Secrecy Act (“BSA”) filings by financial institutions and their subsequent use by law enforcement, information sharing under Sections 314(a) and 314(b), and other topics.  The Review sets forth a lot of statistics and factoids, which are often interesting, even if they sometimes lack context.  Here are a few items of particular note:

  • IRS-Criminal Investigation is a key consumer of BSA reports filed by financial institutions (“FIs”) – i.e., Suspicious Activity Reports (“SARs”) and Currency Transaction Reports (“CTRs”).  Over 83% of IRS-CI investigations recommended for prosecution during FY 2020 to FY 2022 involved a primary subject referenced by a related BSA filing.  Perhaps more importantly, because the following involves “investigative leads” initiating investigations (vs. special agents in ongoing investigations searching FinCEN’s BSA filing database for any “hits” on previously-identified subjects), almost 16% of all IRS-CI investigations “were the direct result of BSA data.”
  • The Department of Justice “has run millions of queries in the past six years.”  [Nonetheless, and as we have blogged, the DOJ apparently has been incapable of indicating what BSA filings it actually finds valuable, despite a statutory requirement to do so.]
  • Further, “[t]he top 10 filers of SARs filed approximately 52% of all FY22 SARs.” As noted below, 260,000 FIs are registered to e-file BSA reports with FinCEN.  That means that 10 FIs filed approximately 2.24 million SARs – an average of 224,000 SARs per FI.  The other 259,990 FIs filed the other 2.06 million SARs – an average of under 8 SARs per FI.  Further, this latter average is almost surely skewed by many FIs that file perhaps one or two SARs annually.  A remarkable divergence.  Bottom line: a few large FIs (banks) routinely file a staggering sum of SARs, likely due to so-called “defensive filing” behavior resulting in over-filing to try to avoid regulatory blowback.  Conversely, smaller FIs, lacking the same resources, personnel, sophisticated compliance programs, and/or conservative risk appetite, potentially under-file SARs.
  • 14,800 FIs participated in the Section 314(a) information sharing program, which enables law enforcement, through FinCEN, to obtain information from FIs regarding the accounts and transactions of persons potentially involved in money laundering and terrorist financing.  Further, over 7,600 FIs participated in the Section 314(b) information sharing program, which enables FIs to share information with each other regarding the same topics.  4,427 of these FIs were banks or credit unions, and 1,725 were broker-dealers.  Thus, only a few of the other types of FIs (money transmitters, casinos, etc.) participated.  These numbers should be considered in light of the number of FIs referenced in the below infographics:  260,000 FIs are registered to e-file BSA reports with FinCEN.  So, it is unclear whether the Section 314 programs are operating to their full potential.
  • FinCEN issued three Advisories and three Alerts in FY 2022 regarding various money laundering and terrorist financing threats, inviting FIs to file SARs referencing the relevant Advisory or Alert.   FinCEN’s Alert on Elder Exploitation garnered 19,395 SAR references.  The others were not even close:  second place goes to FinCEN’s Alert on Potential Russian Sanctions Evasion Attempts, which garnered 923 SARs.

Finally, the amount of BSA filings continues to explode.  Over four million SARs are now filed annually, and over 20 million CTRs.  These two infographics say it all:

First Enforcement Action Against a Trust Company

On April 26, FinCEN announced a Consent Order imposing a $1.5 million civil penalty against Kingdom Trust Company (“Kingdom Trust”) for alleged BSA violations – the first-ever BSA enforcement action against a trust company. 

According to FinCEN’s press release, “Kingdom Trust admits that it willfully failed to accurately and timely report hundreds of transactions to FinCEN involving suspicious activity by its customers, including transactions with connections to a trade-based money laundering scheme and multiple securities fraud schemes that were the subject of both criminal and civil actions. These failures stemmed from Kingdom Trust’s severely underdeveloped process for identifying and reporting suspicious activity.”

Kingdom Trust is located in Murray, Kentucky and organized under the laws of the state of South Dakota.  It therefore is considered a “bank,” as defined and regulated by the BSA.  The Consent Order – typical of FinCEN – is very detailed, and we summarize its allegations greatly.

