In the last five years, FinCEN’s workload has gone up three times as much as its budget: if we care about preventing terrorist financing, human trafficking, and public corruption, Congress must fund our nation’s financial intelligence unit.

FinCEN is a bureau in the U.S. Department of the Treasury. The Director of FinCEN reports to the Under Secretary for Terrorism and Financial Intelligence (TFI). In carrying out its mission, FinCEN has numerous statutory areas of responsibility:

1. Developing and issuing regulations under the Bank Secrecy Act (BSA);
2. Enforcing compliance with the BSA in partnership with law enforcement and other regulatory partners;
3. Serving as the U.S. Financial Intelligence Unit (FIU) and maintaining a network of information sharing with FIUs in 164 partner countries;
4. Receiving millions of new financial reports each year;
5. Securing and maintaining a database of over 300 million reports;
6. Analyzing and disseminating financial intelligence to federal, state, and local law enforcement, federal and state regulators, foreign FIUs, and industry; and
7. Bringing together the disparate interests of law enforcement, FIUs, regulatory partners, and industry.

What is FinCEN’s mission? According to its most recent Congressional budget justification and annual performance plan and report (Fiscal Year 2021) submitted earlier this year (see https://home.treasury.gov/system/files/266/12.-FinCEN-FY-2021-CJ.pdf), FinCEN’s mission statement is “to safeguard the financial system from illicit use, combat money laundering, and promote national security through the strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.”

FinCEN has a daunting and important mission – to safeguard the financial system – and Congress has placed upon FinCEN many critical responsibilities in safeguarding the financial system, everything from developing and enforcing the regulations for tens of thousands of private sector entities, receiving millions of reports (actually, more than 20 million) intended to provide a high degree of usefulness to government authorities, safeguarding those reports, and analyzing those reports and getting information back to over 6,700 federal, state, local, and tribal law enforcement agencies (according to an FBI/DOJ notice published in the Federal Register on June 30, 2020).

With this daunting mission, and millions of reports to collect and analyze, tens of thousands of private sector entities to regulate, and thousands of law enforcement agencies to support, FinCEN must be a massive agency with an impressive budget.

Let’s take a look.

The first thing that should jump out at you, and will be a surprise to most people, is how small FinCEN is: less than 300 people and a budget that is eclipsed by many global banks’ financial crimes risk management departments. That aside, and clipped directly from the FY2021 budget request, this table shows FinCEN’s resource levels – people and budget – for six fiscal years and its requested resource levels for 2021. (FinCEN’s fiscal year – the federal government’s fiscal year – runs from October 1 to September 30). This table also shows FinCEN’s “workload output/activity”, or at least three measurable parts of its overall workload: (1) the total number of BSA reports filed each fiscal year, (2) the total number of Suspicious Activity Reports (SARs) each year (a subset of the total number of BSA reports), and (3) the number of people (generally law enforcement) who use, or access, FinCEN’s BSA database. What is not measured and shown here is the other work or output or activities FinCEN is responsible for (developing and enforcing BSA regulations and analyzing BSA reports and getting information back to law enforcement, for example).

A quick glance at this table suggests that the workload is going up: SARs have gone from just over 2 million in FY2015 to an estimated 3 million in FY2021; the total number of BSA reports continues to go up; and the number of BSA users has gone from 10,166 in FY2015 to an estimated 13,589 in FY2021.

Have FinCEN’s resources kept pace with its workload?

This is an important question. The recent “FinCEN Files” release by Buzzfeed News and the International Consortium of Investigative Journalists (ICIJ) has caste a very negative spotlight on some large global banks as being the reason for, or the facilitators of, financial crime and corruption. Those stories have resulted in calls to reform what the media and others are calling a broken, ineffective, and inefficient regime. Although the journalists haven’t focused on FinCEN, it too has been receiving some unwarranted attention. Questions are being asked: banks and other financial institutions are reporting all this suspicious activity, so what is FinCEN doing about it?

FinCEN’s resources are not keeping pace with its workload.

