It's difficult to outdo the crypto community when it comes to making bold quantitative claims that, stripped out of context, mislead the incautious. But Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco recently came close.
In remarks last week to the annual (and, alas, virtual) Consensus conference for crypto professionals and enthusiasts, Blanco declared that, "since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (SARs) involving virtual currency exploitation." That impressive figure was bound to get attention—and it did. The speech is also likely to reinforce the widespread view that cryptocurrency is a hotbed of financial crime. But Blanco omitted to say that, in 2019 alone, financial institutions filed more than 2.3 million SARs regarding all sorts of transactions, and that, according to FinCEN's own statistics, virtual currency SARs make up just 0.56 percent of all such reports filed since 2014.
Whom to believe—Blanco, or his agency's numbers? Were FinCEN an obscure or unimportant agency, the answer might not matter very much. But as the U.S. Treasury Department's illicit finance watchdog, FinCEN is a crucial enforcer of financial regulations—ones which, according to a 2018 survey, community bankers consider the costliest to comply with. Yet, despite FinCEN's significance, the SAR database (FinCEN's main resource for law enforcement) is bloated and opaque, and the usefulness of its contents impossible for outsiders to evaluate. Blanco ostensibly believes that crypto is a source of growing mischief. But absent major improvements to FinCEN's database and reporting, that hunch will remain unverifiable.
To be sure, Blanco's agency is relatively underresourced despite its leading role in writing and enforcing the Bank Secrecy Act's many rules. Its 333 employees and $118 million budget look paltry in comparison with another Treasury agency, the Office of the Comptroller of the Currency (3,699 employees and $1.09 billion), and independent financial regulators such as the Consumer Financial Protection Bureau (1,465 and $510 million) and the Securities and Exchange Commission (4,350 and $2.5 billion). Although FinCEN delegates BSA-related supervision to the primary regulators of different financial institutions, only it has overall authority for enforcement of the statute.
Perhaps owing to its limited resources, FinCEN has tended to deputize financial institutions to perform the oversight that other regulators undertake directly. For example, BSA regulations require banks and others to collect, verify, and maintain an up-to-date record of their customers' personal information, such as their name, address, date of birth, and taxpayer identification number. They must also develop due diligence policies designed to subject risky customers to additional scrutiny. Since May 2018, FinCEN has also required financial firms to collect beneficial ownership information from their corporate accountholders, so that they might include it in their SARs.
Shifting the bulk of the BSA's burden to the private sector serves to conceal its weight. But the regulations are onerous, whatever view one holds of their impact on financial crime. According to FinCEN's own conservative estimate, over the next decade financial institutions may spend as much as $1.5 billion just to comply with its May 2018 rule. That figure only reflects direct compliance costs: staff training, longer account opening processes, and so on. The indirect costs of FinCEN's regulations may, however, be even greater. For instance, their adverse impact on banks' willingness to take on customers FinCEN might deem risky is substantial. Residents of border states who hold foreign passports, conduct cross-border business, and deal in cash are particularly affected. While these residents may fit the BSA's archetype of a money launderer, most are not criminals. But banks may shun them all because serving them isn't worth the extra due diligence cost.
Banks' strong desire to avoid considerable penalties and reputational damage makes them eager to avoid falling foul of BSA regulations. But this precautionary zeal comes at the cost, not only of lost business, but of resources that might be employed much more productively elsewhere. One example of waste is so-called "defensive reporting": among the 2.3 million SARs filed in 2019, more than 11 percent (262,987) bore the tag "Other Other Suspicious Activity," hinting that the reports were filed only as a precaution.
Such precaution may be warranted in certain cases. Perhaps a few defensive SARs have even helped to bring financial criminals to justice in the past. It's difficult to know because FinCEN doesn't make such information publicly available. Still, many experts point out the alarming rate of "false positive" reports, a finding that should concern advocates of greater financial inclusion because SARs are a decisive factor in banks' decision whether to close customer accounts. And while some of the SARs with imprecise tags like "Other Other" include additional, more specific classifiers, many don't. Again, one can't know the exact proportion of each because FinCEN's public database doesn't list information on individual reports.
In forums public and private, FinCEN officials often state that criminal financial activity is on the rise, that they need all the information they can get from financial institutions, and that every single report counts. But most of the time, FinCEN's word is all the supporting evidence outsiders can hope for. That must change. If, as Director Blanco has repeatedly suggested, financial malefactors are warming up to cryptocurrency, FinCEN should be the first to take this trend seriously by listing "virtual currency" (the agency's preferred term) as a discrete SAR category. FinCEN should also take a leaf out of the CFPB's book and release regular reports about suspicious activity trends across the financial system, as the Bureau does for consumer finance trends. Despite mounting SARs, FinCEN has published very little in the last 15 years on the growth of new payments instruments. Yet greater provision of information and data may help not only to alert market participants to rising threats, but to clear up the cloud of suspicion that presently hovers over the crypto industry.
If Blanco is serious about demonstrating his agency's efficiency and value, he must be transparent with policymakers and the public. Any other approach is likely to hobble beneficial financial activity, without deterring those who seek to undermine our security.
 The SARs database on FinCEN's website yields 12,533,814 reports since 2014. Data for 2013 are unavailable.