Banking Superheroes: A Look Inside the Financial Investigations Unit

Financial Investigations Units are the unsung heroes inside banks and brokerages. They protect institutions and their customers from the things that go bump in the night. Most financial services companies above a certain size have one or more financial investigations units (FIUs) to investigate the various threats against the institution or its customers. Missions vary from those that are somewhat narrowly focused on risks, such as card fraud and elder financial fraud to those focused broadly on both insider and external threats against the institution and its customers while BSA and AML and sanctions units command a great deal of regulatory attention.

On a recent episode of the Fraud Eats Strategy podcast, I was joined by Allen Love from TD Bank, Alexandra  “Alex” Sagaro from Raymond James and FTI’s Andrew Rosini for a discussion about FIUs, their mission, challenges and how they go about the process of keeping their organizations and clients safe.  

For those that are less familiar with how financial institutions operate and what their reporting obligations are to law enforcement, all activity centers on Suspicious Activity Reports. The Bank Secrecy Act requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. And one of the primary mechanisms to do that is by filing Suspicious Activity Reports. Traditional depository institutions and credits unions must file SARs but so must broker dealers, casinos, money, service businesses (e.g. Western Union or MoneyGram) and a variety of other institutions that must comply with these rules. These institutions must file SARs on transaction activity and other activities within the institution when they believe it signals criminal activity. A wide variety of suspected crimes can and should be reported via SARs. That can be money laundering, tax evasion, teller theft, insider trading, securities fraud, embezzlement and cyber incidents.

FIUs have the same suspicious activity report filing obligations as their AML and sanctions counterparts. It's mandatory to file a suspicious activity report when there are suspected fraud involving insiders in any amount of money, known persons suspected of crimes of $5,000 or more, unknown persons suspected of crimes of $25,000 or more, and transactions totaling $5,000 or more that may involve money laundering or other illegal activity. A SAR also must be filed if the transactional activity is designed to evade the Bank Secrecy Act (BSA) or has no business or apparent lawful purpose such as multiple cash deposits just below the $10,000 currency transaction reporting threshold and round dollar amounts that go back and forth into multiple accounts for no apparent reason.

There's a variety of activity that an institution must monitor and investigate. The SAR itself will contains really important information for law enforcement and the government agencies who rely on this information including institutional and individual parties involved in a transaction, volumes and amounts, the activity patterns along with identifying information like names and addresses and other details that law enforcement and other government agencies will use in their investigations. SARs are all sent to a part of the U.S. Department of the Treasury called the Financial Crimes Enforcement Network (FinCEN) – The U.S. government’s national financial intelligence unit. When the individual SAR reports get combined with other data collected by law enforcement and intelligence agencies, it really helps to connect the dots in a government investigation.

FinCEN not only acts as a clearinghouse and data repository to share information with U.S. law enforcement agencies, it also analyzes the huge volumes of SAR data that it receives and shares the results of those analyses publicly to assist financial institutions and other interested parties to better understand the threats posed by money laundering and other financial crimes, evolving trends, transactional patterns and typologies to better equip compliance officers to identify and counter financial crime within their organizations. 

Financial Investigations Units are not well understood. FIUs programmatically investigate fraud and money laundering activity within financial institutions. In order for other key individuals within the organization to understand and take full advantage of what the FIU can do to safeguard the organization, it requires that FIU leaders to engage with leaders and the rank and file and continuously communicate the mission, successes, emerging threats and the various ways that they are safeguarding the institution. Without that dialogue, senior leadership and board members are not able to fully understand and support the FIU mission making it nearly impossible for the FIU to operate effectively. 

Equally important to the FIU mission is to inform, communicate and educate front line personnel who are interacting with customers on how to spot potentially suspicious activity, raise red flag awareness and ongoing efforts at mitigating risk. FIUs also identify emerging trends, perform trend analysis and seek to align mitigation frameworks with evolving fraud threats. It is also important for FIUs to understand things like seasonality and other factors that contribute to spikes in fraudulent activity. 

For example, when the CARES Act stimulus package came out, it created a lot of fraud volatility with the huge influx of Paycheck Protection Plan loan applications that had to be approved inside of a 10-day window. Another evolving threat is cyber-attacks. Business email compromise schemes, account takeovers, synthetic identity theft, and ransomware attacks are all increasingly dramatically both in the number of cases and their sophistication. Financial crimes and fraud are often cyber-enabled such that FIUs and cyber security units must work in close coordination. In response, numerous major institutions have created fusion centers to better coordinate their response to the combined threats posed by cyber-crime, fraud, money laundering and sanctions.

Global financial institutions have multiple financial products and information systems (some of which may be antiquated), lines of business, different customer types, various regulators spanning numerous geographies and cultures all of which factor into how to operate and also investigate fraud effectively across an international footprint. It’s impossible for an FIU to be a complete microcosm of the institution with all of that institutional knowledge compressed into a unit with limited headcount. In order to meet the challenge of taking on those variables and operating effectively in a global, diverse organization, collaboration with other parts of the organizations and external parties is key to the successful operation of a FIU. 

The American Bankers Association advises fraud professionals to establish rapport with law enforcement partners which is of course critically important. Partnerships within the institution are equally important – particularly with some financial products that are difficult to understand and complex to investigate. There is a popular misconception that a FIU should be made up entirely of former law enforcement. While the law enforcement background is an important underpinning of any FIU, the most effective units draw from wide-ranging pool of backgrounds that include law enforcement, banking, bank regulatory, commercial lending, credit cards, data analytics, legal and information technology. In fact, when you bring people into the unit from the business, they provide a completely different lens through which to examine an increasingly complex caseload. It also important to establish informal lines of communication with FIUs within peer institutions. There typically isn’t a lot of turnover within an FIU and without that external benchmarking and sounding board option, FIUs risk acting like an echo chamber of similarly narrow, institution centric points of view that could bias investigations and limit a unit’s effectiveness. 

FIUs are an essential part of a financial institution’s ability to operate in compliance with anti-money laundering and financial crime regulations. More importantly though, they sit at the intersection between bank leadership, line personnel, customers and law enforcement in safeguarding the institution and its customers from would be criminals.  Next time you get a text from your bank confirming that a credit card transaction or wire transfer from your account is you, thank those unsung heroes inside your bank. 

To hear the full Fraud Eats Strategy podcast episode with Allen Love, Alex Sagaro and Andrew Rosini, click here.  https://podcasts.apple.com/us/podcast/financial-investigations-units-special-investigations/id1527816335?i=1000502568160

Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions