Following the ‘paper trail’ is a widely-held mantra in compliance, especially financial crime compliance. Post-9/11, effective compliance means relying increasingly upon monitoring and reporting. The passage of the USA PATRIOT Act in 2002 elevated the importance of compliance reporting, especially suspicious activity reports (SARs). Given that compliance is designed to prevent and detect potential breaches, suspicious activity reporting becomes an important tool in this effort. Filing of SARs provides data to financial institutions and law enforcement that is integral to identifying patterns of potential criminal behavior or facilitating investigations into possible wrongdoing.
To complete a SAR, data must be recorded not only about the transaction but also about the person attempting or completing the transaction. Even incomplete transactions can be reported as suspicious. A simple example would be a person who intends to purchase a monetary instrument at the local bank, such as a money order, but cancels the transaction after learning the denomination requested will require completing a currency transaction report (CTR). A reasonable interpretation of this behavior would be that the purchaser is attempting to avoid the reporting requirement. Thus, this may be viewed as a red flag and a SAR may be filed after further review. By contrast, if this transaction is completed and the purchaser balks at the need to provide documentation, an employee may reasonably conclude the purchaser’s reaction is suspicious. In this case, not only is a CTR required, but a SAR may also be necessary, given the purchaser’s reticence. In both simplistic examples, the key concept is how the transaction is perceived at the point of sale. What is ‘suspicious’ is, at times, a judgment call grounded in one’s experience and knowledge. As such, we may not always get it right.
Nevertheless, effective compliance rests upon ‘good faith efforts’ and ‘due diligence.’ To underscore the importance of employee vigilance during cash transactions, financial institutions and their employees are not legally liable for filing SARs. This federal protection is called safe harbor. Submission of SARS or any other compliance or fraud report is protected under safe harbor, as described in federal law 31 USC 5318 (g) (c). This protection encourages the flow of suspicious transaction data between financial institutions and law enforcement agencies, while protecting the sources of such information.
By: Sheryl Smikle, PhD