I reformatted FinCEN’s budget numbers in order to better compare the annual resource numbers with the workload numbers. Given the FinCEN Files focus on Suspicious Activity Reports (SARs), I’ve highlighted those:

What appears obvious from this is that the number of SARs has gone up about three times as fast as FinCEN’s resources: SARs are up almost 35% in five years, but FinCEN’s staffing has gone up just 9% and its overall budget has gone up just 12.5%. FinCEN’s resources aren’t keeping pace with its workload.

FinCEN has received more than 2 million SARs in each of the last six years … or has it?

This is not a criticism of FinCEN. But when I saw those numbers in the budget request, I paused. FinCEN has a “SAR Stats” feature that allows the public to access FinCEN’s data on the number of SARs filed, by what type of filers, when, for what kind of suspicious activity, etc. It’s a great resource, and I use it a lot, and didn’t recall seeing more than 2 million SARs as far back as 2015. So I went back into the SAR Stats page …

… and I exported the total number of SARs filed, by month, for the entire period of available data – January 2014 through August 2020. Here’s what FinCEN provided (reformatted):

These are the actual numbers exported from the FinCEN website (with the exception of September 2020, which isn’t yet available: I estimated the number of SARs filed for that one month). At first glance one can see that not all six fiscal years had more than 2 million filed SARs. So I put the two sets of data – the 2021 budget submission and the FinCEN SAR Stats – together for easier comparison:

I can’t explain the differences – there is likely a reason why the two sets of SAR data are different. But both show an increase in the number of SARs filed over the last five fiscal years that is triple the increase in FinCEN’s resources that are available to manage those SARs, analyze them, and disseminate actionable intelligence back to more than 6,000 law enforcement agencies in order to protect our financial system.

Congress must support the fight against financial crime

If Congress is serious about fighting financial crime and protecting our financial system, it must provide FinCEN with the appropriate resources. So far it has failed to do so.

Updated February 24, 2020 – The US Supreme Court denied a petition that challenged the SAR Safe Harbor

On September 13, 2020 a petition was filed with the US Supreme Court asking the Court to take up a case to decide whether the so-called “safe harbor” provision gives banks and bank employees absolute immunity from any liability when filing a Suspicious Activity Report, or SAR, or something less than absolute immunity.  The case is AER Advisors, Inc., Deutsche et al., Petitioners v. Fidelity Brokerage Services, LLC, petition for writ of certiorari, Docket 19-347 (US Supreme Court).[1] It was “distributed for conference” on January 22, 2020, and the conference – or meeting of the Justices – was scheduled for, and held on, February 21, 2020. On February 24th the Court published its decision: PETITION DENIED!

This was a critical case for the US anti-money laundering regime. In this case, the Court of Appeals for the First Circuit held that Fidelity had absolute immunity in filing Suspicious Activity Reports, and dismissed the petitioners’ claims against Fidelity that it filed a SAR against the petitioners in bad faith. The petitioners sought review by way of a petition for writ of certiorari – basically, an appeal – to the US Supreme Court.

The petitioners framed the main question as whether 31 USC section 5318(g), added by the Annunzio-Wylie Money Laundering Act of 1992, confers (a) absolute immunity for any disclosure; or (b) immunity only if the disclosure is an objectively possible criminal violation and/or is made in good faith and/or is not fraudulent.[2] The respondent Fidelity framed the main question differently: Is a financial institution immune from private suit under the Bank Secrecy Act when it files a Suspicious Activity Report as required by the Act?

The section in question is unequivocal:

31 USC s. 5318(g)(3) Liability for Disclosures

(A) In general. –Any financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this subsection or any other authority, and any director, officer, employee, or agent of such institution who makes, or requires another to make any such disclosure, shall not be liable to any person under any law or regulation of the United States, any constitution, law, or regulation of any State or political subdivision of any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure.

Leaving aside all the legal arguments, Fidelity’s Opposition Brief includes an interesting description of the policy considerations favoring absolute immunity for financial institutions for filing Suspicious Activity Reports (beginning on page 18, the policy consideration began with “if financial institutions face liability for filing a report …”). As I began reading that section, I (as a former large bank BSA Officer responsible for the filing of well over one million SARs over the years) immediately thought of two things.

