Cyber Incident Victim: Financial Crimes Enforcement Network
Date:
Sep 2020
Location:
United States of America
Summary
A significant leak of over 2000 suspicious activity reports from the US Financial Crimes Enforcement Network exposed approximately $2 trillion in transactions linked to alleged money laundering by Russian oligarchs, organized crime groups, and political donors. Global financial institutions, including HSBC, Barclays, JPMorgan, and Deutsche Bank, were implicated in facilitating illicit fund movements, with the UK identified as a high-risk jurisdiction due to thousands of involved firms. The breach revealed systemic failures in preventing criminal financial activity, such as sanctions evasion through art purchases and connections between foreign political figures and donors. The agency condemned the unauthorized disclosure as a crime endangering national security and referred the matter to law enforcement authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 20, 2020, multiple media outlets began reporting on a trove of leaked suspicious activity reports (SARs) filed with the U.S. Financial Crimes Enforcement Network (FinCEN). The documents, numbering over 2000 and spanning from 2000 to 2017, were disclosed to journalists in an apparent whistleblowing operation targeting systemic failures in anti-money laundering controls. These SARs—submitted by global financial institutions to flag potential criminal activity—revealed approximately $2 trillion in transactions linked to illicit actors, including Russian oligarchs, organized crime groups, and prominent political donors. The leak demonstrated how sanctioned entities circumvented restrictions through high-value art purchases in London and exposed financial ties between a major Conservative Party donor and a close ally of Russian President Vladimir Putin. Former Trump campaign manager Paul Manafort was also identified in one of the reports. Institutions named as conduits for these transactions included HSBC, Barclays, JP Morgan, Standard Chartered, and Deutsche Bank. The United Kingdom emerged as a focal point, with FinCEN designating it a "higher risk jurisdiction" due to over 3000 UK-based firms appearing in the leaked documents. While the SARs represented only a fraction of those filed during the 17-year period, they underscored persistent deficiencies in tracking illicit finance despite regulatory requirements for banks to verify client identities and halt prohibited transactions.
FinCEN attributed the unauthorized disclosure to an internal source, given the reports originated from multiple financial institutions, and formally referred the matter to the U.S. Department of Justice and Treasury’s Office of Inspector General for investigation. In a public statement dated September 20, the agency condemned the leak as a criminal act that jeopardized national security, compromised active law enforcement operations, and endangered the safety of individuals and institutions filing SARs. The incident drew comparisons to prior large-scale whistleblower disclosures like the Panama Papers and Paradise Papers, highlighting systemic challenges in combating money laundering. Analysts cited in the reports noted the difficulty of quantifying global illicit financial flows, with UN estimates suggesting money laundering could account for 5% of worldwide GDP ($7 trillion annually), while European authorities reportedly intercept only 1% of illegal proceeds. The leaked SARs did not allege wrongdoing by the banks themselves but revealed patterns of high-risk transactions that evaded detection or intervention despite being flagged through official channels.