News & Press: ACFCS News

Senior FinCEN official arrested for leaking SAR data to news reporter about Trump advisers, Russia

Friday, October 19, 2018   (0 Comments)
Posted by: Brian Monroe
Share |

By Brian Monroe
bmonroe@acfcs.org
October 19, 2018

Federal authorities have arrested a senior U.S. Treasury department official for allegedly leaking thousands of confidential financial crime compliance program filings, including details about a high-profile investigation into potential ties between arch foe Russia and the president’s election campaign.

The official in question, Natalie Mayflower Sours Edwards, is a senior adviser for the Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit, which holds untold millions of anti-money laundering (AML) filings sent by financial institutions in the form of suspicious activity reports (SARs) and currency transaction reports (CTRs).

The FinCEN database is a treasure trove of information as it contains details on any transaction a bank, money services business, securities firm and other entity subject to formal AML rules felt rose to the level of “suspicious” and involved more than $5,000. Banks file CTRs any time a transaction involves more than $10,000.

In an 18-page criminal complaint, authorities detail nearly a dozen stories published by news site, BuzzFeed, over the course of a year where Edwards served as a secret source, handing over specific details on individuals and related financial transactions, which potentially revealed monetary support for Russian meddling during the 2016 presidential campaign.

The apparent goal was to uncover concrete financial linkages between these Russian activities and associates of President Donald Trump, including now convicted felon Paul Manafort, his former campaign manager, Paul Gates, the Russian embassy, and others.

To read the press release, click here. To read the complaint, click here.

Edwards allegedly “betrayed her position of trust by repeatedly disclosing highly sensitive information contained in” SARs to an “individual not authorized to receive them,” U.S. Attorney Geoffrey Berman said in a statement. 

“SARs, which are filed confidentially by banks and other financial institutions to alert law enforcement to potentially illegal transactions, are not public documents, and it is an independent federal crime to disclose them outside of one’s official duties,” he said.

Agents arrested Edwards in Virginia on Friday, charging her with one count of unauthorized disclosures of SARs and one count of conspiracy to make unauthorized disclosures of SAR. Each charge carries a maximum penalty of five years in prison and a fine of $25,000.

Federal agents Tuesday carried out court orders to search Edwards’ phone and home. She made court appearances on Wednesday and was later released into the custody of her parents on a $100,000 personal recognizance bond.

She didn’t enter a plea but a formal indictment is expected in the coming weeks, according to media reports.

Edwards alleged acts are laid out in the complaint crafted by FBI Special Agent Emily Eckstut. When first arrested, Edwards denied involvement with any leaks, but later stated they had to be done as she was a whistleblower.

Multiple publications noted she had filed a formal whistleblower complaint and reached out to members of Congress.

Several of the articles in recent weeks published in the Buzzfeed series were explosive, noting financial trails involving Russian tycoon Emin Agalarov, who is reportedly at the epicenter of a mid-2016 meet up between Russian minions and Trump campaign chiefs.

What was said, who agreed to what and what was later carried out, including financial and other back-scratching, has been at the heart of special counsel Robert Mueller’s investigation and been the subject of wide speculation by pundits aplenty.

FinCEN leak an AML ‘worse case scenario’

But it was no surprise someone – in this case allegedly Edwards – made the connection that if there were incriminating details to be had in the Russia probe, they could be buried somewhere in the terabytes upon terabytes of data housed in FinCEN’s AML database.

FinCEN is the main repository for this information, which allows bureau analysts to engage in proactive investigations to uncover large-scale criminal trends, details then shared with banks and other government agencies with purview over crushing criminal and terror networks and defending the nation against foreign and domestic threats.

Beyond FinCEN sharing the results of its own database analyses, all of the major U.S. federal investigative agencies, and many state and local police forces, have remote access to the FinCEN database directly to query for details to form the foundation of a case or attempt to break new ground in current investigations related to companies, individuals, regions and more.

Moreover, while several government agents in recent years – typically those involved in national security – have been arrested and sentenced for improperly handling classified information, for a FinCEN analyst to be sanctioned for mining the database to allegedly get dirt on political foes, then steal the data itself, possibly targeting even the current U.S. president, is exceedingly rare.

But for those in AML compliance and investigative circles, this situation – along with a few others – was always a “worst case scenario” waiting to happen.

In conferences and conversations, whenever the subject of FinCEN, SARs and CTRs came up, one professional would invariably turn to another and say, “Wow, I wonder what would happen if some analyst or investigator had an agenda or ax to grind, and just decided to ping the database for themselves to find skeletons in the closet of a cross-party adversary, ex-boss or ex-wife.”

