Who doesn’t like to hear a good story? Although the reporting of a Suspicious Activity Report (SAR) is confidential, sharing the suspicious nature of the story is not. In fact, I recommend sharing those stories for two reasons.
- The Entertainment Factor. Let’s be honest, some areas of banking and regulation are not interesting. But when you tell your frontline employees that someone claiming to be your customer emailed to request a $100,000 wire to a foreign country — that will get everyone’s attention!
- Educating Employees. Sharing stories helps to inform applicable employees about suspicious activity to look out for. The overall requirement for filing a SAR has not changed, but the scams fraudsters are getting away with have changed. With that in mind, I will share considerations and recommendations for reporting suspicious activity in this article.
Encourage Internal Reporting
First, consider the effectiveness of internal reporting to identify suspicious activity. Overall, identifying potential suspicious activity can come in from alerts based on your automated system, reviewing reports or through internal reporting from employees within your institution.
Consider the methods available for employees to report suspicious activity to your BSA Officer or BSA department. Do you have an internal online reporting system or a certain form employees are encouraged to complete? Alternatively, perhaps employees are encouraged to send you an email or walk over to the BSA Officer’s desk. Regardless of the preferred method, be sure all employees within your institution know exactly how to report suspicious activity and to whom they should report it. During training sessions, encourage all employees to report suspicious activity, even if they don’t have all the facts or are unsure if it is “reportable.”
Conduct and Document an Investigation
Next, conduct a thorough and well-documented investigation. Regardless of whether you have determined if a SAR should be filed, consider the importance of documenting the investigation as well as the format for documenting it. Do you have a checklist or cover sheet that indicates what was reviewed, a summary of the potential suspicious activity and a conclusion? If not, implement one within your investigation procedures.
The documentation of the investigation must include a clear and concise conclusion as to why you decided to file or not file. Also consider documenting the date when you made the decision to file or not file. Keep in mind that auditors and examiners will look for the date of your decision to verify that a SAR was filed timely. Your file should clearly state, “Date determined to file” or something similar. Having the examiner or auditor search for that date may prompt confusion as to whether a SAR was filed timely.
Speaking of filing timely, be sure to follow all SAR filing timelines. This includes an initial SAR filing and SARs filed for continuing activity. What are the timeline requirements for filing a SAR? You must file an initial SAR within 30 calendar days of your determination that a SAR should be filed. However, the deadline is extended to 60 calendar days when a suspect has not been identified. You must file a SAR on continuing activity within a 120-day deadline from the date the previous related SAR was filed.
As mentioned earlier, all employees must know where and when to report suspicious activity. They also need to know what to look for, and a good way to give them this knowledge is through training. Consider tailoring the training to relate to the employee’s job duties. For example, lenders and tellers should be on the lookout for different types of potential suspicious activity. Training a lender on structuring or cash activity won’t be as relevant as it would be for a teller who is processing cash transactions. Utilize the red flags listed within the FFIEC BSA/AML Exam Manual as training material but also share real life stories. Inform employees about the suspicious activity occurring around them as it relates to their job.
Activity in Your Market
While the BSA Officer is training employees on suspicious activity to consider within the institution, he or she will also want to consider what is happening within the institution’s market area. Knowing about a pattern of activity to look for or a new scam fraudsters are attempting at other institutions may prevent a loss at your institution.
Consider joining a network of BSA Officers within your market area to share suspicious activity stories. In addition, you can review the activity of SARs filed within your state or metropolitan area to determine what other institutions are reporting. FinCEN provides anyone the ability to download information on SARs filed by month, state, city and reason. This may be helpful to better understand the suspicious activity being reported within your market.
Filing the Report
Lastly, if you have determined that a SAR is required, you must file the Suspicious Activity Report (SAR) electronically with FinCEN. Consider utilizing FinCEN’s Suspicious Activity Report Electronic Filing Requirements and FinCEN SAR FAQs when filing the report. In addition, be aware of the changes made to the SAR form in June 2018. If you are a Temenos Compliance Advisory Services customer, consider reaching out to us for guidance if you are unsure about how to complete the form.
Now that I have shared considerations for SAR reporting, consider joining our Temenos Talks webinar on Thursday September 26 at 2:00pm EST. We will be discussing the latest updates, trends and advisories on BSA.