First, counsel was (rightly) focused on his client, the financial institution. But as I read the case, I was thinking “what about the BSA Officer who is the FIRST person the plaintiff’s lawyer is going to sue?!” And “who cares about the financial institution that makes a gazillion dollars a year … what about the poor BSA Officer?!”.

After recovering from that, I then thought that the obvious policy consideration favoring absolute immunity was the chilling effect that anything but absolute immunity would have on the way a BSA program is run. Without that absolute immunity, you would need to have multiple layers of review of every possible SAR, quality assurance reviews, testing requirements, auditing of those processes, etc. You would need to have multiple sign-offs on every SAR, then checking and testing of the policies and procedures and processes supporting those sign-offs. You would have checkers checking checkers checking checkers. And with large banks filing hundreds of SARs every business day, the process and personnel requirements to review every SAR for a “good faith” standard, could double the number of people needed to investigate, prepare, and file SARs. (my mind then drifted back to the personal liability of the BSA Officer overseeing such a program and of the supervisors and managers reviewing SARs).

In short, BSA Officers and AML investigations teams would be overwhelmed with oversight, to the point of paralysis. The effect of a limited or qualified immunity would be to have no immunity, and the BSA regime as we know it – monitoring for unusual activity, investigating that activity, and to the best of your ability and based on all the available facts, filing reports of suspicious activity – would end.

But none of that was on the mind of the lawyers. No, they weren’t worried about the potential impact on the suspicious activity reporting regime itself, or the BSA personnel in financial institutions facing personal ruin from plaintiffs/ law suits, they were worried about the burden on the financial institutions and on the institutions’ lawyers and the cost of those lawyers. At page 18 counsel for Fidelity wrote:

“… policy considerations favor absolute immunity. ‘Any qualification on immunity poses practical problems.’ Id. The most immediate problem is ‘a risk of second guessing.’ Id. If financial institutions face liability for filing a report, they may delay reporting or under report. Id. But even where a financial institution has a good-faith belief that a law has been violated, the institution may still think twice before reporting if Petitioners’ view of the law prevailed … In the face of potential litigation burdens of this magnitude, there is a substantial risk that financial institutions would be chilled in the filing of suspicious activity reports. Institutions will certainly think twice before reporting if expensive litigation is the cost of complying with the law. And because institutions file millions of these reports a year, if these reports were subject to litigation, financial institutions would be overwhelmed.”

Now, this is not to say that counsel is wrong. Indeed, he is right: institutions will certainly think twice before reporting suspicious activity if expensive litigation is the cost of doing so. But as a former BSA Officer, I would have felt better if one of the policy considerations favoring absolute immunity for filing Suspicious Activity Reports – even the primary policy consideration – was to protect the men and women on the front lines of financial institutions’ AML programs from second-guessing and personal liability for doing their jobs as best they can: for filing the Suspicious Activity Reports that give law enforcement and intelligence agencies the actionable, timely intelligence they need to protect the financial system from money laundering, terrorism, and other crimes. Not to protect the lawyers.

Interpreting statutes – what does the Supreme Court look at?

There is plenty of case law on how courts interpret a statute, or a part of a statute. An example is a famous case* the US Supreme Court decided in 2015, King et al v Burwell et al, 576 US 988 (2015). This is the “ObamaCare” decision where the Supreme Court was considering the requirement in the law that people had to purchase insurance on an exchange established by their state, or, if there was no such state exchange, the federal exchange. In particular, the Court was considering whether a tax credit was available to individuals who purchased insurance on the federal exchange. The phrase in question was “an Exchange established by the State”, because tax credits were only available to those who purchased insurance on “an Exchange established by the State”. The decision of the majority of the Court was 21 pages long. At the end was the following:

