SAR Means Suspicious Activity Report

SAR is a very important regulatory tool, and a financial institution that ignores it ignores it with great peril. The Report is filed with FinCEN, but nearly ever other regulatory body has a link to FinCEN regarding SAR’s. The OCC, the IRS, even the Department of Homeland Security has a link to FinCEN regarding SAR’s. Here’s an example of the form:
FinCEN Form 109

This form is three pages long and this attachment comes with three pages of instructions. The instructions are written so that even a lay-person without a legal or compliance background should be able to fill it out. A small financial institution may not have a dedicated compliance officer, so, it is very important to understand that there is a 30-day deadline from the moment of the suspicious activity.
The consequences could be detrimental to your business. Your business or you specifically could be charged with enabling, abetting or in any other way aiding terrorist or other money laundering activity.

Generally, this is not an issue that should require a legal counsel. FinCEN is out to enforce the law, not to prosecute it. Its goal is to catch bad guys and if you are helping them, they are likely to look at your favorably. However, should you run out of time before you can determine whether you need to file a report or not, or you are made aware of the activity after the deadline, filing the form late is better than not filing at all. Explaining the reasons for delay is acceptable.
Should you find that your business is starting to attract suspicious activities more frequently than desired, connecting with lawyers who specialize in compliance for counsel will be a very important investment in mitigating this particular risk.

Ultimately, it is in the interest of the business to file a SAR with FinCEN rather than not file.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Enhancing the Elements of Your Risk Assessment Methodology

On Monday, January 26, Associations of Certified Anti-Money Laundering Specialists (hereon ACAMS) held its Third Annual AML Risk Management Conference at The Conrad Hotel in downtown New York. Over the course of this week, summaries and takeaways from the key notes and panel discussions will be shared in this blog.

  • Vasilios Chrisos, Moderator, Principal, Fraud Investigation and Dispute Services,  Ernst & Young
  • Richard Small, CAMS, Senior Vice President, Enterprise-Wide AML, Anti-Corruption and International Regulatory Compliance, American Express | Chair, ACAMS Advisory Board
  • Meg Zucker, Global AML Officer, Royal Bank of Canada Capital Markets

HeaderRisk Assessment is key to a successful Compliance Program. This panel discussion talks about the issues surrounding the development, implementation, execution, review and management of the various risk assessments necessary. Here are ten takeaways from this session:

  1. In large financial institutions, multiple risk assessment could be performed on clients for different lines of businesses. Good communication between the two risk assessment programs regarding the same client is key to reducing risk assessment friction, cost overruns, and addressing the uniqueness of each client.
  2. Number of Suspicious Activity Reports (SARs) is not a good measure of the need for additional elements in Risk Assessment because it is not an indicator. however, it might be one of the good places to start for developing the risk assessment when looking for issues.
  3. Lower level executives are still surprised by the requirement to attend compliance training for them, not just for their staff.
  4. Big firms are highly aware of the need for training and compliance since regulators are primarily focused on big firms. It is the medium size firms that might be lacking in Compliance awareness.
  5. Many regulators want to see Audit Reports and Risk Assessments as their starting point in an exam, review or an investigation.
  6. Dealing with businesses within a firm is harder than dealing with AML or Sanctions because businesses often are not as aware of regulatory risks as AML or Sanctions are.
  7. Geographic risks cannot be painted in broad strokes. An example: A client regulated in Hong  Kong is likely very low risk while client in Hong Kong but not regulated are likely very high risk.
  8. Technology is great for efficiency but not always good for developing methodology or for  troubleshooting risks, even for those who are technologically savvy.
  9. Cooperative environment is the best environment for getting cooperation in Risk Assessment, as with anything else. Cooperative environment should be the goal of the whole firm, not just with Compliance.
  10. Regulators are starting to pin down senior leaders to their risk appetite, asking for explicit declarations. Firms generally shy away from this as much as possible.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.
He tweets @MoneyCompliance