Wayne Johnson, CEO of Encompass Corporation, offers Finance Monthly his thoughts on where responsibility lies in the case of the FinCEN Files and how better tech can prevent money laundering from going unnoticed.

On 20 September, it was globally publicised that the FinCEN Files had been leaked to BuzzFeed News. Said files exposed some of the world’s largest banks, suggesting that they had been aware of cases of money laundering, corruption and fraudulent activity, contained in up to $2 trillion worth of transactions over an 18 year period between 1999 and 2017.

As a result, global banking shares plummeted by up to 8% on 21 September, and public outrage was aimed at those caught up in the scandal. News editors and agenda setters were quick to pin the blame on the banks, but is it that clear-cut?

The leaked FinCEN Files refer to approximately 2,100 Suspicious Activity Reports (SARs) filed by banks with the US Department of Treasury’s Financial Crime Enforcement Network (FinCEN). These files refer to suspicious and potentially illicit activity reported by financial institutions in the private sector, to financial intelligence units.

Reporting these findings is required by law and, as soon as a SAR is filed, it becomes the responsibility of regulators to investigate these leads, in order to stop any money laundering in its tracks. Reporting to a customer that a SAR has been filed is illegal and can compromise substantial investigations or impact national security.

Of course, suggesting that the banks are entirely blameless in the context of the money laundering exposed by the FinCEN Files leak would be false. The fact that criminals have even signed up to a bank successfully is an indictment on a bank’s initial customer due diligence and onboarding processes.

It is therefore clear that improved money laundering prevention methods are required by the banks themselves to stop instances like this from ever occurring again. However, the extensive and comprehensive Know Your Customer (KYC) processes that are required to identify risk at the point of onboarding a new customer have placed such a burden on resources that banks are struggling to maintain the quality of KYC. ICIJ’s analysis of the FinCEN Files leak found that in 160 SARs banks actively sought more information about the corporate vehicles behind the transaction without response. These gaps in initial KYC expose banks to significant risks down the line, as the FinCEN leaks have made clear.

The fact that criminals have even signed up to a bank successfully is an indictment on a bank’s initial customer due diligence and onboarding processes.

Acknowledging that existing processes are unsustainable, and that RegTech offers the only way forward, these once novel solutions are now seen as critical tools to be incorporated in a bank’s initial due diligence policy when onboarding and evaluating all customers. These solutions can collect, analyse and integrate critical KYC information far more quickly and accurately than humans, making it far easier for banks to determine beneficial ownership and other information needed for sound onboarding decisions.

The use of RegTech allows banks to truly unlock the potential of their data for KYC purposes. This improves a bank’s ability to detect and fend off risk at the earliest possible opportunity and throughout the entire customer lifecycle. And in the event of risks emerging further down the line, a complete customer profile allows a bank to craft SARs that provide meaningful information that help regulators prioritise and maximise the success of investigations.

The financial sector has made strides in implementing technology to address their regulatory challenges - there is more to be done for sure, but we are seeing banks globally incorporating RegTech and the pace of digital transformation accelerating.

In the case of the FinCEN Files, the issue resides across the entire ecosystem of the regulatory process. It is understood that a severe backlog of SARs, and a lack of adequate funding, has meant that regulators have not had the means to address or thoroughly investigate each and every case. Emboldened criminals are taking full advantage to launder money and expand their empires, and regulators now have no choice but to look at their own processes and make the improvements needed to get through the backlog of SARs and improve responsiveness to new ones.

Fortunately, solutions are available and able to support the SARs programme by helping to improve the reporting policy, both in terms of allowing banks to measure anomalies and ‘suspicious’ activity more accurately, and allowing regulators to prioritise certain cases and conduct efficient investigations.


SupTech (supervisory technology) is a category adjacent to fintech and RegTech and refers to technology used by regulators to improve their ability to supervise the implementation of and adherence to Anti-Money Laundering (AML) and other regulation. This approach could help further sift out irrelevant information, so that regulators and law enforcement agencies aren’t overloaded when investigating leads, and are able to focus on what they really need to.

Furthermore, RegTech, especially in the case of automation, is an increasingly important part of a bank’s technology stack. As previously mentioned, a robust KYC process that generates and maintains accurate and complete digital KYC files will ensure that subsequent activities, such as transaction screening and monitoring, are as precise and effective as possible.

Regardless of who, or what, is to blame for the gross abundance of money laundered through some of the world’s leading banks since 1999 (which, incidentally, is only a tiny fraction of the total amount of money laundered in this period), the fact remains that processes across the landscape are outdated, and the SARs reporting and investigation system must be changed if it is to effectively diagnose and eradicate the more sophisticated methods of criminal activity that have emerged. Solving this issue with RegTech and SupTech is key to improving the effectiveness of compliance at all points, and is essential to stamping out the financial crime that will continue to affect the world’s leading financial institutions.