Reliance on context and structure in statutory interpretation is a “subtle business, calling for great wariness lest what professes to be mere  rendering becomes creation and attempted interpretation of legislation becomes legislation itself.” Palmer v. Massachusetts, 308 U. S. 79, 83 (1939).
For the reasons we have given, however, such reliance is appropriate in this case, and leads us to conclude that Section 36B allows tax credits for insurance purchased on any Exchange created under the Act. Those credits are necessary for the Federal Exchanges to function like their State Exchange counterparts, and to avoid the type of calamitous result that Congress plainly meant to avoid.
* * *
In a democracy, the power to make the law rests with those chosen by the people. Our role is more confined—“to say what the law is.” Marbury v. Madison, 1 Cranch 137, 177 (1803). That is easier in some cases than in others. But in every case we must respect the role of the Legislature, and take care not to undo what it has done. A fair reading of legislation demands a fair understanding of the legislative plan. Congress passed the Affordable Care Act to improve health insurance markets, not to destroy them. If at all possible, we must interpret the Act in a way that is consistent with the former, and avoids the latter. Section 36B can fairly be read consistent with what we see as Congress’s plan, and that is the reading we adopt.

The judgment of the United States Court of Appeals for
the Fourth Circuit is Affirmed.

* The case is famous not only because it upheld a main provision of the Affordable Care Act, but also because of the blistering dissent of Justice Antonin Scalia, a dissent that included his famous phrase “interpretive jiggery-pokery”. Among other things, Justice Scalia wrote:

“The Court holds that when the Patient Protection and Affordable Care Act says “Exchange established by the State” it means “Exchange established by the State or the Federal Government.” That is of course quite absurd, and the Court’s 21 pages of explanation make it no less so.” (Dissent, page 1)

Then, after almost 8 pages of examples of the poor reasoning of the majority, Justice Scalia unloads his famous line:

“The Court’s next bit of interpretive jiggery-pokery involves other parts of the Act that purportedly presuppose the availability of tax credits on both federal and state Exchanges.”

Page 12 was, perhaps, an even better line: “For its next defense of the indefensible, the Court turns to the Affordable Care Act’s design and purposes.” And at page 17 is: “Perhaps sensing the dismal failure of its efforts to show that “established by the State” means “established by the State or the Federal Government,” the Court tries to palm off the pertinent statutory phrase as “inartful drafting.” Ante, at 14. This Court, however, has no free-floating power “to rescue Congress from its drafting errors.” Lamie v. United States Trustee, 540 U. S. 526, 542 (2004) (internal quotation marks omitted). Only when it is patently obvious to a reasonable reader that a drafting mistake has occurred may a court correct the mistake.”

And in closing on page 21: “The somersaults of statutory interpretation they have performed (“penalty” means tax, “further [Medicaid] payments to the State” means only incremental Medicaid payments to the State, “established by the State” means not established by the State) will be cited by litigants endlessly, to the confusion of honest jurisprudence. And the cases will publish forever the discouraging truth that the Supreme Court of the United States favors some laws over others, and is prepared to do whatever it takes
to uphold and assist its favorites.  I dissent.”

How did the Supreme Court rule?

The Supreme Court simply denied the petition. But in the original article that appeared on this site, I asked that the US Supreme Court “refuse to take this case up and send it back to the 1st Circuit with an affirmation of the Safe Harbor for banks, lawyers, and BSA Officers alike” and:

To John Roberts and the Supremes, as you consider whether to take this case, please remember the words of Diana Ross and the Supremes:

Stop! In the name of love
Before you break my heart
Think it over
Think it over

[1] https://www.supremecourt.gov/search.aspx?filename=/docket/docketfiles/html/public/19-347.html

[2] An interesting quirk appeared in Annunzio-Wylie. Section 1517, titled “suspicious transactions and enforcement programs”, intended to add subsections (g) and (h) to section 5318 of title 31. As AML practitioners know, 5318(g) is the suspicious activity reporting requirement, and 5318(h) is the AML program requirement. However, section 1517 of Annunzio-Wylie had a typographical error, and instead of adding (g) and (h) to section 5318, it added them to section 5314, the section requiring records and reports on foreign financial agency transactions (the so-called “FBAR” section, or Foreign Bank Account Report section). This typo wasn’t corrected until two years later by section 330017(b) of the Violent Crime Control & Law Enforcement Act of 1994, PL 103-322, enacted on September 13, 1994. That section provided: “Amendment relating to Title 31, U.S.C.— (1) Effective as of the date of enactment of the Annunzio Wylie Anti-Money Laundering Act, section 1517(b) of that Act is amended by striking ‘‘5314’’ and inserting ‘‘5318’’.” In another oddity, one day after the Violent Crime Control Act was sent to the President to be signed, the Money Laundering Suppression Act (MLSA) was sent to the President. The MLSA also included a section to correct the 1992 typo; in fact, section 413(b)(1) of the MLSA was identical to section 330017(b) of the Violent Crime Control Act. Congress made doubly sure to fix the typo!