Kingdom Trust provides custody services to individuals with IRAs, and acts as a qualified custodian for investment advisers.  However, during the time period at issue of February 2016 through March 2021, it also “engaged in the business of providing account and payment services to foreign securities and investment firms as well as other businesses – including money services businesses – located in Latin America that had elevated risks of money laundering.”  Key to understanding the Consent Order is the allegation that Kingdom Trust facilitated at least $4 billion in payments through the United States by such customers, “with minimal oversight.”

According to the Consent Order, Kingdom Trust’s process for filing SARs was “severely underdeveloped and ad hoc,” resulting in a willful failure to file timely and accurate SARs.  Adequate and experienced AML compliance staffing was also an issue, and the company relied on a manual review of daily transactions by a single employee to identify potentially suspicious transactions.  Very few SARs were filed.  This “process” was inadequate and resulted in the failure to file hundreds of timely and accurate SARs. 

Further, the company’s direction to all employees to alert and report any potentially suspicious activity to compliance personnel – although good in theory – was almost always ignored or misunderstood in practical application, because company employees (including compliance personnel) did not understand how potential red flags listed in written policies actually could apply to Kingdom Trust customers.

Further, the company’s direction to all employees to alert and report any potentially suspicious activity to compliance personnel – although good in theory – was almost always ignored or misunderstood in practical application, because company employees (including compliance personnel) did not understand how potential red flags listed in written policies actually could apply to Kingdom Trust customers.

After other financial institutions began closing Kingdom Trust’s accounts, the company engaged a third party to conduct a BSA/AML audit.  Although the audit cited specific deficiencies, “Kingdom Trust did not exit the high-risk Latin American customers, make meaningful changes to its controls, or file any SARs related to this ongoing business line.”

Ultimately, it is reasonably to ask why such a relatively “limited” monetary penalty was imposed, given the scope of the alleged misconduct and the $4 billion figure referenced repeatedly.  Part of the answer may be that Kingdom Trust invested in AML compliance by hiring an independent consultant, an outside law firm, and a new AML compliance officer with relevant experience, and by implementing an automated transaction monitoring system and increasing the size of its AML compliance staff.  However, perhaps the primary answer is contained in a terse footnote, offered with no further details: after receiving inquiries from law enforcement about problematic accounts, “Kingdom Trust did, however, provide cooperation to law enforcement regarding many of the relevant accounts.”

Comments Before Congress – With a Focus on the CTA

Finally, FinCEN Acting Director Himamauli Das appeared on April 27 before the Committee on Financial Services of the U.S. House of Representatives.  His prepared comments are here.

Here are some nuggets extracted from his comments, which are understandably high-level:

  • FinCEN is focused on implementing the Corporate Transparency Act (“CTA”) and the database necessary to house the many millions of reports regarding beneficial ownership information (“BOI”) by entities covered by the CTA.  Acting Director Das asserted that he is “confident” that “we remain on track for implementation in January [2024].”  Nonetheless, such implementation is a “hugely resource-intensive process.”  Moreover, FinCEN is well aware of the intense and widespread criticism of its proposed CTA BOI reporting form, and is “carefully considering the comments[.]”  In other words, FinCEN is going to revise the proposed CTA BOI reporting form and make it more demanding.
  • FinCEN is undergoing an audit by the Department of the Treasury’s Acting Inspector General regarding data protection and FinCEN’s ability to securely share BSA information with other components of the government.  “. . . . FinCEN has already implemented several measures in response to OIG feedback, in order to ensure that sensitive information is protected appropriately, both in the context of BSA information and in designing the beneficial ownership framework and associated policies and procedures prior to receiving [BOI reporting under the CTA] next year.”
  • FinCEN is attempting to improve “feedback loops” with private industry regarding BSA reporting by financial institutions and what sort of reports are actually valuable to law enforcement and regulators – an evergreen topic.
  • FinCEN is prioritizing BSA violations by the virtual currency industry.
  • FinCEN is ramping up its Office of the Whistleblower, which “holds tremendous potential as a force-multiplier for the entire federal government[,]” and is developing a more formal tip intake and award certification system.
  • FinCEN is providing data and analysis to OFAC and other arms of the federal government to assist in the imposition of sanctions relating to Russia, and efforts to detect, disrupt and prosecute efforts to evade those sanctions.
  • FinCEN is supporting government-wide efforts to combat ransomware attacks.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.