The response was always the same: whoever ever did something like that could, and likely would, find confidential information that could seriously tarnish the reputation of a captain of industry or political powerbroker – the information in the FinCEN database is that powerful.

Beyond that, while a terrible breach of trust, the law and shaking of the confidential foundations the whole of the AML compliance world is built on, illicit use of the data by a jaded employee is actually one of the milder of the nightmare scenarios that could befall FinCEN and its coveted database.

What’s worse?

Here are two other situations FinCEN is doing its best to guard against: what would happen if a criminal hacker, through stealing the login credentials of a database user or abusing a software vulnerability, gained access to the database and downloaded all or some of the information?

They could then sell those details to the highest bidder among a cabal of illicit groups so that criminal groups could know what every bank has on them, and potentially every past or current government investigation – crippling who knows how many ongoing cases.

But even as bad as that could be, there is one involving FinCEN that would likely be considered the most feared of all: what if a hacker gained access to the database itself and rather than trying to steal or download it, introduced a virus or other insidious piece of malware that destroyed some or all of the data altogether. 

Such move would broadly hamstring many domestic and international, complex financial crime cases, which rely on details in the FinCEN database to initiate and strengthen cases and pull together seemingly disparate sources of information to crack the diffuse, hidden trails of savvy organized criminal groups who are actively trying to mask their touchpoints with the formal financial system. 

SAR spigot turned on

In the case of Edwards, she had very specific individuals and firms she was focusing on, allegedly working with an unnamed a co-conspirator at FinCEN, described as an associated director, in a bid to support the Buzzfeed reporter.

While not named in the complaint, the journalist publicly tied to the articles listed in the complaint is widely known as Buzzfeed author Jason Leopold.

The unnamed associate director also exchanged more than 300 messages with the reporter, according to the complaint, with investigators eventually securing court approval to tap the person’s phone to monitor the messages and their contents.

“The illegally disclosed SARs pertained to, among other things, Paul Manafort, Richard Gates, the Russian Embassy, Mariia Butina, and Prevezon Alexander,” according to investigators.  

Edwards “had access to each of the pertinent SARs and saved them – along with thousands of other files containing sensitive government information – to a flash drive provided to her by FinCEN,” according to court documents. 

She transmitted the SARs to the reporter through phone photos and texts over an encrypted app, but that was not all.  

The complaint also notes Edwards also forwarded “internal FinCEN emails appearing to relate to SARs or other information protected by the [Bank Secrecy Act], and FinCEN non-public memoranda, including Investigative Memos and Intelligence Assessments published by the FinCEN Intelligence Division, which contained confidential personal, business, and/or security threat assessments.” 

When she was arrested, authorities stated Edwards “was in possession of a flash drive appearing to be the flash drive on which she saved the unlawfully disclosed SARs, and a cellphone containing numerous communications over an encrypted application in which she transmitted SARs and other sensitive government information” the reporter.

Deputy AG evokes Spider-man to teach on breaches

In a twist seemingly presaging the formal announcement of Edwards’ arrest, Deputy Attorney General Rod Rosenstein stressed the importance of strong data security and confidentiality of AML documents in a speech in Washington, D.C. before federal watchdog groups.

“Preventing inappropriate disclosures of confidential information is one of the important issues I focused on during the past year,” he told attendees Wednesday. “Disclosing non-public, sensitive information you learn as a government employee may jeopardize an investigation or case; prejudice a defendant’s rights; or unfairly damage a person’s reputation.”

“It also can violate federal laws, employee non-disclosure agreements, and individual privacy rights,” he said. “In some cases, it may put a witness or law enforcement officer in danger.”

He noted that whistleblowers are vital and there should be avenues to “come forward, but it is important to make clear that there are lawful ways to report wrongdoing, either to agency supervisors or to internal watchdogs, without making improper disclosures.”

Such leaks “undermine public confidence and harm innocent people,” he wrote, noting that working for the government and having access to such sensitive information incurs a certain duty to protect it with integrity.  

“In the courtyard of the Department of Justice headquarters, there is a Latin inscription that reads, ‘Privilegium Obligatio. It means that when you accept a privilege, you incur an obligation,” he said.

“The point is made more precisely in a remark attributed to French Enlightenment philosopher Voltaire: ‘With great power comes great responsibility.’”

“If that quotation sounds familiar, it was also said by another well-known philosopher — Spider-Man’s Uncle, Ben Parker,” he said. “You hold a position of trust, and public respect for government depends in large part on whether or not you live up to that trust.”


©2018 Association of Certified Financial Crime Specialists
All Rights Reserved