Leaked FinCEN files expose poor data security
Wednesday, September 23, 2020
Leaked documents, dubbed the “FinCEN Files,” describing global money laundering of $2 trillion processed by many of the world’s biggest banks between 2000 and 2017 illuminates the financial industry and government struggle to provide ironclad data protection and flagging attempts to prevent spectacular financial crimes.
“This sensational and unprecedented leak clearly demonstrates a wide spectrum of data protection weaknesses in the governmental sector, affecting even the most developed Western countries,” Ilia Kolochenko, founder and CEO of ImmuniWeb, said of the files.
“From a cybersecurity standpoint, we may expect a growing lack of trust to governmental agencies, which on one side have quasi-unlimited access to the most sensitive data of the largest organizations, while cannot duly safeguard this data on the other side,” he said.
The latest disclosure exposing apparently insufficient attempts by the public and private sectors to curb corruption came to light in a BuzzFeed News report which detailed more than 2,500 reported cases, including 2,100 Suspicious Activity Reports (SAR) filed by financial institutions with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
Other similar investigative reports on similar wrongdoing focused single financial, tax or legal institutions, such as the 2017 Panama Papers emanating from clients of the law firm Mossack Fonseca. But the FinCEN docs reveal that a wide array of people from oligarchs and corrupt politicians to drug dealers and organized crime throughout the world know how to circumvent the system’s supposed checks and balances.
To restore confidence, Kolochenko said, calling for a transparent investigation to restore confidence.
FinCEN on Sept. 16 solicited comments solicit public comments due in 60 days on a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act, including FinCEN’s Strategic Anti-Money Laundering Priorities.
What is most concerning to him is that when funds at this scale are being moved around, the nature of potential security issues becomes exponentially more complicated, he added.
From a legal standpoint, Kolochenko said the organizations and other entities cited in the Buzzfeed research, may have a cause of action against many parties potentially accountable for negligent data protection and possible non-compliance with the enacted data protection laws.
“However, the chances to prevail in a court of law are fairly small,” Kolochenko admitted. “Moreover, given the extremely delicate and toxic nature of the exposed documents, they are better to discreetly settle the matter,” he said, predicting a further hardening of data protection laws that could “dramatically exacerbate the situation if implemented too rapidly or overbroadly.”
On Sept. 1, in response to expected media reports resulting from the BuzzFeed story, FinCEN issued a press release that stated the “unauthorized disclosure of SARs is a crime that can impact the national security of the United States, compromise law enforcement investigations, and threaten the safety and security of the institutions and individuals who file such reports.” FinCEN said it referred this matter to the U.S. Department of Justice and the U.S. Department of the Treasury’s Office of Inspector General. Buzzfeed did not make available the actual SARs in Wikileaks style, but rather described their contents. Read Full Article
The Fintech Times: The FinCEN Files: How Criminals Moved Trillions of Money Through JP Morgan, HSBC and More
TechHQ: When cyberattacks cost lives, not just digital damage