The Estimate for US Money Laundering – $300 billion a year, or 2% of GDP

The 2015 National Money Laundering Risk Assessment – available at 2015 NMLRA – estimated that the total amount of criminal proceeds generated in the United States was approximately $300 billion, or 2% of gross domestic produce (GDP). The report provided:

“United Nations Office on Drugs and Crime (UNODC) estimated proceeds from all forms of financial crime in the United States, excluding tax evasion, was $300 billion in 2010, or about two percent of the U.S. economy. [Footnote: United Nations Office on Drugs and Crime, Estimating Illicit Financial Flows Resulting From Drug Trafficking and other Transnational Organized Crimes, October 2011.] This is comparable to U.S. estimates. UNODC estimates illicit drug sales were $64 billion, which the DEA believes is a reasonable current estimate, putting the proceeds for all other forms of financial crime in the United States at $236 billion, most of which is attributable to fraud.” (citations omitted)

The figures of $300 billion in 2010 and two percent of the US economy are the midpoints of estimates based on a 2004 report. The UNODC report provided:

“… the criminal income in 2010 (excluding tax evasion) may have amounted to some US$350 bn in the world’s largest national economy [the United States]. This would probably be the upper limit estimate. A lower limit estimate – assuming that the nominal increases found over the 1990-2000 period continued unchanged over the 2000-2010 period, would result in an estimate of around US$235 bn for the year 2010 or 1.6% of GDP. A mid-point estimate would show criminal income of some US$300 bn (rounded) or 2% of GDP for 2010. (UNODC Report, page 20).”

A critical review of the UNODC report, and the reports that it relies on, suggests that these estimates need to updated. For example, the amount of criminal proceeds from illegal drug sales dropped by almost 50% from 1990 to 2010 from $97 billion to $64 billion, but the amount of criminal proceeds from all other crimes (excluding tax evasion), more than doubled in that same period, from $112 billion to $236 billion. And excluding tax evasion is meaningful: the 1990 estimate of tax evasion was $236 billion – dwarfing both drugs and other criminal proceeds.

$300 Billion in Criminal Proceeds – How Much is Reported by Financial Institutions?

We don’t know. But what is interesting about the 2015 National Money Laundering Risk Assessment figure of $300 billion in estimated proceeds of criminal activity, is that it may be reasonably close to the total amount reported in Suspicious Activity Reports. Although FinCEN has not (yet) provided total amounts reported in Suspicious Activity Reports and Currency Transaction Reports, some anecdotal evidence (based on off-the-record discussions with people in the industry) suggests that the average depository institution (bank and credit union) SAR reports approximately $250,000 in suspicious activity, and the average money services business (MSB) SAR reports approximately $35,000 to $40,000. And I’ll guess that all other filers’ SARs average $50,000 each. Using 2018 SAR totals:

Depository Institutions                 975,000 SARs @ $245,000       ~$239 billion

Money Services Businesses          875,000 SARs @ $35,000         ~$   31 billion

“Other” and all other filers          275,000 @ $50,000                   ~$  14 billion

~$284 billion

And if we assume that some of the activity reported in Currency Transaction Reports (CTRs) is, in fact, the proceeds of criminal activity, we could arguably add another $36 billion (18 million CTRs @ $20,000 each with 10% “dirty money”). The total reported by financial institutions in the US is then roughly $320 billion. So US financial institutions may be doing a pretty good job at reporting suspicious activity!

