Banking Superheroes: A Look Inside the Financial Investigations Unit

Financial Investigations Units are the unsung heroes inside banks and brokerages.  They protect institutions and their customers from the things that go bump in the night.  Most financial services companies above a certain size have one or more financial investigations units (FIUs) to investigate the various threats against the institution or its customers. Missions vary from those that are somewhat narrowly focused on risks, such as card fraud and elder financial fraud to those focused broadly on insider and external threats against the institution and its customers.

On a recent episode of the Fraud Eats Strategy podcast, I was joined by Allen Love from TD Bank, Alexandra “Alex” Sagaro from Raymond James and FTI’s Andrew Rosini. We discussed FIUs, their mission, challenges and how they go about the process of keeping their organizations and clients safe.   

For those that are less familiar with how financial institutions operate and what their reporting obligations are to law enforcement, all activity centers on Suspicious Activity Reports (SARs). The Bank Secrecy Act requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. And one of the primary mechanisms to do that is by filing Suspicious Activity Reports. Traditional depository institutions and credit unions must file SARs, but so must broker-dealers, casinos, money services businesses (e.g. Western Union or MoneyGram) and other institutions that must comply with these rules. These institutions must file SARs on transaction activity and other activities within the institution when they believe it signals criminal activity.  A wide variety of suspected crimes can and should be reported via SARs.  That can be money laundering, tax evasion, teller theft, insider trading, securities fraud, embezzlement and cyber incidents.

FIUs have the same SAR filing obligations as their AML and sanctions counterparts. It is mandatory to file a suspicious activity report when there is suspected fraud involving insiders in any amount of money. Known persons suspected of crimes of $5,000+, unknown persons suspected of crimes of $25,000+, and transactions totaling $5,000+, that may involve money laundering or other illegal activity must also be reported. A SAR also must be filed if the transactional activity is designed to evade the Bank Secrecy Act (BSA) or has no business or apparent lawful purposes. Such as multiple cash deposits just below the $10,000 currency transaction reporting threshold and round dollar amounts that go back and forth into multiple accounts for no apparent reason.

There is a variety of activities that an institution must monitor and investigate. A SAR will contain important information for law enforcement and the government agencies who rely on this intelligence. This includes institutional and individual parties involved in a transaction, volumes and amounts, the activity patterns along with identifying information like names and addresses and other details that law enforcement and other government agencies will use in their investigations. SARs are all sent to a part of the U.S. Department of the Treasury called the Financial Crimes Enforcement Network (FinCEN) – The U.S. government’s national financial intelligence unit. When the individual SAR reports get combined with other data collected by law enforcement and intelligence agencies, it helps to connect the dots in a government investigation.

FinCEN not only acts as a clearinghouse and data repository to share information with U.S. law enforcement agencies, but it also analyzes the huge volumes of SAR data that it receives and shares the results of those analyses publicly to assist financial institutions and other interested parties to better understand the threats posed by money laundering and other financial crimes, evolving trends, transactional patterns and typologies to better equip compliance officers to identify and counter financial crime within their organizations. 

Financial Investigations Units are not well understood. FIUs programmatically investigate fraud and money laundering activity within financial institutions. For other key individuals within the organization to understand and take full advantage of what the FIU can do to safeguard the organization, it requires that FIU leaders engage with leaders and the rank and file within their institutions and continuously communicate the mission, successes, emerging threats and the various ways that they are safeguarding the operation. Without that dialogue, senior leadership and board members are not able to fully understand and support the FIU mission making it nearly impossible for the FIU to operate effectively. 

Equally important to the FIU mission is to inform, communicate and educate front line personnel who interact with customers on spotting potentially suspicious activity, to raise red flag awareness and ongoing efforts at mitigating risk. FIUs also identify emerging trends, perform trend analysis and seek to align mitigation frameworks with evolving fraud threats. It is also important for FIUs to understand seasonality and other factors that add to spikes in fraudulent activity. 

For example, when the CARES Act stimulus package came out, it created a lot of fraud volatility with the influx of Paycheck Protection Plan loan applications that had to be approved inside of a 10-day window. Another evolving threat is cyber-attacks. Business email compromise schemes, account takeovers, synthetic identity theft, and ransomware attacks have all increased dramatically in the number of cases and their sophistication.  Financial crimes and fraud are often cyber-enabled such that FIUs and cybersecurity units must work in close coordination. In response, numerous major institutions have created fusion centers to coordinate their response to the combined threats posed by cyber-crime, fraud, money laundering and sanctions.

Global financial institutions have multiple financial products and information systems  (some of which may be antiquated), lines of business, different customer types, various regulators spanning numerous geographies and cultures all of which factor into how to operate and also investigate fraud effectively across an international footprint. An FIU cannot be a complete microcosm of the institution with all of that institutional knowledge compressed into a unit with a limited headcount. To meet the challenge of taking on those variables and operating effectively in a global, diverse organization, collaboration with other parts of the organizations and external parties is key to the successful operation of an FIU. 

The American Bankers Association advises fraud professionals to establish rapport with law enforcement partners which is critically important. Partnerships within the institution are equally important – particularly with some financial products that are difficult to understand and complex to investigate.  There is a popular misconception that an FIU should be made up entirely of former law enforcement.  While a law enforcement background is an important underpinning of any FIU, the most effective units draw from a wide-ranging pool of backgrounds. These include law enforcement, banking, bank regulatory, commercial lending, credit cards, data analytics, legal and information technology.  When you bring experienced people, they provide a completely different lens to examine an increasingly complex caseload. It is also important to establish informal lines of communication with FIUs within peer institutions.  There typically isn’t a lot of turnover within an FIU and without that external benchmarking and sounding board option, FIUs risk acting like an echo chamber of similarly narrow, institution centric points of view that could bias investigations and limit a unit’s effectiveness. 

FIUs are an essential part of a financial institution’s ability to operate in compliance with anti-money laundering and financial crime regulations.  More importantly, though, they sit at the intersection between bank leadership, line personnel, customers and law enforcement in safeguarding the institution and its customers from would-be criminals.   Next time you get a text from your bank confirming that a credit card transaction or wire transfer from your account is you, thank those unsung heroes inside your bank. 

To hear the full Fraud Eats Strategy podcast episode with Allen Love, Alex Sagaro and Andrew Rosini, click here.  

Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: