When to Hold ‘Em
and When to File ‘Em- A two Part Series on SAR Filings
Part Two- The Decision
In the first part of this series we noted that Suspicious
Activity Reports (“SARs”) are an essential part of the world financial crimes
monitoring network. There are analysts
at an agency called FinCen that read all of the SARs and capture data about the
various schemes that criminals employ in attempts to launder money. We also noted that filing of SARs has become
an area of stress for BSA staff at financial institutions. On one hand, there is a concern that failure
to file a SAR might result in criticism by regulators. There are also concerns
that filing SARs is a pointless exercise that creates more administrative work
and accomplishes little. After all, a proper
filing involves research transactions, performing analysis and drawing
conclusions that must be documented.
Moreover, almost all SAR’s require a second filing 90 days later to
discuss whether the suspected activity has continued.
At the end of the day, whether or not a SAR should be filed
is the decision of the financial institution.
It is the expectation of regulators that this decision should be part of
a well-established and defined process.
According the FFIEC BSA examination manual the process should include
five component parts; identification of unusual activity, managing alerts, SAR decision
making, SAR completion and Monitoring on continuing activity.
- Identification or alert of unusual
activity; This is the part
of any BSA compliance program that combines human intelligence and
software. All financial institution
staff are required to receive annual training on BSA/AML. One of the main reasons for this
requirement is that staff is expected to be able to identify activities that
don’t fit into normal patterns or activities for their customers. For example, a longtime customer who
normally receives his payroll and pay bills out of his account suddenly
deposits $15,000. The expectation
is that the staff members of the institutions should gently, but firmly
find out the source of this unusual deposit. Of course there are many reasonable
answers for how the customer came across this money.
Monitoring software should perform
a similar functions. The whole point of
using software is to aggregate transactions so of a customer so that any
transactions that fall outside of the normal or expected create an alert and
follow-up.
- Managing Alerts: Managing
alerts is important so that institutional resources are focused on the
highest area of risk. Not every
customer at your institution is engaged in nefarious activity. In fact, the vast majority are good
people who are simply conducting banking activity. Much like the boy who cried “wolf” in
the children’s fairy tale, there can be a such thing as too many BSA/AML warnings. The expectation of regulators is that
you will adjust your monitoring to create warnings for activity that is
truly suspicious or out of the pattern of normal activity. This is at the heart of the
requirement that financial institutions perform model validation on a
regular basis.[1] There should be a formal and well
established method for reviewing alerts and resolving them in a timely and
comprehensive manner.
- SAR Decision Making: There has to be a clear process for
making SAR decisions and there also has to be an ultimate decision maker
for whether or not the SAR will be filed.
The individual decision about whether or not to file a SAR rests
with the financial institution.
The FFIEC BSA Manual makes this clear
- In
those instances where the bank has an established SAR decision-making
process, has followed existing policies, procedures, and processes, and
has determined not to file a SAR, the bank should not be criticized for
the failure to file a SAR unless the failure is significant or
accompanied by evidence of bad faith.
- SAR completion and filing: there should be a clearly defined
process for who performs the research necessary to complete the SAR in a
timely and complete manner. The SAR
narrative should tell the story in that it should clearly identify the who, what, where, when and why the activity is considered
suspicious. The SAR should be filed
within 30 days of the time the activity is determined to be suspicious.
- Monitoring and SAR filing on
continuing activity: Once the
SAR is filed, there should be a process in place to continue to monitor
the customer to determine if additional suspicious activity is
continuing. At the conclusion of
90 days of monitoring, there should be a follow-up SAR that tells “the
rest of the story”. Was the
activity repeated, or was it just a bump in the road? [2]
The Decision
So you have your system in place. Your staff is well trained to look for
unusual activity and your software is monitoring for suspicious behavior. The questions still remains, just what
exactly is suspicious? Unfortunately,
there simply is no one right or wrong answer to that question. Suspicious is in the eye of the
beholder. This is why the “know your
customer” component is critical to a strong BSA compliance program. The more that you know about your customer
and what they are doing, the more obvious suspicious activity becomes.
As a best practice, if there aren’t several members of your
institutions staff that fully understand the business model of a client, it is
a bad idea to continue the relationship.
Regulators expect that financial institutions have the ability to know
the source of funds, the customer base, and the typical transaction flow of the
peers of your customer. For example,
suppose you have a customer who sells fresh flowers. The expectation would be that staff members
at your institution understand how a fresh flower stand works, what typical
receipts there might be, who the customers of the stand are and how
transactions are conducted. Does the
customer sell for cash only? Why? What level of cash is normal for a flower
stand? Is it likely that a flower stand
would send or receive wires? The point
is that that the more that is known about the business, then the more likely
that unusual activity can be determined.
In addition to knowing the business, the institution must
have the means to monitor activity in a transparent manner. Through a combination of software, direct
conversations and onsite visitations with the client, the institution should
maintain a clear picture of normal transaction activity.
In the event that a transaction seems unusual, there is
absolutely nothing wrong with asking the customer directly. In many, if not most cases, there is a
completely acceptable explanation. Most
customer will have no trouble with providing documentation to support their
activities. Small business owners are
generally proud of their accomplishments and don’t mind discussing a large sale
or adding a new client. Of course, when
a client is unwilling or unable to provide an explanation and present
documentation, there may be trouble. The
decision to file or not to file is one that your institution must be able to
live with and defend through documentation.
Defensive SARs-
Don’t do it!
In many cases banks don’t truly know or believe that
activity is suspicious, but file a SAR “defensively”. The idea here is that we can tell whether or
not the activity is unusual or simply don’t have the time to do the necessary
research to make a determination, so filing a SAR is seen as a temporary fix. However, defensive SARs are a sign of
weakness or deficiencies in a BSA compliance program. If there is not sufficient time, or a
complete understanding of the business model of the client to properly monitor
and research the activity of a customer, as a best practice, the customer
should be considered for de-risking (account closure). Simply filing SARs defensively is staving off
the inevitable.
There Comes a Time
After a SAR has been filed for the first time on a customer,
as a best practice, it is worth considering how the filing might change the
relationship between the institution and the customer. If the possibility exists that there is
activity that may be considered suspicious or unusual on an ongoing basis there
are really only two clear choices. The
first is to study the business plan of the customer and to gather sufficient
information to document that the activity is normal and customary. The concept of suspicious activity is one of
context. That is, if we return to the
flower shop example above, does it make sense that wires might be going to an
obscure bank in Europe? It does indeed
if you find out that there is a rare flower that exists in that part of the
world and the flower shop has made a marketing point of being able to deliver
the rare flower in your area. Moreover,
if the flower shop owner is able to show shipping details of the flower,
insurance bills, bills of lading or other similar documents that prove the
shipment of flowers, then the wires are ordinary and customary.
The other option is to consider the account for
de-risking. Many institutions let ego,
or the pursuit of fee income get in the way of safe and sound operating. When a customers’ operations are way ahead of
the capabilities and resources of the institution, it is time, as Kenny Rodgers
would say, to know when to walk away and know when to run.
No comments:
Post a Comment