Total Suspected Proceeds of Crime Reported in the US: ~$320 billion. Estimated proceeds of criminal activity in the US: ~$300 billion.

Proceeds of Crime and GDP – Are We Comparing Apples to Oranges?

There is another flaw in comparing the amount of criminal proceeds to global (or national) gross domestic product, or GDP. GDP is a measure of the total final value of everything produced. Its components include personal consumption expenditures, business investment, government spending, and exports less imports (and there is nominal GDP and real GDP, with the latter factoring in inflation). A better measure of the effectiveness of the financial system in identifying, interdicting, and reporting criminal proceeds would be to compare the total amount of criminal proceeds flowing through the financial system to the total amount of funds flowing through the financial system.

The US Financial System – Two Quintilian Dollars A Year

The 2015 National Money Laundering Risk Assessment (pages 35 and 36) estimates that the total amount of FedWire, CHIPS, ACH, debit card, and cash transactions moving through the US financial system in a year is approximately two Quintilian dollars:

“The global dominance of the U.S. dollar generates trillions of dollars of daily transaction volume through U.S. banks, creating significant exposure to potential money laundering activity. The Federal Reserve System’s real-time gross settlement system, Fedwire, which is used to clear and settle payments with immediate finality, processed an average of $3.5 trillion in daily funds transfers in 2014. The Clearing House Interbank Payment System (CHIPS) is the largest private-sector U.S.-dollar funds-transfer system in the world, clearing and settling an average of $1.5 trillion in cross-border and domestic payments daily. CHIPS estimates that it is responsible for processing more than 95 percent of U.S. dollar-denominated cross-border transactions, and nearly half of all domestic wire transactions. The average value of a transaction on Fedwire and CHIPS is in the millions of dollars. The automated clearinghouse network (ACH), through which U.S. banks transfer electronic payments that are not settled in real time, processes more than $10 trillion in transactions annually.”

Converting those daily amounts to annual amounts gives us a total of approximately two Quintilian dollars. Of that, $300 billion is criminal proceeds. Therefore, criminal proceeds make up approximately 0.00000007% of the total amount moving through the American financial system.

The US Government’s National Money Laundering Risk Assessment believes that for every one billion dollars of money flowing through the US financial system, seven dollars is criminal proceeds.

The private sector participants in the US financial system are subject to a regulatory regime that requires them to have complex systems, processes, and programs that collectively cost tens of billions of dollars, if not hundreds of billions of dollars, to develop, operate, and enhance. And the administrative and criminal penalties for failing to have reasonably effective AML programs can be severe. As the 2015 NMLRA concludes (on page 36):

“This exposure to a daily flow of trillions of dollars in transaction volume from large value to small value payment systems requires banks to maintain robust safeguards to minimize the potential for illicit activity. Like any other financial industry, deficient compliance practices and complicit insiders are vulnerabilities, but the stakes are higher for banks given the volume and value of transactions that U.S. banks engage in daily. Preserving the integrity of the U.S. financial system requires that banks effectively monitor and control the money laundering risks to which they are exposed. To this end, banks are required to establish a written AML program reasonably designed to prevent their financial institutions from being used to facilitate money laundering and the financing of terrorist activities. The introduction of illicit proceeds into the financial system is the first and critical step in the money laundering process and banks are most vulnerable to being used for this purpose by criminals. Once illicit proceeds are placed into the financial system, the continued use of banks to move those funds both domestically and internationally can further obscure their criminal origins and facilitate their integration into the system. Therefore, establishing and maintaining an effective customer identification program (CIP) is a key control.”

The American anti-money laundering regime – which is now in its fiftieth year – has been built to identify and report the seven dollars of criminal activity out of every one billion dollars of total activity that flows through that financial system. It is critical that the public and private sectors continue to work together to not only make this regime as effective and efficient as possible; but perhaps because of the daunting task that the private sector has been given – to detect and report the 0.00000007% of activity flowing through the system that is criminal proceeds – the regulatory agencies that examine them for compliance with the regime’s rules and regulations should focus less on how those institutions comply with the rules, and more on how well those institutions provide actionable, timely intelligence to law enforcement.