JP Morgan and the OPL245 scandal: What are Suspicious Activity Reports?

US banking giant JP Morgan has claimed in court that the UK’s anti-money laundering authorities gave them consent to transfer $875m to a convicted money-launderer.

But how is such a jaw-dropping state of affairs even possible?

Meet the UK’s Proceeds of Crime Act (Poca), which criminalises money laundering but also includes plenty of loopholes and has created a number of perverse incentives for bankers and coppers alike.

Money laundering, just so we are clear, is defined in Poca as the concealing, disguising, converting, transferring or removing of criminal property.

Banks are particularly vulnerable to money laundering offences because they move money all day, every day.

Under Poca, they are required to report “knowledge or suspicion” of money laundering to UK law enforcement.

Failure to report is a criminal offence which can theoretically land a banker behind bars for up to five years. It is also an offence for a bank to tip off a customer that they have been reported.

Others who must report suspected money laundering include accountants, tax advisors, law firms, estate agents and casinos.

What are SARs? Banks submit suspicious activity reports, or SARs, to the UK Financial Intelligence Unit (UKFIU), an agency that fell under under the former Serious Organised Crime Agency (Soca).

Soca rebooted in 2013 to become the National Crime Agency (NCA).

Under the NCA the UKFIU continues to be responsible for administering the SAR regime.

The UKFIU processes SARs onto a database – endearingly known as ELMER — which can be accessed by other UK law enforcement agencies and by international financial intelligence units.

Banks can specifically submit a Defence Against Money Laundering SAR, or Defence SAR, which, provided they submitted the SAR before they acted, gives them an automatic defence against Poca’s money laundering offences.

This is what JP Morgan appears to have done in 2011 and again in 2013, when they received instructions from the Nigerian Finance Minister to pay millions of dollars to a company the bank admits it knew was associated with the money launderer.

In court papers filed to defend itself from a claim of negligence by the current Nigerian government, JP Morgan says it “received consent from the Serious Organised Crime Agency before making the payments”.

Alternatively, it says that it made $801,5m in payments in 2011 “only after … obtaining consent from Soca”.

But what does this mean in practice? Once a bank has submitted a defence SAR, there is a “notice period” of seven working days while it awaits “consent” from the UKFIU.

If the bank does not hear back from the UKFIU within the notice period, the Act says it has obtained “appropriate consent” to proceed with the suspected payment.

If the UKFIU refuses consent within this period, Soca has a further “moratorium period” of 31 calendar days to investigate and “restrain”, or freeze, the intended transfer.

Again, if the bank does not receive notice from the UKFIU after 31 days, it is deemed to have consent and can proceed with the transfer.

On one occasion, in July 2013, Soca refused JP Morgan consent for a requested payment of $74m — but made a U-turn a few weeks later.

The NCA’s most recently published guidelines for requesting a defence SAR suggest that, even in cases where it may have reason to suspect money laundering, it may decide not to act: “Where there is no likelihood of restraint or other action within a moratorium period then, in most cases, it would not be proportionate for the NCA to refuse.”

In other words, the NCA has to weigh up whether it can investigate and persuade a court it has sufficient evidence to obtain a freezing order in under a month.

However, an NCA spokesperson pointed out that a defence SAR is not an absolute defence against money laundering: “Responsibility for undertaking the transaction or activity, or not undertaking it, remains with the reporting organisation.”

The guidelines add that although banks may obtain a defence under Poca, there are other criminal offences “including those in the Money Laundering Regulations 2007, Bribery Act 2010, Fraud Act 2006, etc” in which it does not.

Perverse incentives The pre-emptive nature of the SAR defence has incentivised banks to flood the UKFIU with them in ever greater numbers.

A government review of the SAR regime, published in 2016, said that Poca had driven “a significant level of defensive reporting, where reports are made more because of concerns regarding a failure to comply … than because of genuine suspicion”.

It observed: “This places a burden on the regime and detracts from a focus on serious and organised crime.”

This is reflected in the NCA’s most recently available SAR statistics: defence SARs doubled from around 14,500 a year in 2014 to more than 27,000 in 2017.

Over the same period, the percentage of defence SARs which the UKFIU refused fell from 9.4% to 5.7%.

The 2016 government review also stated that both the banks and law enforcement agencies viewed the UKFIU’s technical infrastructure and resources as “inadequate”.